Posts Tagged ‘Security Testing’
Security Testing
There are several different types of security testing. Some testing techniques are predominantly manual, requiring an individual to initiate and conduct the test. Other tests are highly automated and require less human involvement. Regardless of the type of testing, staff that setup and conduct security testing should have significant security and networking knowledge, including significant expertise in the following areas: network security, firewalls, intrusion detection systems, operating systems, programming and networking protocols (such as TCP/IP).
The various types of security testing are as follows.
- Network Scanning
- Vulnerability Scanning
- Password Cracking
- Log Review
- Integrity Checkers
- Virus Detection
- Wireless LAN testing
- Penetration Testing
Why Web Security Testing????
I hope this short tips give a rough coverage of areas in security while testing website. The Web Security Testing is also known as Penetration Testing. The objective for testing the security of a website is to identify the potential vulnerabilities / security holes and to rectify them.
E.g., If your site allows some files to be uploaded, your web server should have proper automated Anti Virus checking in place to detect and disable any attempt of virus uploading by the client side. Some of the main aspects of web security testing are:
1. Network Scanning.
2. Vulnerability Scanning.
3. Password Cracking.
4. Log Review.
5. Integrity Checkers.
6. Virus Detection.
The testers and security professionals must be able to find holes in both standard and properties application. They can evaluate the severity of the security holes and propose prioritized solutions, protecting existing applications and implementing new software quickly. A typical process involves evaluating all applications on web-connected devices and examining each line of application logic for existing and potential security vulnerabilities. Unfortunately, most security products cannot adequately examine the applications residing on your web servers, yet these applications often provide back-end access to confidential data. This means you need to be proactive in protecting your critical web applications.
