What is Security?
Security is set of measures to ensure an application against unexpected activities/actions that make it to stop functioning or being misused/exploited. Unexpected activities can be either intentional or unintentional.
What is Security Testing?
Security Testing guarantees, that system and applications in an association, are free from any provisos/loopholes that might bring about a major misfortune/loss. Security testing of any system is about detection of all possible provisos/loopholes and imperfection of the system which may result into loss of data at the hands of the employees or outsiders of the Organization.
The objective of security testing is to identify the dangers/threats in the system and measure its potential vulnerabilities. It likewise helps in recognizing all possible security dangers/threats/risks in the system and help developers in fixing these issues through coding.
Sorts of Security Testing:-
There are seven principle of security testing according to Open Source Security Testing philosophy manual. They are clarified as follows:-
- Vulnerability Scanning:- This is done through automated software to filter a system against known vulnerability/weakness marks.
- Security Scanning:- It includes identifying network and system shortcomings, and later gives answers for decreasing/reducing these dangers. This examining can be performed for both Manual and Automated scanning.
- Penetration Testing:- This sort of testing recreates an attack from malevolent/malicious hacker. This testing includes investigation of a specific system to check for potential vulnerabilities to an external hacking endeavor.
- Risk Assessment:- This testing includes investigation of security dangers observed in the organization. Dangers are delegated Low, Medium and High. This testing prescribes controls and measures to reduce the danger.
- Security Auditing:- This is internal review of Applications and Operating systems for security flaws. Review/Audit should also be done via line by line examination of code
- Ethical Hacking:- It's hacking an Organization Software systems. Dissimilar to malicious programmers/hackers, who take for their own gains, the goal is to expose security imperfections/flaws in the system.
- Posture Assessment:- This consolidates Security scanning, Ethical Hacking and Risk Assessments to demonstrate a general security posture of an association.