What is Security testing?
Security testing is a process to determine that an information system protects data and maintains functionality as intended. It is the process that determines that confidential data stays confidential and users can perform only those tasks that they are authorized to perform. Security testing covers confidentiality, integrity, authentication, availability, authorization and non-repudiation.
Confidentiality – A security measure which protects against the disclosure of information to parties other than the intended recipient that is by no means the only way of ensuring the security.
Integrity- A measure intended to allow the receiver to determine that the information which it is providing is correct. Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but they usually involve adding additional information to a communication to form the basis of an algorithmic check rather than the encoding all of the communication.
Authentication-This might involve confirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what its packaging and labeling claims to be, or assuring that a computer program is a trusted one.
Authorization- The process of determining that a requester is allowed to receive a service or perform an operation.
Access control is an example of authorization…….
Availability-Assuring information and communications services will be ready for use when expected. Information must be kept available to authorized persons when they need it.
Non-repudiation- In reference to digital security, nonrepudiation means to ensure that a transferred message has been sent and received by the parties claiming to have sent and received the message. Nonrepudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.
Given enough time and resources, good security testing will ultimately penetrate a system.
There are some questions that need to be answered before diving deep into security testing. These are as follows:
What is “Vulnerability”?
What is “URL manipulation”?
What is “SQL injection”?
What is “XSS (Cross Site Scripting)”?
What is “Spoofing”?