Security Testing Technique

Security is a protection system that is needed for both secure confidential information and for competitive purposes to assure third parties their data will be protected. The amount of security provided will be dependent upon the risks associated with compromise or loss of information.

Protecting the confidentiality of the information is designed to protect the resources of the organization.However, information such as customer lists or improper disclosure of customer information may result in a loss of customer business to competitors. Security testing is designed to evaluate the adequacy of the protective procedures and countermeasures.

What are the Objectives of Security Testing ?

Security defects do not become as obvious as other types of defects. Therefore, the objectives of security testing are to identify defects that are very difficult to identify. Even failures in the security system operation may not be detected, resulting in a loss or compromise of information without the knowledge of that loss. The security testing objectives include:
  1. Determine that adequate attention is devoted to identifying security risks
  2. Determine that a realistic definition and enforcement of access to the system is implemented
  3. Determine that sufficient expertise exists to perform adequate security testing
  4. Conduct reasonable tests to ensure that the implemented security measures function properly
How to Use Security Testing Techniques ?

Security testing is a highly specialized part of the test process. Most organizations can evaluate the reasonableness of security procedures to prevent the average perpetrator from penetrating the application. However, the highly skilled perpetrator using sophisticated techniques may use methods undetectable by novices designing security measures and/or testing those measures.

The first step in testing is the identification of the security risks and the potential loss associated with those risks. If either the loss is low or the penetration method mere routine, the information technology personnel can conduct the necessary tests. On the other hand, if either the risks are very high or the technology that might be used is sophisticated, specialized help should be acquired in conducting the security tests.

Where do we use security testing ?

Security testing involves a wide spectrum of conditions. Testing can first be divided into physical and logical security. Physical deals with the penetration by people in order to physically gather information, while logical security deals with the use of computer processing and/or communication capabilities to improperly access information. Second, access control can be divided by type of perpetrator, such as employee, consultant, cleaning or service personnel, as well as categories of employees. The type of test conducted will vary upon the condition being tested and can include:
  1. Determination that the resources being protected are identified, and access is defined for each resource. Program or individual can define access.
  2. Evaluation as to whether the designed security procedures have been properly implemented and function in accordance with the specifications.
  3. Unauthorized access can be attempted in online systems to ensure that the system can identify and prevent access by unauthorized sources.
When to Use Security Testing ?

Security testing should be used when the information and/or assets protected by the application system are of significant value to the organization. The testing should be performed both prior to the system going into an operational status and after the system is placed into an operational status. The extent of testing should depend on the security risks, and the individual assigned to conduct the test should be selected based on the estimated sophistication that might be used to penetrate security.

(132.2)

Related Posts

Compliance Testing technique Recovery testing technique Execution testing Structural software testing Static and dynamic testing Functional and structural testing Testing verification and validation Test Process Independent Software Testing and part two Testing metrics and Life cycle testing c programming break statement V model Software Testing

Other Programming Courses :

ASP.NET part one and two
Programming with C and C Sharp
Dot Net Complete Course Part one and two
Interview Questions in dot net and asp.net part one part two
Software Testing Complete course part one and two
Interview Questions in software Testing


Learn complete software testing course here as basic and advanced parts .

Thank you for visiting PROGRAMMING BLOG. If you liked the post, please subscribe to my blog via email or RSS FEED.You can contact me here for any specific feed back .

COMMENT HERE and thank you for sparing your valuable time.

I will be very glad if you share this page on your social book marking site with the below link.

Share/Save/Bookmark

No comments:

Post a Comment