security testing

16
Baskar P

Upload: baskar-p

Post on 11-Nov-2014

5.356 views

Category:

Technology


1 download

DESCRIPTION

 

TRANSCRIPT

Page 1: Security testing

Baskar P

Page 2: Security testing

Agenda

What is Security Testing

Purpose of Security Testing

Basic Security Testing Concepts

Security Testing Techniques

Security Testing Tools

Page 3: Security testing

What is Security Testing

Security testing is a process to determine that an information system protects data and maintains functionality.

To check whether there is any information leakage.

To test the application whether it has unauthorized access and having the encoded security code.

To finding out all the potential loopholes and weaknesses of the system.

Page 4: Security testing

Purpose of Security Testing

Primary purpose of security testing is to identify the vulnerabilities and subsequently repairing them.

Security Testing helps in improving the current system and also helps in ensuring that the system will work for longer time.

Security test helps in finding out loopholes that can cause loss of important information.

Page 5: Security testing
Page 6: Security testing

Six basic security concepts

Confidentiality

Integrity

Authentication

Authorization

Availability

Non-repudiation

Page 7: Security testing

Basic security concepts

Confidentiality

Ensuring information is accessible only for those with authorized access and to prevent information theft.

Integrity

A measure intended to allow the receiver to determine that the information which it is providing is correct.

Authentication

The process of establishing the identity of the user.

Page 8: Security testing

Basic security concepts (Cont..)

AuthorizationThe process of determining that a requester is

allowed to receive a service or perform an operation.

AvailabilityAssuring information and communications services

will be ready for use when expected.

Non-repudiationA measure intended to prevent the later denial that

an action happened, or a communication that took place etc.

Page 9: Security testing

Security Testing TechniquesMain security testing techniques are:

Vulnerability Scanning

Security Scanning

Penetration Testing

Ethical Hacking

Risk Assessment

Security Auditing

Posture Assessment & Security Testing

Password cracking

Page 10: Security testing

Vulnerability Scanning

It involves scanning of the application for all known vulnerabilities.

A computer program designed to assess computers, computer systems, networks or applications for weaknesses.

Generally done through various vulnerability scanning software. Ex : Nessus, Sara, and ISS.

Security Scanning

Scanning and verification of the system and applications. Find out the weaknesses in the OS, applications and

networks.

Page 11: Security testing

Penetration Testing

Tester may try to enter into the application / system with the help of some other application or with the help of combinations of loopholes that the application has kept open unknowingly.

It is the most effective way to practically find out potential loopholes in the application.

Ethical Hacking

Ethical Hacking involves number of penetration tests over the wide network on the system under test. It is conducted by ethical hackers to find possible problems in the system.

Page 12: Security testing

Risk Assessment

Is a method of analyzing and deciding the risk that depends upon the type of loss and the possibility / probability of loss occurrence.

Risk assessment is carried out in the form of various interviews, discussions and analysis of the same.

Security Auditing

Security Auditing involves hands on internal inspection of Operating Systems and Applications, often via line-by-line inspection of the code.

A security audit is a systematic evaluation of the security of a company's information system.

Page 13: Security testing

Posture Assessment and Security Testing

It combines Security Scanning, Ethical Hacking and Risk Assessments to show an overall Security Posture of the organization.

Password Cracking

Password cracking programs can be used to identify weak passwords.

Password cracking verifies that users are employing sufficiently strong passwords.

Page 14: Security testing

How to write Security test cases

It is important to segregate based on Roles.

We need to delve into the negative scenario for a particular

event initially before taking up the positive scenarios.

Page 15: Security testing

Security Testing Tools

Nessus

Nikto

Gendarme

Flawfinder

Page 16: Security testing