Security Testing is a process to determine that an information system protects data and maintains functionality as intended. The security testing is performed to check whether there is any information leakage in the sense by encrypting the application or using wide range of software’s and hardware's and firewall etc.
The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, availability, authorization and non-repudiation. Security testing as a term has a number of different meanings and can be completed in a number of different ways.
- Authentication - Testing the authentication schema means understanding how the authentication process works and using that information to circumvent the authentication mechanism. Basically, it allows a receiver to have confidence that information it receives originated from a specific known source.
- Authorization - Determining that a requester is allowed to receive a service or perform an operation.
- Availability- Assuring information and communications services will be ready for use when expected. Information must be kept available to authorized persons when they need it.
- Confidentiality - A security measure which protects the disclosure of data or information to parties other than the intended.
- Integrity – Whether the intended receiver receives the information or data which is not altered in transmission.
- Non-Repudiation - Interchange of authentication information with some form of provable time stamp e.g. with session id etc.
The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, availability, authorization and non-repudiation. Security testing as a term has a number of different meanings and can be completed in a number of different ways.
- Authentication - Testing the authentication schema means understanding how the authentication process works and using that information to circumvent the authentication mechanism. Basically, it allows a receiver to have confidence that information it receives originated from a specific known source.
- Authorization - Determining that a requester is allowed to receive a service or perform an operation.
- Availability- Assuring information and communications services will be ready for use when expected. Information must be kept available to authorized persons when they need it.
- Confidentiality - A security measure which protects the disclosure of data or information to parties other than the intended.
- Integrity – Whether the intended receiver receives the information or data which is not altered in transmission.
- Non-Repudiation - Interchange of authentication information with some form of provable time stamp e.g. with session id etc.
