QA City

Join Hands to Build a Smarter India: Sign in | Join now
Most Popular

5 Must Know Security Testing Techniques for Applications

By SiliconIndia   |   Tuesday, 26 June 2012, 06:21 Hrs
Print Email

Bangalore: Security is of an utmost importance when it comes to applications and websites that obtain critical information such as account or credit card information. It is the tasks of the tester to ensure that the information provided stay safe. Testers also need to ensure that the application doesn’t accept invalid username and passwords and other log in information.

Security Testing Techniques cites five security testing techniques and how to test them.

1.    Access to Application

Some information on a webpage is not available to a person who doesn’t need it. This access security is executed by ‘Roles and Rights Management’. Example: On a company internal portal, information which is only available to the management team will not be accessible by all unless they have the access.  Proper execution of roles and rights management will ensure access security.

A tester to guarantee this type of security would need to generate multiple user profiles with different roles and access the applications from the profiles he created. He would need to ensure that the role he created should have access only to their respective screen or information. If any conflict is found he should raise a request to have the issue corrected.

2.    Data Protection

Security measures needs to be adopted to ensure that the data provided or transferred by the user is secured. The tester would also need to ensure that the data stored in the database is safe apart from certifying that the information in it is accessible only to people with access.
A tester would need to verify that the data saved in the database and data being transferred are in an encrypted form apart from verifying that the encrypted data can be decrypted at the receiving end.  

3.    Brute-Force Attack

Some software attempts to get the password of an application by attempting to login to the application again and again till it’s successful.  The application should suspend the account if there are many unsuccessful login attempts. Example: a debit card will be blocked if there are many attempts to enter an invalid pin.

The tester need to certify that the account suspension system exists and is working perfectly. He can ensure this by repeatedly entering a wrong password in the application. If it blocks the account, then the application is secured from Brute-Force attacks.

4.    SQL Injection and XSS

Hackers usually use malicious scripting that can manipulate a website to gain access to it. Testers would need to ensure that input fields have a maximum length limits which are well defined. Example: the input field for the first name should have a limit of 25 rather than 250 letters.

5.    Service Access Points

Websites that collaborate with each other should delineate access points available to both. Testers would need to verify that if the target audience is large, the access points should be able to accommodate the users’ requests apart from ensuring that it’s secured to prevent any security threats.

Sign Up for QA Digest and Read the Day's Highlights
Don't Miss
Experts on QA
Sasank Taraka Kumar
QA Lead
RAM Informatics Ltd
Dr Sanjay  Gupta
Lean Leader
Sudhir  Patnaik
Director Engineering
Intuit India
Seetharama  Shetty
Sr QA Analyst
Arctern Consulting
Kiran  Rayachoti
Sr Program Manager
Sapient Corporation
Bobin Motti  Thomas
Sr Tech. Associate
Tech Mahindra
Saudagar  Shinde
General Manager
TTP Technologies Pvt
Ramesh  Loganathan
VP Products
Progress Software
Write your comment now
This report is the result of the largest public-private sector rese...
For those not familiar with the Coverity Scan™ service, i...