We have seen above addressed all major web testing methods. During worked for around 3 years out of my testing career on web testing. If I missed out addressing any important web testing aspect then please let me know in comments below. I will keep on updating the article for latest testing information as soon as possible.
Important scenario on Security Testing
- Try to some invalid inputs in input fields like login username, password, text boxes. Check the system reaction or responses on all invalid inputs.
- Web directories or files should not be accessible directly unless given download option.
- Test if SSL is used for security measures. If used proper message should get displayed when user switch from non-secure http:// pages to secure https:// pages and vice versa.
- All transactions, error messages, security breach attempts should get logged in log files somewhere on web server.
Types of Security Testing as:
Vulnerability Scanning:
This is done through automated software to scan a system against known vulnerability signatures.
Security Scanning:
Involves identifying network and system weaknesses, and later provides solutions for reducing risks. This scanning can be performed for both Manual and Automated scanning.
Penetration testing:
This testing involves analysis of a particular system to check for potential vulnerabilities to an external hacking attempt also This kind of testing simulates an attack from malicious hacker
Risk Assessment:
It involves the analysis of security risks observed in the organization. Risks are classified as Low, Medium and High. Risk Assessment recommends controls and measures to reduce the risk.
Security Auditing:
This is internal inspection of Applications and Operating systems for security flaws. Audit can also be done via line by line inspection of code
Ethical hacking:
It is hacking an Organization Software systems. Unlike malicious hackers ,who looking their own gains , the intent is to expose security flaws in the system. Its verify challenging testing apart from other web testing.
Posture Assessment: Posture Assessment means Ethical Hacking and Risk Assessments to show an overall security posture of an organization.
Above all are the important we seen regarding security testing, Soon I will share more information about security testing.