We have seen above addressed all major web testing methods. During worked for around 3 years out of my testing career on web testing. If I missed out addressing any important web testing aspect then please let me know in comments below. I will keep on updating the article for latest testing information as soon as possible.
Important scenario on Security Testing
- Try to some invalid inputs in input fields like login username, password, text boxes. Check the system reaction or responses on all invalid inputs.
- Web directories or files should not be accessible directly unless given download option.
- Test if SSL is used for security measures. If used proper message should get displayed when user switch from non-secure http:// pages to secure https:// pages and vice versa.
- All transactions, error messages, security breach attempts should get logged in log files somewhere on web server.
Types of Security Testing as:
This is done through automated software to scan a system against known vulnerability signatures.
Involves identifying network and system weaknesses, and later provides solutions for reducing risks. This scanning can be performed for both Manual and Automated scanning.
This testing involves analysis of a particular system to check for potential vulnerabilities to an external hacking attempt also This kind of testing simulates an attack from malicious hacker
It involves the analysis of security risks observed in the organization. Risks are classified as Low, Medium and High. Risk Assessment recommends controls and measures to reduce the risk.
This is internal inspection of Applications and Operating systems for security flaws. Audit can also be done via line by line inspection of code
It is hacking an Organization Software systems. Unlike malicious hackers ,who looking their own gains , the intent is to expose security flaws in the system. Its verify challenging testing apart from other web testing.
Posture Assessment: Posture Assessment means Ethical Hacking and Risk Assessments to show an overall security posture of an organization.
Above all are the important we seen regarding security testing, Soon I will share more information about security testing.