Overview about Security and Security Testing

Security testing has 6 principles.

1) Confidentiality
It aims on protecting data from disclosure to third parties.

2) Integrity
It refers to protection of information from modifying by third parties and aims at ensuring delivery of exact information send by a sender.

3) Authentication
It is concerned with authenticity of user using the information system is the same who needs to be or the system is exact same which it was claimed to be. No third party should be able to access the system without authentication.

4) Authorization
It includes the process of verifying that the user which requests to access the system is allowed to have access over the system. Ex. Access Control

5) Availability
It is a term which is to assure that whenever user requests for information and access over system, It should be ready for authenticated user and information should be available at any time for authorized user.

6) Non-repudiation
It simply means that the message or information sent over network has been successfully sent and received by end to end users. It is a way to ensure that sender can not deny that he has sent that message and receiver can not deny that he has received message.

Techniques for Security Testing:

• Sql Injection
• Broken Authentication and Session.
• XSS(Cross-Site Scripting)
• IDOR(Insecure Direct Object References)
• Security Misconfiguration
• SDE(Sensitive Data Exposure)
• Missing Access Control at Functional Level
• CSRF(Cross-Site Request Forgery)
• Use Components with Known Vulnerabilities
• Unvalidated Redirect

We will see in detail about Security testing techniques in my next blog. Keep reading… :)