Security testing can be performed in many ways. It can performed specified areas
1. Black-Box Level
2. White-Box Level and finally at
3. Database Level.
For each of these there includes different types of methods and based on these we can follow them. But all these methods can be used manually to test your application in above specified areas. We also require certain tools for few of the methods
Here are the list of security testing methods and techniques used in 3 areas
Functionality Testing
a. Session Hijacking
b. Session Prediction
c. E-mail Spoofing
d. Content Spoofing
e. Phishing
f. Password Cracking
g. Active Program Scripting Exploits
White-Box Testing
a. Malicious Code Injection
b. Penetration testing
c. Input Validation
d. Variable Manipulation
Database Testing (Stored procedures can be testing by SQL Injection and variable manipulation techniques you can fine more info on net)
a. SQL injection
b. Blind SQL Injection (Part of SQL Injection)
c. Input Validation
At last at website/web application level
a. Cross-site scripting
b. SSI Injection
c. IP Spoofing
Hope this gives idea on what is security testing and in which all areas we carry out testing with what all methods and techniques
0
comments
Post a Comment