Security Testing

What is Security Testing?

Security testing is a testing technique to determine if an information system protects data and maintains functionality as intended. It also aims at verifying 6 basic principles as listed below:

  • Confidentiality
  • Integrity
  • Authentication
  • Authorization
  • Availability
  • Non-repudiation

Security Testing – Techniques:

  • Injection
  • Broken Authentication and Session Management
  • Cross-Site Scripting (XSS)
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross-Site Request Forgery (CSRF)
  • Using Components with Known Vulnerabilities
  • Unvalidated Redirects and Forwards

Open Source/Free Security Testing Tools:

ProductVendorURL
FxCopMicrosofthttps://www.owasp.org/index.php/FxCop
FindBugsThe University of Marylandhttp://findbugs.sourceforge.net/
FlawFinderGPLhttp://www.dwheeler.com/flawfinder/
Ramp AscendGPLhttp://www.deque.com

Commercial Security Testing Tools:

ProductVendorURL
Armorize CodeSecureArmorize Technologieshttp://www.armorize.com/index.php?link_id=codesecure
GrammaTechGrammaTechhttp://www.grammatech.com/
AppscanIBMhttp://www-03.ibm.com/software/products/en/appscan-source
VeracodeVERACODEhttp://www.veracode.com

https://www.tutorialspoint.com/