Main Principles of Application Security Testing

Nowadays, security is a major topic in the IT industry. News like Apple’s iOS encryption dispute with the FBI or attack on NASA’s website were among the biggest headlines. Major data breaches, bank heists, account hijacking, hacktivism and DDoS attacks – the crime list is huge. No wonder that the panic is only growing as cyber-criminals are becoming more and more tech-savvy and organized. So it’s fair to say that the problem of software security testing is actual as never before.

This is why we invited SumatoSoft QA engineer Dmitri Reginevich to share his thoughts and knowledge on security testing. This article represents a summary of Dmitri’s report from “Technical Breakfast” – a regular office-based event which helps our employees, both from development and marketing departments, obtain more expertise in various IT- oriented topics.

As a term, security testing is a policy used to test the security level of a system, as well as the analysis of the risks associated with providing a holistic approach to application security, hacker attacks, viruses, and unauthorized access to sensitive data.

The software’s security is marked by:

  • the ability to counteract to the unauthorized interference with the software;
  • the ability to prevent the attempts of stealing and using the data;
  • the ability to counteract to attempts to destroy the software and the data it uses;

The subjects to protection are:

  • data;
  • reliability and performance;
  • functions of the software product;

Countries in Which Users Are Most at Risk of Infection Through the Internet

Hacker Classes

The lack of security in application development:

  • security is not always on the list of functional requirements;
  • sometimes it is overlooked while developing;
  • safety tests are complex because a quality safety test is comparable to the development itself;

The Major Vulnerabilities Are:

 

 

The Pros and Cons of “Pentest”

While proceeding to instrumental testing:

  • it finds errors in configuring standard applications and environments (incorrect configuration);
  • performs a security audit on already known existing errors (not updated software);
  • not suitable for non-standard software;

While proceeding to manual testing:

  • the ability to analyze non-standard software;
  • time-consuming in time;
  • produced without source code analysis;
  • can not provide a deep and complete analysis of the application for vulnerabilities;
  • finds only a small number of existing vulnerabilities;

While three characteristics above represent the core security principles, the six basic concepts in security testing are:

  • confidentiality;
  • integrity;
  • authentication;
  • availability;
  • authorization;
  • non-repudiation;

Being security testing adepts, we follow these principles in full measure. If you have any questions about your application security, feel free to get in touch with our team. We’ll be glad to help you!

Facebooktwittergoogle_pluslinkedin

Leave a Reply

Your email address will not be published. Required fields are marked *