5 Must Know Security Testing Techniques for Applications
Bangalore: Security is of an utmost importance when it comes to applications and websites that obtain critical information such as account or credit card information. It is the tasks of the tester to ensure that the information provided stay safe. Testers also need to ensure that the application doesn’t accept invalid username and passwords and other log in information.
Security Testing Techniques
Softwaretestinghelp.com cites five security testing techniques and how to test them.
1. Access to Application
Some information on a webpage is not available to a person who doesn’t need it. This access security is executed by ‘Roles and Rights Management’. Example: On a company internal portal, information which is only available to the management team will not be accessible by all unless they have the access. Proper execution of roles and rights management will ensure access security.
A tester to guarantee this type of security would need to generate multiple user profiles with different roles and access the applications from the profiles he created. He would need to ensure that the role he created should have access only to their respective screen or information. If any conflict is found he should raise a request to have the issue corrected.
2. Data Protection
Security measures needs to be adopted to ensure that the data provided or transferred by the user is secured. The tester would also need to ensure that the data stored in the database is safe apart from certifying that the information in it is accessible only to people with access.
A tester would need to verify that the data saved in the database and data being transferred are in an encrypted form apart from verifying that the encrypted data can be decrypted at the receiving end.
3. Brute-Force Attack
Some software attempts to get the password of an application by attempting to login to the application again and again till it’s successful. The application should suspend the account if there are many unsuccessful login attempts. Example: a debit card will be blocked if there are many attempts to enter an invalid pin.
The tester need to certify that the account suspension system exists and is working perfectly. He can ensure this by repeatedly entering a wrong password in the application. If it blocks the account, then the application is secured from Brute-Force attacks.
4. SQL Injection and XSS
Hackers usually use malicious scripting that can manipulate a website to gain access to it. Testers would need to ensure that input fields have a maximum length limits which are well defined. Example: the input field for the first name should have a limit of 25 rather than 250 letters.
5. Service Access Points
Websites that collaborate with each other should delineate access points available to both. Testers would need to verify that if the target audience is large, the access points should be able to accommodate the users’ requests apart from ensuring that it’s secured to prevent any security threats.
Post your Comment
All form fields are required.
© 2013 SiliconIndia all rights reserved