QA City

Join Hands to Build a Smarter India: Sign in | Join now
Most Popular

5 Must Know Security Testing Techniques for Applications

By SiliconIndia   |   Tuesday, 26 June 2012, 06:21 Hrs
Print Email


Bangalore: Security is of an utmost importance when it comes to applications and websites that obtain critical information such as account or credit card information. It is the tasks of the tester to ensure that the information provided stay safe. Testers also need to ensure that the application doesn’t accept invalid username and passwords and other log in information.



Security Testing Techniques



Softwaretestinghelp.com cites five security testing techniques and how to test them.



1.    Access to Application



Some information on a webpage is not available to a person who doesn’t need it. This access security is executed by ‘Roles and Rights Management’. Example: On a company internal portal, information which is only available to the management team will not be accessible by all unless they have the access.  Proper execution of roles and rights management will ensure access security.



A tester to guarantee this type of security would need to generate multiple user profiles with different roles and access the applications from the profiles he created. He would need to ensure that the role he created should have access only to their respective screen or information. If any conflict is found he should raise a request to have the issue corrected.

2.    Data Protection



Security measures needs to be adopted to ensure that the data provided or transferred by the user is secured. The tester would also need to ensure that the data stored in the database is safe apart from certifying that the information in it is accessible only to people with access.
A tester would need to verify that the data saved in the database and data being transferred are in an encrypted form apart from verifying that the encrypted data can be decrypted at the receiving end.  

3.    Brute-Force Attack



Some software attempts to get the password of an application by attempting to login to the application again and again till it’s successful.  The application should suspend the account if there are many unsuccessful login attempts. Example: a debit card will be blocked if there are many attempts to enter an invalid pin.



The tester need to certify that the account suspension system exists and is working perfectly. He can ensure this by repeatedly entering a wrong password in the application. If it blocks the account, then the application is secured from Brute-Force attacks.

4.    SQL Injection and XSS



Hackers usually use malicious scripting that can manipulate a website to gain access to it. Testers would need to ensure that input fields have a maximum length limits which are well defined. Example: the input field for the first name should have a limit of 25 rather than 250 letters.

5.    Service Access Points



Websites that collaborate with each other should delineate access points available to both. Testers would need to verify that if the target audience is large, the access points should be able to accommodate the users’ requests apart from ensuring that it’s secured to prevent any security threats.


Sign Up for QA Digest and Read the Day's Highlights
Don't Miss
Experts on QA
Anantha Prasanna Venkatesh  S
EHS Manager
L&T LTD
Vinay  Joshi
Software Engineer
NextGen Invent
Devesh  Maheshwari
Test Automation Lead
NBN Co Limited
Aparna  Gandhavalla
Sr.Quality Engineer
Logitech
Sagar  Koti
Team Lead
Pervazive Automation
Lokesh  Gupta
Software Development
Aditi Technologies
Abhinav  Jain
Talent Acquisition
HCL
Avishek  Mukhopadhyay
Analyst Programmer
Accenture
Write your comment now
 
Whitepapers
This report is the result of the largest public-private sector rese...
For those not familiar with the Coverity Scan™ service, i...
SiliconIndia About Us   |   Contact Us   |   Help   |   Community rules   |   Advertise with us   |   Sitemap   |  
News:       Technology   |   Enterprise   |   Gadgets   |   Startups   |   Finance   |   Business   |   Career   |   Magazine  |   Newsletter   |   News archive  
Cities:        CEO   |     Startup   |   Mobile   |   CIO   |   Women   |   BI   |   HR   |   SME   |   Cloud   |   Marketing   |   QA   |   Java   |   Web Developer  
Community:      Members   |   Blogs   |   Indian Entrepreneurs   |   Gyan   |   Advice   |   Community   |   Find   |   Events   |   CXO Insights  
Job Board:      Jobs   |   Freshers   |   Companies   |   HR Speak   |   Forum  
Online Courses:   Web Developer   |   Java Developer   |   CCNA Training   |   SEO   |   SAS   |   SQL Server 2005   |   J2EE
Education:   MBA   |   MCA   |   Engineering   |   Training Institute
Life:          Real Estate   |   Travel   |   Finance   |   Gadgets   |   Movie Reviews   |    Jokes  
Send your feedback and help us continue to improve SiliconIndia
© 2014 InfoConnect Web Technologies India Pvt Ltd. all rights reserved