Security Testing is a type of Software Testing that uncovers vulnerabilities of the system and determines that the data and resources of the system are protected from possible intruders. It ensures that the software system and application are free from any threats or risks that can cause a loss. Security testing of any system is focuses on finding all possible loopholes and weaknesses of the system which might result into the loss of information or repute of the organization.
Goal of Security Testing:
The goal of security testing is to:
- To identify the threats in the system.
- To measure the potential vulnerabilities of the system.
- To help in detecting every possible security risks in the system.
- To help developers in fixing the security problems through coding.
Principle of Security Testing:
Below are the six basic principles of security testing:
Major Focus Areas in Security Testing:
- Network Security
- System Software Security
- Client-side Application Security
- Server-side Application Security
Types of Security Testing:
- Vulnerability Scanning:
Vulnerability scanning is performed with the help of automated software to scan a system to detect the known vulnerability patterns.
- Security Scanning:
Security scanning is the identification of network and system weaknesses. Later on it provides solutions for reducing these defects or risks. Security scanning can be carried out in both manual and automated way.
- Penetration Testing:
Penetration testing is the simulation of the attack from a malicious hacker. It includes analysis of a particular system to examine for potential vulnerabilities from a malicious hacker that attempts to hack the system.
- Risk Assessment:
In risk assessment testing security risks observed in the organization are analysed. Risks are classified into three categories i.e. low, medium and high. This testing endorses controls and measures to minimize the risk.
- Security Auditing:
Security auditing is an internal inspection of applications and operating systems for security defects. An audit can also be carried out via line by line checking of code.
- Ethical Hacking:
Ethical hacking is different from malicious hacking. The purpose of ethical hacking is to expose security flaws in the organization system.
- Posture Assessment:
It combines security scanning, ethical hacking and risk assessments to provide an overall security posture of an organization.
- Software Engineering | Differences between Sanity Testing and Smoke Testing
- Software Engineering | Comparison between Regression Testing and Re-Testing
- Difference between Software Testing and Embedded Testing
- Object Oriented Testing in Software Testing
- Software Testing | Non-functional Testing
- Software Testing | Fuzz Testing
- Acceptance Testing | Software Testing
- Smoke Testing | Software Testing
- Software Testing | Database Testing
- Software Testing | Manual Testing
- Software Testing | Spike Testing
- Performance Testing | Software Testing
- Software Testing | Penetration Testing
- Software Testing | Globalization Testing
- Software Testing | Scalability Testing
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.