Security Testing

Abstract

What is Security Testing? Security testing is a testing technique to determine if an information system protects data and maintains functionality as intended. It also aims at verifying 6 basic principles as listed below: Confidentiality Integrity Authentication Authorization Availability Non-repudiation Security Testing Techniques: Injection Broken Authentication and Session Management Cross-Site Scripting XSS Insecure Direct Object References Security Misconfiguration Sensitive Data Exposure Missing Function Level Access Control Cross-Site Request Forgery CSRF Using Components with Known Vulnerabilities Unvalidated Redirects and Forwards Open Source/Free Security Testing Tools: