What is Security testing?

Security testing is a method by which tester try to find loopholes in the application . The main motive while performing security testing is to make the application secure for public or private use and to make sure that only valid user can excess the application and invalid user should be kept outside . No loopholes should remain in the application which can be exploit by the hackers .

Tools which can be used for security testing :

There are many free and paid tools available in the market which are usefull while performing security testing:

1.Burp Suite : Paid
2.Wireshark : Free
3.Zed Attack Proxy (ZAP): Free
4.sqlmap : Free
5.Vega : Free

As per OWASP following are the top ten vulnerability :

A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards