Security Testing is a type of Software Testing that uncovers vulnerabilities of the system and determines that the data and resources of the system are protected from possible intruders. It ensures that the software system and application are free from any threats or risks that can cause a loss. Security testing of any system is focuses on finding all possible loopholes and weaknesses of the system which might result into the loss of information or repute of the organization.
Goal of Security Testing:
The goal of security testing is to:
- To identify the threats in the system.
- To measure the potential vulnerabilities of the system.
- To help in detecting every possible security risks in the system.
- To help developers in fixing the security problems through coding.
Principle of Security Testing:
Below are the six basic principles of security testing:
Major Focus Areas in Security Testing:
- Network Security
- System Software Security
- Client-side Application Security
- Server-side Application Security
Types of Security Testing:
- Vulnerability Scanning:
Vulnerability scanning is performed with the help of automated software to scan a system to detect the known vulnerability patterns.
- Security Scanning:
Security scanning is the identification of network and system weaknesses. Later on it provides solutions for reducing these defects or risks. Security scanning can be carried out in both manual and automated way.
- Penetration Testing:
Penetration testing is the simulation of the attack from a malicious hacker. It includes analysis of a particular system to examine for potential vulnerabilities from a malicious hacker that attempts to hack the system.
- Risk Assessment:
In risk assessment testing security risks observed in the organization are analysed. Risks are classified into three categories i.e. low, medium and high. This testing endorses controls and measures to minimize the risk.
- Security Auditing:
Security auditing is an internal inspection of applications and operating systems for security defects. An audit can also be carried out via line by line checking of code.
- Ethical Hacking:
Ethical hacking is different from malicious hacking. The purpose of ethical hacking is to expose security flaws in the organization system.
- Posture Assessment:
It combines security scanning, ethical hacking and risk assessments to provide an overall security posture of an organization.
Don’t stop now and take your learning to the next level. Learn all the important concepts of Data Structures and Algorithms with the help of the most trusted course: DSA Self Paced. Become industry ready at a student-friendly price.
- Software Engineering | Differences between Sanity Testing and Smoke Testing
- Load Testing Basics, Tools & Practices in Software Testing
- Software Engineering | Comparison between Regression Testing and Re-Testing
- Difference between Software Testing and Embedded Testing
- Basis Path Testing in Software Testing
- Object Oriented Testing in Software Testing
- Software Testing | Fuzz Testing
- Software Testing | Load Testing
- Software Testing | Static Testing
- Software Testing | Mutation Testing
- Software Testing | Stability Testing
- Acceptance Testing | Software Testing
- Gray Box Testing | Software Testing
- Sanity Testing | Software Testing
- Software Testing | Functional Testing
- Software Testing | Manual Testing
- Software Testing | Use Case Testing
- Software Testing | Configuration Testing
- Software Testing | Scenario Testing
- Software Testing | Reliability Testing