Security Testing
The Purpose of Security Testing is to show that the program's security requirements can be subverted.
We have to access internal documents and insider information as well as need guidance from Developer (files, environment variables, configuration files, windows registry, database source) to aid in the testing of an application.
Testing
Indentify Application Input/Output, Installation and Deployment
- Purpose is to identify every vector that input comes from that could possibly be modified by a user.
- Perform basic bounds testing along with security related input validation tests.
- Application data may travel various paths and each path may be a vector for an attacker to exploit the application.
- Identify every way that the application outputs data. This data doesn't have to be text displayed on the screen.
Example for Shopping Cart Application
Functional Tests
- Customer Order File
- Customer Data Stored in a SQL Database
- Registration Form
- Login
- Buying Items
- Search Engine
|
Logical Tests
- Authentication
- Login
- Email Confirmation
- password Reset
|
|
|
