Can u plz anybody tell the security testing in manual testing?

Questions by lakshmi_imhskal

Showing Answers 1 - 3 of 3 Answers

TR

  • Oct 29th, 2006
 

security testing - testing how well the system protects against unauthorized internal or external access, willful damage, etc; may require sophisticated testing techniques.

To explain more about this most common way is to check your IIS settings for Websites.

Using of URL encryption would come under security.

  Was this answer useful?  Yes

swapna

  • Nov 6th, 2006
 

This component will handle the system authentication and then some. The main functionality of this component will be to authenticate users when they provide their username and password at login. It will return a pass or fail response and then the system will choose what to do from there.

  Was this answer useful?  Yes

Security Testing is testing a system to check whether the system meets its specified security objectives.

 

A process used to determine that the security features of a system are implemented as designed and that they are adequate for a proposed application environment. This process includes hands-on functionally testing, penetration testing, and verification.

 

Software defects and poor construction practices can make applications vulnerable to attack. Security vulnerabilities enable an attacker to impact a company's systems and assets, and the company can be liable for the damages that a security breach causes.

With security, prevention is the key to success. Security testing allows developers and testers to verify that the application's security functions, including passwords and authentication, operate correctly and that information can be successfully encrypted and decrypted. Security testing also enables developers and testers to ensure that the code written is not vulnerable to attack.

Parasoft provides solutions that allow enterprises to establish and enforce an effective application security policy. These policies define how the code should operate to maintain the degree of security that is required for the application. These solutions enable developers and testers to identify security mechanisms that are not implemented and operating correctly. They are available for Java, C++, .Net, HTML, XML and Web Services environments.

The solutions automatically analyze the source code to ensure that the security policies have been followed and to find violations of the policy that can create security vulnerabilities. They can also use penetration testing, which automatically simulates an attacker's actions, to confirm that the security policy is implemented and operating correctly.

For more information go through http://www.answers.com/security%20testing

For Penetration Testing

Penetration Testing is also called Ethical Hacking, Vulnerability Testing, Security Testing, Intrusion Testing, and Red Teaming.

 

A penetration test is a method of evaluating the security of a computer system or network by simulating an attack by a cracker. The process involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. The tester, sometime known as an ethical hacker, generally uses the same methods and tools as a real attacker. Afterwards, the penetration testers report on the vulnerabilities and suggest steps that should be taken to make the system more secure. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution.

 

An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security system, ethical hackers use the same methods as their less principled counterparts, but report problems instead of taking advantage of them. An ethical hacker is sometimes called a white hat, a term that comes from old Western movies, where the ?good guy? wore a white hat and the ?bad guy? wore a black hat.

 

White hat describes a hacker (or cracker) who identifies a security weakness in a computer system or network but, instead of taking malicious advantage of it, exposes weakness in a way that will allow the system?s owners to fix the breach before it can be taken advantage by others (such as black hat hackers). Methods of telling the owners about it, range from a simple phone call through sending an e-mail note to a Webmaster or administrator all the way leaving an electronic ?calling card? in the system that makes it obvious that security has been breached.

 

While white hat hacking is a hobby for some, others provide their services for a free. Thus, a white hat hacker may work as a consultant or be a permanent employee on a company?s payroll. A good many white hat hackers are former black hat hackers.

 

Security experts recommend that an annual penetration test be undertaken as a supplement to a more frequent automated security scan.

Give your answer:

If you think the above answer is not correct, Please select a reason and add your answer below.

 

Related Answered Questions

 

Related Open Questions