Security Testing

-
Security testing is a process that is performed with the intention of revealing flaws in security mechanisms and finding the vulnerabilities or weaknesses of software applications. The prime objective of security testing is to find out how vulnerable a system may be and to determine whether its data and resources are protected from potential intruders. Online transactions have increased rapidly of late making security testing as one of the most critical areas of testing for such web applications. Security testing is more effective in identifying potential vulnerabilities when performed regularly.  

 Normally, security testing has the following attributes:  
● Authentication 
● Authorization 
● Confidentiality 
● Availability 
● Integrity 
● Non-repudiation 
● Resilience  
Why is Security Testing Important?  
A comprehensive security testing framework deals with validation across all layers of an application. Starting with analysis and evaluation of the security of the infrastructure of the application, it moves further covering the network, database and application exposure layers. Security testing in the current scenario is a must to identify and address web application security vulnerabilities to avoid any of the following:  
● Loss of customer trust. 
● Disturbance to your online means of revenue generation/collection. 
● Website downtime, time loss and expenditures in recovering from damage (reinstalling services, restoring backups, etc.) 
● The cost associated with securing web applications against future attacks. 
● Related legal implications and fees for having lax security measures in place. 

Comments

Post a Comment

Popular posts from this blog

Implicit and Explicit requirements

-
Implicit and Explicit requirements Explicit Requirements​ :    ● The Things business analyst Wrote Down.  ● These are the requirements explicitly stated or mentioned by the customer.  ● Explicit requirements are most commonly found in documents communicated by stakeholders to the development team.   ● This is the simplest type and the easiest to test.  ● The development team might take the form of an elaborate design specification, a set of acceptance criteria.  ● Explicit requirements in the form of claims that is, communications to end-users about things the software can do.   Implicit Requirements​ :  ● The Things client Will Expect  ● These are the requirements that are not explicitly stated by the customer, but implied or derived from the requirement stated by the customer.  ● These are all the things that users are going to expect that were not captured explicitly.  ● Examples include performance...
Read more

Software Configuration Management (SCM)

-
Software configuration management (SC) is a software engineering discipline consisting of standard processes and techniques often used by organizations to manage the changes introduced to its software products. SC helps in identifying individual elements and configurations tracing changes and version selection control and baselining.   SC is also known as software control management. SC aims to control changes introduced to large complex software systems through reliable version selection and version control.   Software Configuration Management does​ ​   ● Introduction to Software Configuration management and Configuration management for software Testers.  ● Software configuration management (SC) is the discipline for systematically controlling the changes that tae place during Software evelopment.  ● Software development software consists of a collection of items (such as program documents etc..) that can easily be changed. uring software...
Read more

Identified for Configuration Management

-
The term configuration item (CI) refers to the fundamental structural unit of a configuration management system. Examples of CIs include individual requirements documents software models and plans. The configuration-management system oversees the life of the CIs through a combination of processes and tools by implementing and enabling the fundamental elements of identification change management status accounting and audits. This system aims to avoid the introduction of errors related to lack of testing as well as incompatibilities with other CIs.     Configuration Management Activities ​:     1. ​Configuration Item Identification ​:  ​In this phase, the item will be identified for making changes.  Example: ​Requirement document design document source code etc    2. ​Change Control ​: ​ Controlling the release and changes of the product throw out the software life cycle here CCB team will approve or disapprove changes prioritize the change...
Read more