Security Testing is a type of Software Testing that uncovers vulnerabilities of the system and determines that the data and resources of the system are protected from possible intruders. It ensures that the software system and application are free from any threats or risks that can cause a loss. Security testing of any system is focuses on finding all possible loopholes and weaknesses of the system which might result into the loss of information or repute of the organization.
Goal of Security Testing:
The goal of security testing is to:
- To identify the threats in the system.
- To measure the potential vulnerabilities of the system.
- To help in detecting every possible security risks in the system.
- To help developers in fixing the security problems through coding.
Principle of Security Testing:
Below are the six basic principles of security testing:
Major Focus Areas in Security Testing:
- Network Security
- System Software Security
- Client-side Application Security
- Server-side Application Security
Types of Security Testing:
- Vulnerability Scanning:
Vulnerability scanning is performed with the help of automated software to scan a system to detect the known vulnerability patterns.
- Security Scanning:
Security scanning is the identification of network and system weaknesses. Later on it provides solutions for reducing these defects or risks. Security scanning can be carried out in both manual and automated way.
- Penetration Testing:
Penetration testing is the simulation of the attack from a malicious hacker. It includes analysis of a particular system to examine for potential vulnerabilities from a malicious hacker that attempts to hack the system.
- Risk Assessment:
In risk assessment testing security risks observed in the organization are analysed. Risks are classified into three categories i.e. low, medium and high. This testing endorses controls and measures to minimize the risk.
- Security Auditing:
Security auditing is an internal inspection of applications and operating systems for security defects. An audit can also be carried out via line by line checking of code.
- Ethical Hacking:
Ethical hacking is different from malicious hacking. The purpose of ethical hacking is to expose security flaws in the organization system.
- Posture Assessment:
It combines security scanning, ethical hacking and risk assessments to provide an overall security posture of an organization.
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.