SECURITY TESTING is a type of software testing that intends to uncover vulnerabilities of the system and determine that its data and resources are protected from possible intruders.
There are four main focus areas to be considered in security testing (Especially for web sites/applications):
- Network security: This involves looking for vulnerabilities in the network infrastructure (resources and policies).
- System software security: This involves assessing weaknesses in the various software (operating system, database system, and other software) the application depends on.
- Client-side application security: This deals with ensuring that the client (browser or any such tool) cannot be manipulated.
- Server-side application security: This involves making sure that the server code and its technologies are robust enough to fend off any intrusion.
Here are some examples for testing software running on Windows, MacOS and Linux for security issues.
Topics to be investigated:
– Can the client-server communication be altered?
– Can the product be stopped by a non administrative user?
– Can notifications be hidden?
– Can notifications be stopped?
– Status of self protection
For Web Applications, please visit Pentesting.