Today in the world of digitalization, as more and more people are
getting dependent on technologies to meet their day to day tasks.
Thus, in such scenarios security testing …of applications being
used, becomes very vital.
to security testing: Security testing is basically a process
that tries to penetrate into an application to fetch user/owner
sensitive data. Security testing is a part if software testing. It
validates confidential data stays confidential. It is performed
with the intention of finding out flaws in security mechanisms and
revealing the vulnerabilities/weaknesses of software applications.
Many software development companies invest thousands of dollars on
software testing companies for security testing to ensure that the
product delivered is of a high quality.
Concerns related to security are:
Authentication: origin of the application and its data is
Authorization: Only authorized users should get access to
application authorized functions.
Confidentiality: Data/information is secure from theft.
Integrity: The application and its data is not altered during
Thus, security testing makes applications reliable and reduces the
risk of theft or misuse of confidential information that may lead
to quality or business loss.
How is it done:
There are two types of people who investigate websites for security
holes/vulnerabilities. They are:
Hackers: Those who try to penetrate through application for
making personnel gains.
Crackers: Those who try to beat security measures in order to
find out security holes.
They basically attempt to make different types of
attacks on application such as SQL Injection, Cross Site
Scripting (XSS), URL Manipulation, Session Hijacking and Brute
1. Usually secure Development Best Practices are used to ensure
that an application is secure. Such as:
Passwords are in encrypted form.
Browser back-forward buttons do not break secure login to
different pages within application.
Unauthorized user is unable to access page he is not authorized
Sessions should be timed out after a specific time, if a user
is not active.
2. Use of Automated Security Scanner tools to verify
security holes. With the help of these probability
of vulnerability reduces as they use high-level security tests.
Various security testing tools are:
Netsparker, Fiddler, ZED Attack
Proxy (ZAP), Vega, wapiti, SQLMap
etc. Sample Test scenarios to give a glimpse of
security test cases are:-
Application should not allow invalid users.
Verify cookies and session time for application.
For financial sites, Browser back button should not work.