Security Testing

Great job on starting a new lesson! After reading this lesson, click Next 👉 button at bottom right to continue to the next lesson.

Security testing

Security testing is a test type of software testing that tests the security of a software. Security testing helps to find vulnerabilities and threats that could allow unauthorized access, data manipulation, loss of functionality or other security issues. Security testing finds if the software and its data and resources are protected from possible intruders.

Security testing examples

• You test the security of your mobile app by simulating different network conditions, such as public Wi-Fi, VPN, proxy, etc. You measure the authentication level, and authorization level, and encryption level of the app under different network conditions.
  
• You test the security of your database system by simulating users with different privilege levels running different queries, such as select, insert, update, delete, etc. You measure the access control level, data integrity level, and audit trail level of the system under different privilege levels for different types of queries.
• You test the security of your online banking website by setting up an isolated test environment and simulating different types of attacks, such as SQL injection, cross-site scripting, phishing, etc. in it. You find the vulnerability level, and risk level of each attack.
  
• You test the security of your game application by simulating different user actions, such as login, purchase, chat, logout, etc. You measure the confidentiality level, integrity level, and availability level of the game during different user actions.

Tips for security testing

• Identify the security requirements and technical specifications of your software.
• Design the security test cases that cover the most frequently used and critical scenarios for your software system or application.
• Use safe security testing tools and techniques to define, and automate your security test cases.
• Set up an isolated test environment to execute your security test cases.
  
• Analyze and report the security test results with any security vulnerabilities or issues discovered by you.

FAQ (interview questions and answers)

1. What is the difference between security testing and penetration testing?
   Security testing is a broad term that covers all types of testing that evaluate the security of a software system. Penetration testing (or pen testing) is a specific type of security testing that simulates an attack from a malicious hacker to find vulnerabilities and exploit them.
2. What are some tools for security testing?
   Nmap, Metasploit, Burp Suite, OWASP ZAP, etc.
3. Is security testing a type of non-functional testing?
   Yes, security testing is a type of non-functional testing that tests how secure a system or application is under different workloads and conditions. In fact, security testing is distinct testing domain that focuses specifically on evaluating the security aspects of a software system.
4. How do you perform vulnerability scanning?
   You perform vulnerability scanning by using automated software to scan the software system against known vulnerability signatures or databases.

Remember to just comment if you have any doubts or queries.