Security testing is a type of testing which ensures that the system protects the data and information of the users of the application and does not let any vicious user enter into the application. Basically, during security testing, we are checking whether there is any information leakage and to find out all the vulnerabilities and weaknesses of the system.
Purpose of Security Testing
- Security testing helps in improve the current system
- Helps in ensuring that the system will work for longer time
- The main purpose of the security testing is to identify the vulnerability and subsequently repairing them
- Security testing helps in finding out loopholes that can prevent loss of important information.
Concept of Security Testing
- Confidentiality – Ensuring that the important information is shared only with approved users of the website only after a proper security check.
- Integrity – The main purpose is to check whether the information is received by receiver is correct and consistent.
- Authentication – Checking the identity of the user in the establish process.
- Authorization – It checks that only designated user is allowed to access specific information, system or service.
Cogniter Security Testing Check List
- Authentication process should be in place in the application
- Number of consecutive unsuccessful login attempt should be limited
- Authorization should be working properly in the application
- Minimum password length should be applied
- Passwords should be saved in database in encrypted form
- Passwords should be saved in encrypted form in cookies
- Session timeout duration should be set
- Validation of minimum and maximum length should be applied in the input fields
- SQL injection and XSS
- Credit card number should be saved in encrypted form in database
- CVV should not be saved in the database
- SSL should be there in the application
- Direct URL access to restricted screens should not be allowed
Jan. 2011 - Jan. 2011
Talk to Us
Write to us at email@example.com and let's talk about your product.