Myths/Facts of Security Testing
Let's talk on an intriguing points on Myths and facts of security testing:
Myth #1 We needn't need a security approach as we have a little business
Fact : Everyone and each organization require a security strategy/policy
Myth #2 There is no arrival on interest in security testing
Fact : Security Testing can point out zones for improvement that can enhance proficiency and decrease downtime, empowering most extreme throughput.
Myth #3 Only way/approach to secure is to unplug it.
Fact : The main and the most ideal approach to secure association is to discover "Perfect Security". Perfect security can be accomplished by performing stance assessment and compare with business, legal and industry justifications.
Myth #4 Internet isn't safe. I will buy software or equipment to shield the system and save business.
Fact : One of the most serious issues is to buy software and equipment for security. Rather, association should to understand security first and after that apply it.
Conclusion:
Security testing is most imperative testing for an application and check whether private information stays confidential. In this sort of testing, tester plays a role of the attacker and play around the system to discover security related bugs. This security testing is essential in IT industry to ensure information by all means.
Test Scenarios for Security Testing:
Test scenarios to give you a look at security test cases -
- Password/SecretKey ought to be in encrypted format
- Application or System ought not permit invalid users
- Check cookies/treats and session time for application
- For financial sites/locales, Browser back catch ought not work.
Methodologies/Procedures
In security testing, different methodologies are taken after, and they are as per the following:
Tiger Box : This hacking is normally done on a laptop which has a multiple of Operating Systems and hacking devices. This testing helps entrance analyzers and security analyzers to lead vulnerabilities appraisal and assaults.
Black Box : Tester is approved to do testing on everything about the network topology and the innovation/technology.
Grey Box : Partial data is given to the tester about the system, and it is mixture of white and black box models.
Roles you should know!
Hackers - Access PC system or network without approval/authorization
Crackers - Break into the systems to steal or destroy information
Ethical Hacker - Performs a large portion of the breaking activities but with permission from owner
Script Kiddies or parcel monkeys - Inexperienced Hackers with programming aptitude
0 Comment(s)