Security testing can be check whether the application is secured or not and this concept covering the following thing:
Data security is primarily focused on securing the data while storing or transmitting it. This can be done by cryptography,which means protecting the information by transforming it into unreadable (cipher text) form. Only secret key can covert the cipher form back into human readable form so it is the concept of making data as difficult as possible to descriptor.
When we using the HTTP, Cryptography is applied by using a secure variant called Hyper Text Transfer Protocol Secure(https).
Network security is defined as securing the channel over an insecure network and this can be achieved by using firewall.
However,It checks if application is vulnerable to attack, if anyone hack the system or login to the application without any authorization
The most important components of security as shown below:
Confidentiality: It check that if unauthorized user are not able to access the information, that require authentication and authorization, making sure that perceived secrets are secret.
Confidentiality can be achieved by cryptography. Examples are:
Credit card information , Passwords.
Integrity: This is to make sure that the information received is not modified during the transit and make sure that information is correct, what they expect to be , and has not been modified. This concept is known as Integrity.
Availability: It means that the system is available for authorized users whenever they need to use it.
Suppose, the main site is down due to some reason then all request to main site are redirected to backup site.