SlideShare uma empresa Scribd logo

Testing software security

Transferir como PPT, PDF
Abdul Basit
Abdul Basit

Testing software security

EducaçãoTecnologia
1 de 7
Testing Software Security     A secure product is a product that protects the confidentiality, integrity, and availability of the customers' information, and the integrity and availability of processing resources, under control of the system's owner or administrator. A security vulnerability is a flaw in a product that makes it infeasible even when using the product properly to prevent an attacker. Hacker:One who uses programming skills to gain illegal access to a computer network or file. As a software tester it's important to understand why someone may want to break into your software. Understanding their intent will aid you in thinking about where the security vulnerabilities might be in the software you're testing.
Understanding the Motivation of Hacker  The five motives that a hacker might have to gain access to a system are – – – – – Challenge/Prestige: when someone breaks into a system purely for the challenge of the task and the prestige Curiosity: The hacker will peruse the system looking for something interesting Use/Leverage: Here the hacker will actually attempt to use the system for his own purpose. Defacing, Destruction, and Denial of Service: Defacing is changing the appearance of a website. Destruction takes the form of deleting or altering of data stored on the system. Denial of service is preventing or hindering the hacked system from performing its intended operation. Steal: intent is to find something of value that can be used or sold. Credit card numbers, personal information, goods and services, even login IDs and email addresses, all have value to the hacker.
Threat Modeling      To look for areas of the product's feature set to security vulnerabilities. Choose to make changes to the product. Spend more effort designing certain features, or concentrate testing on potential trouble spots. Ultimately it will result in a more secure product. Unless everyone on the product development team understands and agrees to the possible threats, your team will not be able to create a secure product.
Threat Modeling complex system requires comprehensive threat modeling to identify security vulnerabilities.
Steps of Threat Modeling Process  Assemble the threat modeling team  Identify the Assets.  Create an Architecture Overview  Decompose the Application.  Identify the Threats.  Document the Threats.  Rank the threats.
Testing for Security Bugs     Testing for security bugs is a test-to-fail activity. Tester won't necessarily be given a product specification that explicitly defines how software security is to be addressed. Nor will he be able to assume that the threat model is complete and accurate. Tester will need to put on "test-to-fail" hat and attack the software much like a hacker would assuming that every feature has a security vulnerability.
Testing for Security Bugs     Testing for security bugs is a test-to-fail activity. Tester won't necessarily be given a product specification that explicitly defines how software security is to be addressed. Nor will he be able to assume that the threat model is complete and accurate. Tester will need to put on "test-to-fail" hat and attack the software much like a hacker would assuming that every feature has a security vulnerability.

Recomendados

Testing fundamentals
Testing fundamentalsTesting fundamentals
Testing fundamentalsAbdul Basit
 
White box testing
White box testingWhite box testing
White box testingAbdul Basit
 
Software testing lecture 9
Software testing lecture 9Software testing lecture 9
Software testing lecture 9Abdul Basit
 
Static white box testing lecture 12
Static white box testing lecture 12Static white box testing lecture 12
Static white box testing lecture 12Abdul Basit
 
Taxonomy for bugs
Taxonomy for bugsTaxonomy for bugs
Taxonomy for bugsHarika Krupal
 
Stm unit1
Stm unit1Stm unit1
Stm unit1Chaitanya Kn
 
Tlc
TlcTlc
TlcDhanasekaran Nagarajan
 
Software Compatibility testing
Software Compatibility testingSoftware Compatibility testing
Software Compatibility testingAbdul Basit
 

Recomendados

Testing fundamentals
Testing fundamentalsTesting fundamentals
Testing fundamentalsAbdul Basit
 
White box testing
White box testingWhite box testing
White box testingAbdul Basit
 
Software testing lecture 9
Software testing lecture 9Software testing lecture 9
Software testing lecture 9Abdul Basit
 
Static white box testing lecture 12
Static white box testing lecture 12Static white box testing lecture 12
Static white box testing lecture 12Abdul Basit
 
Taxonomy for bugs
Taxonomy for bugsTaxonomy for bugs
Taxonomy for bugsHarika Krupal
 
Stm unit1
Stm unit1Stm unit1
Stm unit1Chaitanya Kn
 
Tlc
TlcTlc
TlcDhanasekaran Nagarajan
 
Software Compatibility testing
Software Compatibility testingSoftware Compatibility testing
Software Compatibility testingAbdul Basit
 
Chapter 16
Chapter 16Chapter 16
Chapter 16Benjamin Yu
 
Software Testing
Software Testing Software Testing
Software Testing Vignesh Suresh
 
Types of testing
Types of testingTypes of testing
Types of testingSonam Agarwal
 
Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...
Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...
Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...Ankit Prajapati
 
What is objectives of software testing
What is objectives of software testingWhat is objectives of software testing
What is objectives of software testingSoftware Testing Books
 
Importance of Software testing in SDLC and Agile
Importance of Software testing in SDLC and AgileImportance of Software testing in SDLC and Agile
Importance of Software testing in SDLC and AgileChandan Mishra
 
Software Testing without Requirements: Survival Guide
Software Testing without Requirements: Survival GuideSoftware Testing without Requirements: Survival Guide
Software Testing without Requirements: Survival GuideOleksandr Lutsaievskyi
 
Testing concepts ppt
Testing concepts pptTesting concepts ppt
Testing concepts pptRathna Priya
 
Black box testing lecture 11
Black box testing lecture 11Black box testing lecture 11
Black box testing lecture 11Abdul Basit
 
documentation-testing.ppt
documentation-testing.pptdocumentation-testing.ppt
documentation-testing.pptGaurav Nigam
 
Software Testing or Quality Assurance
Software Testing or Quality AssuranceSoftware Testing or Quality Assurance
Software Testing or Quality AssuranceTrimantra Software Solutions
 
Manual testing-training-institute-in-marathahalli
Manual testing-training-institute-in-marathahalliManual testing-training-institute-in-marathahalli
Manual testing-training-institute-in-marathahallisiyaram ray
 
unit testing and debugging
unit testing and debuggingunit testing and debugging
unit testing and debuggingKarthigaGunasekaran1
 
Manual testing concepts course 1
Manual testing concepts course 1Manual testing concepts course 1
Manual testing concepts course 1Raghu Kiran
 
Why test software
Why test softwareWhy test software
Why test softwareAbdul Basit
 
Software testing
Software testingSoftware testing
Software testingKalyan Vadapalli
 
Test Levels & Techniques
Test Levels & TechniquesTest Levels & Techniques
Test Levels & TechniquesDhanasekaran Nagarajan
 
Introduction to automation testing
Introduction to automation testingIntroduction to automation testing
Introduction to automation testingonewomanmore witl
 
stlc
stlcstlc
stlcnoman1413
 
Black Box Testing
Black Box TestingBlack Box Testing
Black Box TestingNivetha Padmanaban
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxAfour tech
 
smpef
smpefsmpef
smpefrsharmam
 

Mais conteúdo relacionado

Mais procurados

Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...
Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...
Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...Ankit Prajapati
 
What is objectives of software testing
What is objectives of software testingWhat is objectives of software testing
What is objectives of software testingSoftware Testing Books
 
Importance of Software testing in SDLC and Agile
Importance of Software testing in SDLC and AgileImportance of Software testing in SDLC and Agile
Importance of Software testing in SDLC and AgileChandan Mishra
 
Software Testing without Requirements: Survival Guide
Software Testing without Requirements: Survival GuideSoftware Testing without Requirements: Survival Guide
Software Testing without Requirements: Survival GuideOleksandr Lutsaievskyi
 
Testing concepts ppt
Testing concepts pptTesting concepts ppt
Testing concepts pptRathna Priya
 
Black box testing lecture 11
Black box testing lecture 11Black box testing lecture 11
Black box testing lecture 11Abdul Basit
 
documentation-testing.ppt
documentation-testing.pptdocumentation-testing.ppt
documentation-testing.pptGaurav Nigam
 
Manual testing-training-institute-in-marathahalli
Manual testing-training-institute-in-marathahalliManual testing-training-institute-in-marathahalli
Manual testing-training-institute-in-marathahallisiyaram ray
 
Manual testing concepts course 1
Manual testing concepts course 1Manual testing concepts course 1
Manual testing concepts course 1Raghu Kiran
 
Why test software
Why test softwareWhy test software
Why test softwareAbdul Basit
 
Introduction to automation testing
Introduction to automation testingIntroduction to automation testing
Introduction to automation testingonewomanmore witl
 

Mais procurados (20)

Chapter 16
Chapter 16Chapter 16
Chapter 16
 
Software Testing
Software Testing Software Testing
Software Testing
 
Types of testing
Types of testingTypes of testing
Types of testing
 
Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...
Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...
Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...
 
What is objectives of software testing
What is objectives of software testingWhat is objectives of software testing
What is objectives of software testing
 
Importance of Software testing in SDLC and Agile
Importance of Software testing in SDLC and AgileImportance of Software testing in SDLC and Agile
Importance of Software testing in SDLC and Agile
 
Software Testing without Requirements: Survival Guide
Software Testing without Requirements: Survival GuideSoftware Testing without Requirements: Survival Guide
Software Testing without Requirements: Survival Guide
 
Testing concepts ppt
Testing concepts pptTesting concepts ppt
Testing concepts ppt
 
Black box testing lecture 11
Black box testing lecture 11Black box testing lecture 11
Black box testing lecture 11
 
documentation-testing.ppt
documentation-testing.pptdocumentation-testing.ppt
documentation-testing.ppt
 
Software Testing or Quality Assurance
Software Testing or Quality AssuranceSoftware Testing or Quality Assurance
Software Testing or Quality Assurance
 
Manual testing-training-institute-in-marathahalli
Manual testing-training-institute-in-marathahalliManual testing-training-institute-in-marathahalli
Manual testing-training-institute-in-marathahalli
 
unit testing and debugging
unit testing and debuggingunit testing and debugging
unit testing and debugging
 
Manual testing concepts course 1
Manual testing concepts course 1Manual testing concepts course 1
Manual testing concepts course 1
 
Why test software
Why test softwareWhy test software
Why test software
 
Software testing
Software testingSoftware testing
Software testing
 
Test Levels & Techniques
Test Levels & TechniquesTest Levels & Techniques
Test Levels & Techniques
 
Introduction to automation testing
Introduction to automation testingIntroduction to automation testing
Introduction to automation testing
 
stlc
stlcstlc
stlc
 
Black Box Testing
Black Box TestingBlack Box Testing
Black Box Testing
 

Semelhante a Testing software security

Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxAfour tech
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfAmeliaJonas2
 
From Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products SecureFrom Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products SecureKaspersky
 
CMIT 321 EXECUTIVE PROPOSAL PROJECT
CMIT 321 EXECUTIVE PROPOSAL PROJECTCMIT 321 EXECUTIVE PROPOSAL PROJECT
CMIT 321 EXECUTIVE PROPOSAL PROJECTHamesKellor
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptxosandadeshan
 
Break it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareBreak it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareLeigh Honeywell
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
10 Tips to Keep Your Software a Step Ahead of the Hackers
10 Tips to Keep Your Software a Step Ahead of the Hackers10 Tips to Keep Your Software a Step Ahead of the Hackers
10 Tips to Keep Your Software a Step Ahead of the HackersCheckmarx
 
Security researcher
Security researcherSecurity researcher
Security researcherNoumanShah20
 
Information security software security presentation.pptx
Information security software security presentation.pptxInformation security software security presentation.pptx
Information security software security presentation.pptxsalutiontechnology
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martindrewz lin
 
6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling Misconceptions6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling MisconceptionsCigital
 
Threat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutThreat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutDevSecCon
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingBugRaptors
 
brochure 2016-September (1)
brochure 2016-September (1)brochure 2016-September (1)
brochure 2016-September (1)Dan Kunkel
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 

Semelhante a Testing software security (20)

Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docx
 
smpef
smpefsmpef
smpef
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdf
 
From Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products SecureFrom Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products Secure
 
CMIT 321 EXECUTIVE PROPOSAL PROJECT
CMIT 321 EXECUTIVE PROPOSAL PROJECTCMIT 321 EXECUTIVE PROPOSAL PROJECT
CMIT 321 EXECUTIVE PROPOSAL PROJECT
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptx
 
Break it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareBreak it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure software
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
10 Tips to Keep Your Software a Step Ahead of the Hackers
10 Tips to Keep Your Software a Step Ahead of the Hackers10 Tips to Keep Your Software a Step Ahead of the Hackers
10 Tips to Keep Your Software a Step Ahead of the Hackers
 
Security researcher
Security researcherSecurity researcher
Security researcher
 
Information security software security presentation.pptx
Information security software security presentation.pptxInformation security software security presentation.pptx
Information security software security presentation.pptx
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
 
Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011
 
6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling Misconceptions6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling Misconceptions
 
Threat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutThreat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert Hurlbut
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
brochure 2016-September (1)
brochure 2016-September (1)brochure 2016-September (1)
brochure 2016-September (1)
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 

Mais de Abdul Basit

Atlassian git cheatsheet
Atlassian git cheatsheetAtlassian git cheatsheet
Atlassian git cheatsheetAbdul Basit
 
Github git-cheat-sheet
Github git-cheat-sheetGithub git-cheat-sheet
Github git-cheat-sheetAbdul Basit
 
Testing the documentation
Testing the documentationTesting the documentation
Testing the documentationAbdul Basit
 
Test cases planning
Test cases planningTest cases planning
Test cases planningAbdul Basit
 
Software Testing
Software TestingSoftware Testing
Software TestingAbdul Basit
 
Black box testing
Black box testingBlack box testing
Black box testingAbdul Basit
 
Software Automated testing and tools
Software Automated testing and toolsSoftware Automated testing and tools
Software Automated testing and toolsAbdul Basit
 
Git Developer Cheatsheet
Git Developer CheatsheetGit Developer Cheatsheet
Git Developer CheatsheetAbdul Basit
 
Software testing lecture 10
Software testing lecture 10Software testing lecture 10
Software testing lecture 10Abdul Basit
 
Software quality assurance lecture 1
Software quality assurance lecture 1Software quality assurance lecture 1
Software quality assurance lecture 1Abdul Basit
 
Software measurement lecture 7
Software measurement lecture 7Software measurement lecture 7
Software measurement lecture 7Abdul Basit
 
Planning for software quality assurance lecture 6
Planning for software quality assurance lecture 6Planning for software quality assurance lecture 6
Planning for software quality assurance lecture 6Abdul Basit
 
Managing software quality in an organization lecture 3
Managing software quality in an organization lecture 3Managing software quality in an organization lecture 3
Managing software quality in an organization lecture 3Abdul Basit
 
Function of software quality assurance lecture 2
Function of software quality assurance lecture 2Function of software quality assurance lecture 2
Function of software quality assurance lecture 2Abdul Basit
 
Expectation from qms lecture 5
Expectation from qms lecture 5Expectation from qms lecture 5
Expectation from qms lecture 5Abdul Basit
 
Capability maturity model cmm lecture 8
Capability maturity model cmm lecture 8Capability maturity model cmm lecture 8
Capability maturity model cmm lecture 8Abdul Basit
 
The role of the quality group in software development lecture 4
The role of the quality group in software development lecture 4The role of the quality group in software development lecture 4
The role of the quality group in software development lecture 4Abdul Basit
 
Software requirements engineering
Software requirements engineeringSoftware requirements engineering
Software requirements engineeringAbdul Basit
 

Mais de Abdul Basit (20)

Atlassian git cheatsheet
Atlassian git cheatsheetAtlassian git cheatsheet
Atlassian git cheatsheet
 
Github git-cheat-sheet
Github git-cheat-sheetGithub git-cheat-sheet
Github git-cheat-sheet
 
Web testing
Web testingWeb testing
Web testing
 
Testing the documentation
Testing the documentationTesting the documentation
Testing the documentation
 
Test planning
Test planningTest planning
Test planning
 
Test cases planning
Test cases planningTest cases planning
Test cases planning
 
Software Testing
Software TestingSoftware Testing
Software Testing
 
Black box testing
Black box testingBlack box testing
Black box testing
 
Software Automated testing and tools
Software Automated testing and toolsSoftware Automated testing and tools
Software Automated testing and tools
 
Git Developer Cheatsheet
Git Developer CheatsheetGit Developer Cheatsheet
Git Developer Cheatsheet
 
Software testing lecture 10
Software testing lecture 10Software testing lecture 10
Software testing lecture 10
 
Software quality assurance lecture 1
Software quality assurance lecture 1Software quality assurance lecture 1
Software quality assurance lecture 1
 
Software measurement lecture 7
Software measurement lecture 7Software measurement lecture 7
Software measurement lecture 7
 
Planning for software quality assurance lecture 6
Planning for software quality assurance lecture 6Planning for software quality assurance lecture 6
Planning for software quality assurance lecture 6
 
Managing software quality in an organization lecture 3
Managing software quality in an organization lecture 3Managing software quality in an organization lecture 3
Managing software quality in an organization lecture 3
 
Function of software quality assurance lecture 2
Function of software quality assurance lecture 2Function of software quality assurance lecture 2
Function of software quality assurance lecture 2
 
Expectation from qms lecture 5
Expectation from qms lecture 5Expectation from qms lecture 5
Expectation from qms lecture 5
 
Capability maturity model cmm lecture 8
Capability maturity model cmm lecture 8Capability maturity model cmm lecture 8
Capability maturity model cmm lecture 8
 
The role of the quality group in software development lecture 4
The role of the quality group in software development lecture 4The role of the quality group in software development lecture 4
The role of the quality group in software development lecture 4
 
Software requirements engineering
Software requirements engineeringSoftware requirements engineering
Software requirements engineering
 

Último

ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxMusic 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxleah joy valeriano
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsManeerUddin
 

Último (20)

ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxMusic 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translation
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture hons
 

Testing software security

  • 1. Testing Software Security     A secure product is a product that protects the confidentiality, integrity, and availability of the customers' information, and the integrity and availability of processing resources, under control of the system's owner or administrator. A security vulnerability is a flaw in a product that makes it infeasible even when using the product properly to prevent an attacker. Hacker:One who uses programming skills to gain illegal access to a computer network or file. As a software tester it's important to understand why someone may want to break into your software. Understanding their intent will aid you in thinking about where the security vulnerabilities might be in the software you're testing.
  • 2. Understanding the Motivation of Hacker  The five motives that a hacker might have to gain access to a system are – – – – – Challenge/Prestige: when someone breaks into a system purely for the challenge of the task and the prestige Curiosity: The hacker will peruse the system looking for something interesting Use/Leverage: Here the hacker will actually attempt to use the system for his own purpose. Defacing, Destruction, and Denial of Service: Defacing is changing the appearance of a website. Destruction takes the form of deleting or altering of data stored on the system. Denial of service is preventing or hindering the hacked system from performing its intended operation. Steal: intent is to find something of value that can be used or sold. Credit card numbers, personal information, goods and services, even login IDs and email addresses, all have value to the hacker.
  • 3. Threat Modeling      To look for areas of the product's feature set to security vulnerabilities. Choose to make changes to the product. Spend more effort designing certain features, or concentrate testing on potential trouble spots. Ultimately it will result in a more secure product. Unless everyone on the product development team understands and agrees to the possible threats, your team will not be able to create a secure product.
  • 4. Threat Modeling complex system requires comprehensive threat modeling to identify security vulnerabilities.
  • 5. Steps of Threat Modeling Process  Assemble the threat modeling team  Identify the Assets.  Create an Architecture Overview  Decompose the Application.  Identify the Threats.  Document the Threats.  Rank the threats.
  • 6. Testing for Security Bugs     Testing for security bugs is a test-to-fail activity. Tester won't necessarily be given a product specification that explicitly defines how software security is to be addressed. Nor will he be able to assume that the threat model is complete and accurate. Tester will need to put on "test-to-fail" hat and attack the software much like a hacker would assuming that every feature has a security vulnerability.
  • 7. Testing for Security Bugs     Testing for security bugs is a test-to-fail activity. Tester won't necessarily be given a product specification that explicitly defines how software security is to be addressed. Nor will he be able to assume that the threat model is complete and accurate. Tester will need to put on "test-to-fail" hat and attack the software much like a hacker would assuming that every feature has a security vulnerability.