SlideShare uma empresa Scribd logo

Security testing fundamentals

Transferir como PPTX, PDF
Cygnet Infotech
Cygnet Infotech

Security Testing is deemed successful when the below attributes of an application are intact - Authentication - Authorization - Availability - Confidentiality - Integrity - Non-Repudiation Testing must start early to minimize defects and cost of quality. Security testing must start right from the Requirements Gathering phase to make sure that the quality of end-product is high. This is to ensure that any intentional/unintentional unforeseen action does not halt or delay the system.

Tecnologia
1 de 14
Security Testing Fundamentals Presented by Cygnet Infotech Pvt. Ltd.
Overview • Security Testing is deemed successful when the below attributes of an application are intact • Authentication • Authorization • Availability • Confidentiality • Integrity • Non-Repudiation www.cygnet-infotech.com
Authentication • To confirm that something or someone is authentic – true to the claims. • The digital identity of a user is validated and verified. www.cygnet-infotech.com
Authorization • To ensure that a person/program is authorized to see the contents or make changes in an application. • User/Access rights are used. www.cygnet-infotech.com
Availability • To ensure that an application is up and running; its services and information available as and when needed. • Number of failures are reduced and backups are kept ready. www.cygnet-infotech.com
Confidentiality • To make sure that the information and services are available only when requested by and for intended users. • Penetration testing is done and defects are fixed. www.cygnet-infotech.com
Integrity • To ensure that the service provides the user with correct information. • It is also essential to make sure that no obsolete or outdated information is presented. www.cygnet-infotech.com
Non-repudiation • To ensure that the message was sent and received by authentic users only. • The sender/receiver must not be able to deny their involvement. www.cygnet-infotech.com
When to start Security Testing? • In general, testing must start early to minimize defects and cost of quality. • Security testing must start right from the Requirements Gathering phase to make sure that the quality of end-product is high. • This is to ensure that any intentional/unintentional unforeseen action does not halt or delay the system. www.cygnet-infotech.com
SDLC and Security Testing • Requirements Gathering • Design • Development/Unit Testing • Integration Testing • System Testing • Deployment • Support/Maintenance • Security Requirements Study • Develop Security Test Plan • White box Security Testing • Black box Security Testing • Vulnerability Scanning • Penetration Testing • Post-production analysis www.cygnet-infotech.com
Security Testing Types www.cygnet-infotech.com Vulnerability Scanning •Scanning a system to find vulnerable signatures and loopholes. Penetration Testing •An attack from a hacker is simulated on the system. Ethical Hacking •The system is attacked from within to expose all the security flaws in the system. Risk Assessment •Observing the security risks in the system, classifying them as high, medium and low. Security Scanning •Network/system weakness are studies, analyzed and fixed. Security Review •To check that security standards have been implemented appropriately through gap analysis and code/design reviews.
About Cygnet Infotech • We are a global IT services & solutions provider. • We provide custom software development services across technologies and domains to our clients in over 23 countries. • We are ISO 9001, ISO 27001 and CMMi Level III Certified www.cygnet-infotech.com
Enterprise QA & Software Testing • We provide following testing services • Functional Testing • Performance Testing • Load Testing • Automated Testing • Security Testing • Mobile Testing www.cygnet-infotech.com
Contact Us • Email: info@cygnet-infotech.com • Twitter: @cygnetinfotech • Skype: cygnet-infotech-pvt-ltd

Recomendados

Security testing
Security testingSecurity testing
Security testing
Khizra Sammad
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentation
Confiz
 
Security Testing
Security TestingSecurity Testing
Security Testing
Qualitest
 
Security testing
Security testingSecurity testing
Security testing
baskar p
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?
ONE BCG
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
Marco Morana
 

Recomendados

Security testing
Security testingSecurity testing
Security testing
Khizra Sammad
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentation
Confiz
 
Security Testing
Security TestingSecurity Testing
Security Testing
Qualitest
 
Security testing
Security testingSecurity testing
Security testing
baskar p
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?
ONE BCG
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
Marco Morana
 
Security testing
Security testingSecurity testing
Security testing
Tabăra de Testare
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
Alwin Thayyil
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
n|u - The Open Security Community
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Security testing
Security testingSecurity testing
Security testing
Rihab Chebbah
 
Security Testing for Web Application
Security Testing for Web ApplicationSecurity Testing for Web Application
Security Testing for Web Application
Precise Testing Solution
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and Testing
Maganathin Veeraragaloo
 
Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security Testing
vodQA
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_application
Umut IŞIK
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
Precisely
 
It security cognic_systems
It security cognic_systemsIt security cognic_systems
It security cognic_systems
Cognic Systems Pvt Ltd
 

Mais conteúdo relacionado

Mais procurados

Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_application
Umut IŞIK
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 

Mais procurados (20)

Security testing
Security testingSecurity testing
Security testing
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Application Security
Application SecurityApplication Security
Application Security
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Security testing
Security testingSecurity testing
Security testing
 
Security Testing for Web Application
Security Testing for Web ApplicationSecurity Testing for Web Application
Security Testing for Web Application
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and Testing
 
Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security Testing
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_application
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
 

Semelhante a Security testing fundamentals

Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
Precisely
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, Outsourcing
Nicholas Davis
 
Network security, change control, outsourcing
Network security, change control, outsourcingNetwork security, change control, outsourcing
Network security, change control, outsourcing
Nicholas Davis
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
David Lindner
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
AlgoSec
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
Michael Hidalgo
 

Semelhante a Security testing fundamentals (20)

Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
 
It security cognic_systems
It security cognic_systemsIt security cognic_systems
It security cognic_systems
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, Outsourcing
 
Network security, change control, outsourcing
Network security, change control, outsourcingNetwork security, change control, outsourcing
Network security, change control, outsourcing
 
Security Design Concepts
Security Design ConceptsSecurity Design Concepts
Security Design Concepts
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart Way
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
Chapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxChapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptx
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptx
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptx
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developer
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shop
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 

Mais de Cygnet Infotech

Mais de Cygnet Infotech (20)

Roadmap for Digital Transformation
Roadmap for Digital TransformationRoadmap for Digital Transformation
Roadmap for Digital Transformation
 
Robotic Process Automation Capabilities - Cygnet Infotech
Robotic Process Automation Capabilities - Cygnet InfotechRobotic Process Automation Capabilities - Cygnet Infotech
Robotic Process Automation Capabilities - Cygnet Infotech
 
Enterprise QA and Application Testing Services
Enterprise QA and Application Testing ServicesEnterprise QA and Application Testing Services
Enterprise QA and Application Testing Services
 
Salesforce CRM - To Achieve Unparalleled ROI
Salesforce CRM - To Achieve Unparalleled ROISalesforce CRM - To Achieve Unparalleled ROI
Salesforce CRM - To Achieve Unparalleled ROI
 
Full-stack Front-end Engineering Services
Full-stack Front-end Engineering ServicesFull-stack Front-end Engineering Services
Full-stack Front-end Engineering Services
 
Modernizing Supply Chain with Blockchain Technology
Modernizing Supply Chain with Blockchain TechnologyModernizing Supply Chain with Blockchain Technology
Modernizing Supply Chain with Blockchain Technology
 
IT Consulting - Aligning Technology to Business Strategy
IT Consulting - Aligning Technology to Business StrategyIT Consulting - Aligning Technology to Business Strategy
IT Consulting - Aligning Technology to Business Strategy
 
Emerging Technologies: The Power to Future Ready Business
Emerging Technologies: The Power to Future Ready BusinessEmerging Technologies: The Power to Future Ready Business
Emerging Technologies: The Power to Future Ready Business
 
Cloud Computing: Delivering Public, Private and Hybrid Cloud Solutions
Cloud Computing: Delivering Public, Private and Hybrid Cloud SolutionsCloud Computing: Delivering Public, Private and Hybrid Cloud Solutions
Cloud Computing: Delivering Public, Private and Hybrid Cloud Solutions
 
Microsoft Dynamics 365 - The Engine that Thrives Transformation
Microsoft Dynamics 365 - The Engine that Thrives TransformationMicrosoft Dynamics 365 - The Engine that Thrives Transformation
Microsoft Dynamics 365 - The Engine that Thrives Transformation
 
DevOps - The Best Way to Break the Silos
DevOps - The Best Way to Break the SilosDevOps - The Best Way to Break the Silos
DevOps - The Best Way to Break the Silos
 
Robotic Process Automation (RPA) in Manufacturing Industry
Robotic Process Automation (RPA) in Manufacturing IndustryRobotic Process Automation (RPA) in Manufacturing Industry
Robotic Process Automation (RPA) in Manufacturing Industry
 
Quality Engineering in the New Era
Quality Engineering in the New EraQuality Engineering in the New Era
Quality Engineering in the New Era
 
5 ways blockchain improves business flexibility
5 ways blockchain improves business flexibility 5 ways blockchain improves business flexibility
5 ways blockchain improves business flexibility
 
5 Reasons to Adopt Product Engineering
5 Reasons to Adopt Product Engineering5 Reasons to Adopt Product Engineering
5 Reasons to Adopt Product Engineering
 
Successful SAP Implementation Checklist
Successful SAP Implementation ChecklistSuccessful SAP Implementation Checklist
Successful SAP Implementation Checklist
 
The Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive TestingThe Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive Testing
 
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
 
Introduction to Blockchain-as-a-Service (BaaS)
Introduction to Blockchain-as-a-Service (BaaS)Introduction to Blockchain-as-a-Service (BaaS)
Introduction to Blockchain-as-a-Service (BaaS)
 
5 Ways MS Dynamics 365 Empowers Digital Transformation
5 Ways MS Dynamics 365 Empowers Digital Transformation5 Ways MS Dynamics 365 Empowers Digital Transformation
5 Ways MS Dynamics 365 Empowers Digital Transformation
 

Último

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Último (20)

Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 

Security testing fundamentals

  • 1. Security Testing Fundamentals Presented by Cygnet Infotech Pvt. Ltd.
  • 2. Overview • Security Testing is deemed successful when the below attributes of an application are intact • Authentication • Authorization • Availability • Confidentiality • Integrity • Non-Repudiation www.cygnet-infotech.com
  • 3. Authentication • To confirm that something or someone is authentic – true to the claims. • The digital identity of a user is validated and verified. www.cygnet-infotech.com
  • 4. Authorization • To ensure that a person/program is authorized to see the contents or make changes in an application. • User/Access rights are used. www.cygnet-infotech.com
  • 5. Availability • To ensure that an application is up and running; its services and information available as and when needed. • Number of failures are reduced and backups are kept ready. www.cygnet-infotech.com
  • 6. Confidentiality • To make sure that the information and services are available only when requested by and for intended users. • Penetration testing is done and defects are fixed. www.cygnet-infotech.com
  • 7. Integrity • To ensure that the service provides the user with correct information. • It is also essential to make sure that no obsolete or outdated information is presented. www.cygnet-infotech.com
  • 8. Non-repudiation • To ensure that the message was sent and received by authentic users only. • The sender/receiver must not be able to deny their involvement. www.cygnet-infotech.com
  • 9. When to start Security Testing? • In general, testing must start early to minimize defects and cost of quality. • Security testing must start right from the Requirements Gathering phase to make sure that the quality of end-product is high. • This is to ensure that any intentional/unintentional unforeseen action does not halt or delay the system. www.cygnet-infotech.com
  • 10. SDLC and Security Testing • Requirements Gathering • Design • Development/Unit Testing • Integration Testing • System Testing • Deployment • Support/Maintenance • Security Requirements Study • Develop Security Test Plan • White box Security Testing • Black box Security Testing • Vulnerability Scanning • Penetration Testing • Post-production analysis www.cygnet-infotech.com
  • 11. Security Testing Types www.cygnet-infotech.com Vulnerability Scanning •Scanning a system to find vulnerable signatures and loopholes. Penetration Testing •An attack from a hacker is simulated on the system. Ethical Hacking •The system is attacked from within to expose all the security flaws in the system. Risk Assessment •Observing the security risks in the system, classifying them as high, medium and low. Security Scanning •Network/system weakness are studies, analyzed and fixed. Security Review •To check that security standards have been implemented appropriately through gap analysis and code/design reviews.
  • 12. About Cygnet Infotech • We are a global IT services & solutions provider. • We provide custom software development services across technologies and domains to our clients in over 23 countries. • We are ISO 9001, ISO 27001 and CMMi Level III Certified www.cygnet-infotech.com
  • 13. Enterprise QA & Software Testing • We provide following testing services • Functional Testing • Performance Testing • Load Testing • Automated Testing • Security Testing • Mobile Testing www.cygnet-infotech.com
  • 14. Contact Us • Email: info@cygnet-infotech.com • Twitter: @cygnetinfotech • Skype: cygnet-infotech-pvt-ltd