SlideShare a Scribd company logo

Security Testing

B
BOSS Webtech

Security Testing is a process to determine how well a system protects against unauthorized internal or external access or wilful damage. It is performed to check whether there is any information leakage in the sense by encrypting the application or using wide range of software etc..

Technology
1 of 14
S ECURITY T ESTING FOR W EB AND M OBILE D EVELOPMENT Prepared by: Jyothi Venugopalan (QA Team Member) BOSS Webtech Private Limited www.bosswebtech.com
S ECURITY T ESTING  The security testing is performed to check whether there is any information leakage in the sense by encrypting the application.  Security testing is a process to determine that an information system protects data and maintains functionality as intended.
S ECURITY T ESTING  The six basic security concepts:  Authentication - It allows a receiver to have confidence that information it receives originated from a specific known source.  Authorization - Determining that a requester is allowed to receive a service or perform an operation.  Confidentiality - A security measure which protects the disclosure of data or information to parties other than the intended.  Integrity – Whether the intended receiver receives the information or data which is not altered in transmission.  Non-repudiation - Interchange of authentication information with some form of provable time stamp e.g. with session id etc.  Availability - Assuring information and communications services will be ready for use when expected.
N EED OF S ECURITY T ESTING  Security test helps in finding out loopholes that can cause loss of important information and allow any intruder enter into the systems.  Security Testing helps in improving the current system.  Ensures that the system will work for longer time.  Ensures that people in your organization understand and obey security policies.
D IFFERENT T YPES OF S ECURITY T ESTING  Security Auditing: Security Auditing includes direct inspection of the application developed and Operating Systems. This also involves code walk-through.  Security Scanning: It is all about scanning and verification of the system and applications.  Vulnerability Scanning: Vulnerability scanning involves scanning of the application for all known vulnerabilities.  Risk Assessment: Risk assessment is a method of analyzing and deciding the risk that depends upon the type of loss and the possibility of loss occurrence.  Penetration Testing: In this type of testing, a tester tries to forcibly access and enter the application under test.  Ethical Hacking: It’s a forced intrusion of an external element into the system & applications that are under Security Testing.
S ECURITY T HREATS FOR W EBSITE  SQL Injection - Insertion of the SQL query into the web application which can directly interact with the backend database on server to reveal information stored in it.  Cross Site Scripting- Insertion of the scripting code into client browser. So when client send data to server database, scripting code on client side get stored into the server database.
S ECURITY T HREATS FOR W EBSITE
S ECURITY T ESTING A PPROACH FOR W EBSITE  Password cracking: In order to log in to the private areas of the application, one can either guess a username/ password or use some password cracker tool for the same.  URL manipulation through HTTP GET methods: The tester should check if the application passes important information in the querystring.  SQL Injection: Entering a single quote (‘) in any textbox should be rejected by the application.  Cross Site Scripting (XSS): Any HTML e.g. <HTML> or any script e.g. <SCRIPT> should not be accepted by the application.
S ECURITY T HREATS FOR M OBILE A PPLICATION  Mobile malware and viruses: A mobile virus is an electronic virus that targets mobile phones or wireless- enabled PDAs.  Eavesdropping: Eavesdropping is the unauthorized real-time interception of a private communication, such as a phone call, instant message etc.  Unauthorized access: careful attention needs to be paid to AAA – authentication, authorization, and accounting.  Physical security: While many notebook computers are indeed lost or stolen every year, it's a lot easier to simply misplace a mobile device.
S ECURITY T ESTING A PPROACH FOR M OBILE A PPLICATION  Authentication checks  Input Validation checks  Session Management checks  Encryption checks  Application checks  SQL injection checks  LDAP injection checks  XPATH injection checks
S ECURITY T ESTING TOOLS  Netsparker Community Edition  Websecurify  Wapiti  N-Stalker  skipfish  Scrawler  Watcher  x5s  Exploit-Me  WebScarab
S UMMARY  No Website is 100% Secure. Prevention is the better way to secure the website.  Security Vulnerability arise on different ways which up on risks.  The Critical risk is attacking the website and stealing the data.
A BOUT BOSS W EBTECH  BOSS Webtech is a process oriented design house specializing in web design, web development, backend web programming, mobile application development and other web and mobile related design and support services.  Recently launched BizPlus – Mobile based survey software. Check it more here http://bizplusonline.com/  More products here http://www.bosswebtech.com/products/products.html CONTACT BOSS WEBTECH  Call 831-998-9121 at US EST/CST/MST/PST Zone or email info@bosswebtech.com

Recommended

What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Generic threats to mobile application
Generic threats to mobile applicationGeneric threats to mobile application
Generic threats to mobile applicationVikrant Kansal
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approachIdexcel Technologies
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level AttacksEC-Council
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurancebdemchak
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testingsrivinayak
 

Recommended

What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Generic threats to mobile application
Generic threats to mobile applicationGeneric threats to mobile application
Generic threats to mobile applicationVikrant Kansal
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approachIdexcel Technologies
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level AttacksEC-Council
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurancebdemchak
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testingsrivinayak
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A FootholdClaranet UK
 
BAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise AssessmentBAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise AssessmentPrahlad Reddy
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Sirius
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor AuthenticationNikhil Shaw
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingSoftware Guru
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Security-testing presentation
Security-testing presentationSecurity-testing presentation
Security-testing presentationEzhilan Elangovan (Eril)
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Prathan Phongthiproek
 
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...Edureka!
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET Journal
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...United Security Providers AG
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsTechWell
 
Ethical Hacking Services
Ethical Hacking ServicesEthical Hacking Services
Ethical Hacking ServicesVirtue Security
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
The Ultimate Security Checklist Before Launching Your Android App
The Ultimate Security Checklist Before Launching Your Android AppThe Ultimate Security Checklist Before Launching Your Android App
The Ultimate Security Checklist Before Launching Your Android AppAppknox
 
1. penetration-testing-cyber51
1. penetration-testing-cyber511. penetration-testing-cyber51
1. penetration-testing-cyber51Doree Garcia, CCNA, OSWP
 
An Naba
An NabaAn Naba
An NabaIlham Muttaqien
 
Persatuan islam
Persatuan islamPersatuan islam
Persatuan islamIlham Muttaqien
 

More Related Content

What's hot

Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A FootholdClaranet UK
 
BAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise AssessmentBAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise AssessmentPrahlad Reddy
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Sirius
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor AuthenticationNikhil Shaw
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingSoftware Guru
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Prathan Phongthiproek
 
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...Edureka!
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET Journal
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...United Security Providers AG
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsTechWell
 
Ethical Hacking Services
Ethical Hacking ServicesEthical Hacking Services
Ethical Hacking ServicesVirtue Security
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
The Ultimate Security Checklist Before Launching Your Android App
The Ultimate Security Checklist Before Launching Your Android AppThe Ultimate Security Checklist Before Launching Your Android App
The Ultimate Security Checklist Before Launching Your Android AppAppknox
 

What's hot (20)

Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen?
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A Foothold
 
BAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise AssessmentBAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise Assessment
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor Authentication
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Security-testing presentation
Security-testing presentationSecurity-testing presentation
Security-testing presentation
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20
 
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor Authentication
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authentication
 
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
 
Ethical Hacking Services
Ethical Hacking ServicesEthical Hacking Services
Ethical Hacking Services
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
 
The Ultimate Security Checklist Before Launching Your Android App
The Ultimate Security Checklist Before Launching Your Android AppThe Ultimate Security Checklist Before Launching Your Android App
The Ultimate Security Checklist Before Launching Your Android App
 
1. penetration-testing-cyber51
1. penetration-testing-cyber511. penetration-testing-cyber51
1. penetration-testing-cyber51
 

Viewers also liked

Ericsson ConsumerLab: Privacy, security and safety online
Ericsson ConsumerLab: Privacy, security and safety onlineEricsson ConsumerLab: Privacy, security and safety online
Ericsson ConsumerLab: Privacy, security and safety onlineEricsson
 
JavaScript Object Notation (JSON)
JavaScript Object Notation (JSON)JavaScript Object Notation (JSON)
JavaScript Object Notation (JSON)BOSS Webtech
 
Archaebacteria dan eubacteria
Archaebacteria dan eubacteriaArchaebacteria dan eubacteria
Archaebacteria dan eubacteriaLusi Padma
 
ALMOUNKEZ Diwani , Manage your documents with ease
ALMOUNKEZ Diwani , Manage your documents with easeALMOUNKEZ Diwani , Manage your documents with ease
ALMOUNKEZ Diwani , Manage your documents with easeKamal Al Mounajed
 
Innovative systems icdl lesson 01 arabic
Innovative systems icdl lesson 01 arabicInnovative systems icdl lesson 01 arabic
Innovative systems icdl lesson 01 arabicKamal Al Mounajed
 
Innovative systems icdl lesson 02 arabic
Innovative systems icdl lesson 02 arabicInnovative systems icdl lesson 02 arabic
Innovative systems icdl lesson 02 arabicKamal Al Mounajed
 
نظام المنقذ لتقييم الموظفين من انتاج شركة الانظمة المتجددة
نظام المنقذ لتقييم الموظفين من انتاج شركة الانظمة المتجددةنظام المنقذ لتقييم الموظفين من انتاج شركة الانظمة المتجددة
نظام المنقذ لتقييم الموظفين من انتاج شركة الانظمة المتجددةKamal Al Mounajed
 
Online Safety and Security
Online Safety and Security Online Safety and Security
Online Safety and Security Arah Louise
 
Online Ethics and Etiquette
Online Ethics and Etiquette Online Ethics and Etiquette
Online Ethics and Etiquette JessamenTino21
 
XML Document Object Model (DOM)
XML Document Object Model (DOM)XML Document Object Model (DOM)
XML Document Object Model (DOM)BOSS Webtech
 

Viewers also liked (20)

An Naba
An NabaAn Naba
An Naba
 
Persatuan islam
Persatuan islamPersatuan islam
Persatuan islam
 
Ericsson ConsumerLab: Privacy, security and safety online
Ericsson ConsumerLab: Privacy, security and safety onlineEricsson ConsumerLab: Privacy, security and safety online
Ericsson ConsumerLab: Privacy, security and safety online
 
An Nazi'at
An Nazi'atAn Nazi'at
An Nazi'at
 
Akhlaq
AkhlaqAkhlaq
Akhlaq
 
JavaScript Object Notation (JSON)
JavaScript Object Notation (JSON)JavaScript Object Notation (JSON)
JavaScript Object Notation (JSON)
 
Abasa
AbasaAbasa
Abasa
 
Tari 2
Tari 2Tari 2
Tari 2
 
Archaebacteria dan eubacteria
Archaebacteria dan eubacteriaArchaebacteria dan eubacteria
Archaebacteria dan eubacteria
 
ALMOUNKEZ Diwani , Manage your documents with ease
ALMOUNKEZ Diwani , Manage your documents with easeALMOUNKEZ Diwani , Manage your documents with ease
ALMOUNKEZ Diwani , Manage your documents with ease
 
Ikatan phi
Ikatan phiIkatan phi
Ikatan phi
 
Innovative systems icdl lesson 01 arabic
Innovative systems icdl lesson 01 arabicInnovative systems icdl lesson 01 arabic
Innovative systems icdl lesson 01 arabic
 
Innosys2105
Innosys2105Innosys2105
Innosys2105
 
Innovative systems icdl lesson 02 arabic
Innovative systems icdl lesson 02 arabicInnovative systems icdl lesson 02 arabic
Innovative systems icdl lesson 02 arabic
 
arabic icdl unit 1
arabic icdl unit 1arabic icdl unit 1
arabic icdl unit 1
 
نظام المنقذ لتقييم الموظفين من انتاج شركة الانظمة المتجددة
نظام المنقذ لتقييم الموظفين من انتاج شركة الانظمة المتجددةنظام المنقذ لتقييم الموظفين من انتاج شركة الانظمة المتجددة
نظام المنقذ لتقييم الموظفين من انتاج شركة الانظمة المتجددة
 
Online Safety and Security
Online Safety and Security Online Safety and Security
Online Safety and Security
 
Cluster Computing
Cluster ComputingCluster Computing
Cluster Computing
 
Online Ethics and Etiquette
Online Ethics and Etiquette Online Ethics and Etiquette
Online Ethics and Etiquette
 
XML Document Object Model (DOM)
XML Document Object Model (DOM)XML Document Object Model (DOM)
XML Document Object Model (DOM)
 

Similar to Security Testing

Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 
Best Security Practices for Web Application Development.pdf
Best Security Practices for Web Application Development.pdfBest Security Practices for Web Application Development.pdf
Best Security Practices for Web Application Development.pdfDigital Auxilio Technologies
 
Domain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxDomain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxInfosectrain3
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfAmeliaJonas2
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...Alisha Henderson
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martindrewz lin
 
Security Testing
Security TestingSecurity Testing
Security TestingISsoft
 
Exploring the Seven Key Attributes of Security Testing.pdf
Exploring the Seven Key Attributes of Security Testing.pdfExploring the Seven Key Attributes of Security Testing.pdf
Exploring the Seven Key Attributes of Security Testing.pdfAmeliaJonas2
 
Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxAccess Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxdaniahendric
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxAfour tech
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxAardwolf Security
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With ExamplesAlwin Thayyil
 

Similar to Security Testing (20)

Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
 
Best Security Practices for Web Application Development.pdf
Best Security Practices for Web Application Development.pdfBest Security Practices for Web Application Development.pdf
Best Security Practices for Web Application Development.pdf
 
Domain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxDomain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptx
 
Module 6.pdf
Module 6.pdfModule 6.pdf
Module 6.pdf
 
Module 6.Security in Evolving Technology
Module 6.Security in Evolving TechnologyModule 6.Security in Evolving Technology
Module 6.Security in Evolving Technology
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdf
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...
 
AW-Infs201101067.pptx
AW-Infs201101067.pptxAW-Infs201101067.pptx
AW-Infs201101067.pptx
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
 
C01461422
C01461422C01461422
C01461422
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Exploring the Seven Key Attributes of Security Testing.pdf
Exploring the Seven Key Attributes of Security Testing.pdfExploring the Seven Key Attributes of Security Testing.pdf
Exploring the Seven Key Attributes of Security Testing.pdf
 
Owasp Top 10-2013
Owasp Top 10-2013Owasp Top 10-2013
Owasp Top 10-2013
 
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Mobile Apps Security Testing -1
Mobile Apps Security Testing -1
 
Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxAccess Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docx
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docx
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docx
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
 

Recently uploaded

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 

Recently uploaded (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 

Security Testing

  • 1. S ECURITY T ESTING FOR W EB AND M OBILE D EVELOPMENT Prepared by: Jyothi Venugopalan (QA Team Member) BOSS Webtech Private Limited www.bosswebtech.com
  • 2. S ECURITY T ESTING  The security testing is performed to check whether there is any information leakage in the sense by encrypting the application.  Security testing is a process to determine that an information system protects data and maintains functionality as intended.
  • 3. S ECURITY T ESTING  The six basic security concepts:  Authentication - It allows a receiver to have confidence that information it receives originated from a specific known source.  Authorization - Determining that a requester is allowed to receive a service or perform an operation.  Confidentiality - A security measure which protects the disclosure of data or information to parties other than the intended.  Integrity – Whether the intended receiver receives the information or data which is not altered in transmission.  Non-repudiation - Interchange of authentication information with some form of provable time stamp e.g. with session id etc.  Availability - Assuring information and communications services will be ready for use when expected.
  • 4. N EED OF S ECURITY T ESTING  Security test helps in finding out loopholes that can cause loss of important information and allow any intruder enter into the systems.  Security Testing helps in improving the current system.  Ensures that the system will work for longer time.  Ensures that people in your organization understand and obey security policies.
  • 5. D IFFERENT T YPES OF S ECURITY T ESTING  Security Auditing: Security Auditing includes direct inspection of the application developed and Operating Systems. This also involves code walk-through.  Security Scanning: It is all about scanning and verification of the system and applications.  Vulnerability Scanning: Vulnerability scanning involves scanning of the application for all known vulnerabilities.  Risk Assessment: Risk assessment is a method of analyzing and deciding the risk that depends upon the type of loss and the possibility of loss occurrence.  Penetration Testing: In this type of testing, a tester tries to forcibly access and enter the application under test.  Ethical Hacking: It’s a forced intrusion of an external element into the system & applications that are under Security Testing.
  • 6. S ECURITY T HREATS FOR W EBSITE  SQL Injection - Insertion of the SQL query into the web application which can directly interact with the backend database on server to reveal information stored in it.  Cross Site Scripting- Insertion of the scripting code into client browser. So when client send data to server database, scripting code on client side get stored into the server database.
  • 7. S ECURITY T HREATS FOR W EBSITE
  • 8. S ECURITY T ESTING A PPROACH FOR W EBSITE  Password cracking: In order to log in to the private areas of the application, one can either guess a username/ password or use some password cracker tool for the same.  URL manipulation through HTTP GET methods: The tester should check if the application passes important information in the querystring.  SQL Injection: Entering a single quote (‘) in any textbox should be rejected by the application.  Cross Site Scripting (XSS): Any HTML e.g. <HTML> or any script e.g. <SCRIPT> should not be accepted by the application.
  • 9. S ECURITY T HREATS FOR M OBILE A PPLICATION  Mobile malware and viruses: A mobile virus is an electronic virus that targets mobile phones or wireless- enabled PDAs.  Eavesdropping: Eavesdropping is the unauthorized real-time interception of a private communication, such as a phone call, instant message etc.  Unauthorized access: careful attention needs to be paid to AAA – authentication, authorization, and accounting.  Physical security: While many notebook computers are indeed lost or stolen every year, it's a lot easier to simply misplace a mobile device.
  • 10. S ECURITY T ESTING A PPROACH FOR M OBILE A PPLICATION  Authentication checks  Input Validation checks  Session Management checks  Encryption checks  Application checks  SQL injection checks  LDAP injection checks  XPATH injection checks
  • 11. S ECURITY T ESTING TOOLS  Netsparker Community Edition  Websecurify  Wapiti  N-Stalker  skipfish  Scrawler  Watcher  x5s  Exploit-Me  WebScarab
  • 12. S UMMARY  No Website is 100% Secure. Prevention is the better way to secure the website.  Security Vulnerability arise on different ways which up on risks.  The Critical risk is attacking the website and stealing the data.
  • 13.
  • 14. A BOUT BOSS W EBTECH  BOSS Webtech is a process oriented design house specializing in web design, web development, backend web programming, mobile application development and other web and mobile related design and support services.  Recently launched BizPlus – Mobile based survey software. Check it more here http://bizplusonline.com/  More products here http://www.bosswebtech.com/products/products.html CONTACT BOSS WEBTECH  Call 831-998-9121 at US EST/CST/MST/PST Zone or email info@bosswebtech.com