QA City

Most Popular

5 Must Know Security Testing Techniques for Applications

By SiliconIndia   |  
Print Email

Bangalore: Security is of an utmost importance when it comes to applications and websites that obtain critical information such as account or credit card information. It is the tasks of the tester to ensure that the information provided stay safe. Testers also need to ensure that the application doesn’t accept invalid username and passwords and other log in information.

Security Testing Techniques cites five security testing techniques and how to test them.

1.    Access to Application

Some information on a webpage is not available to a person who doesn’t need it. This access security is executed by ‘Roles and Rights Management’. Example: On a company internal portal, information which is only available to the management team will not be accessible by all unless they have the access.  Proper execution of roles and rights management will ensure access security.

A tester to guarantee this type of security would need to generate multiple user profiles with different roles and access the applications from the profiles he created. He would need to ensure that the role he created should have access only to their respective screen or information. If any conflict is found he should raise a request to have the issue corrected.

2.    Data Protection

Security measures needs to be adopted to ensure that the data provided or transferred by the user is secured. The tester would also need to ensure that the data stored in the database is safe apart from certifying that the information in it is accessible only to people with access.
A tester would need to verify that the data saved in the database and data being transferred are in an encrypted form apart from verifying that the encrypted data can be decrypted at the receiving end.  

3.    Brute-Force Attack

Some software attempts to get the password of an application by attempting to login to the application again and again till it’s successful.  The application should suspend the account if there are many unsuccessful login attempts. Example: a debit card will be blocked if there are many attempts to enter an invalid pin.

The tester need to certify that the account suspension system exists and is working perfectly. He can ensure this by repeatedly entering a wrong password in the application. If it blocks the account, then the application is secured from Brute-Force attacks.

4.    SQL Injection and XSS

Hackers usually use malicious scripting that can manipulate a website to gain access to it. Testers would need to ensure that input fields have a maximum length limits which are well defined. Example: the input field for the first name should have a limit of 25 rather than 250 letters.

5.    Service Access Points

Websites that collaborate with each other should delineate access points available to both. Testers would need to verify that if the target audience is large, the access points should be able to accommodate the users’ requests apart from ensuring that it’s secured to prevent any security threats.

Don't Miss
Experts on QA
Swaid Qadir Bhat
Sr System Architect
Virtusa Corporation
Subhash  Motwani
Prasad Rao Pasam
Ayaskanta  Mohanty
Managing Director
TATWA Technologies
Rajesh  Dagar
Software Architect
Connect Icon Pvt Ltd
Yasar  Khuthub
Software QA Manager
Azure IT Solutions
Sunil  Bhat
Project Management
HCL Infosystems Limi
Sharad  Agarwal
Team Lead
Write your comment now
This report is the result of the largest public-private sector rese...
For those not familiar with the Coverity Scan™ service, i...