[akankshalal]

Plz tell me about security testing...n wht r career prospects?

[tejus]

In security testing we have to consider 3 things
1. authorization (EX:user name:akankshalal, not akankshalal1)
2. encryption (EX: password:mercury, encrypt password:*******)
3. access control (flow)
hope i reach your point of view. ok bye
if i am wrong please inform.

[jitenderkkr]

Hi, security testing is not limited to checking just three but yes these three points are inspected well in security testing. Basic purpose of security testing is to find out vulnerabilities in your application and get them fixed. Now vulnerability could be of authentication or of authorization type or any of the various other types. There are many areas to look for while doing the security testing. First checking the application against various kinds of attacks( Like XSS, SQL injections, Bufferoverflow, Session Hijacking etc.) Once you find a flaw it must be fixed as soon as possible.
Security testing is really a very big area to wrok under. As for a normal security test using automation tools one can check for more than 100K risks in single test run. Still if there is any query, I am here to reply

[dreamzunlimited47]

Quote:

Originally Posted by jitenderkkr

Hi, security testing is not limited to checking just three but yes these three points are inspected well in security testing. Basic purpose of security testing is to find out vulnerabilities in your application and get them fixed. Now vulnerability could be of authentication or of authorization type or any of the various other types. There are many areas to look for while doing the security testing. First checking the application against various kinds of attacks( Like XSS, SQL injections, Bufferoverflow, Session Hijacking etc.) Once you find a flaw it must be fixed as soon as possible.
Security testing is really a very big area to wrok under. As for a normal security test using automation tools one can check for more than 100K risks in single test run. Still if there is any query, I am here to reply

Security Testing mainly is nothing but the check security and vulnerability in the application under test.
When I say Security then you have to adhere certain standard in your application and the Tester needs to see whether those standards are meet or not.
For example lets take password:
1: It should not be visible in plain text
2: It should be encrypted
3: There should be minimum and maximum length
4: If the processing time to authenticate is based on the length of the password then the code should be written in such a way that it should take almost same time for all processing.
5: Password should not flow in plain text in the networks.

Buffer Overflow should be handled properly
Unused codes should be deleted
The codes should not expose any vulnerability to the outer world. Like if the code is opening some socket then it should be properly closed.

For these kind of testing one requires a coding experience and should have a good idea on security concepts.

When it comes to Vulnerability then the testers needs to check how strong is the application to defend it self from external attacks.
It could be cross site scripting, sql injection , Cookies manipulatin , Denial Of Service Attack , Torzen Horse Attack, Dictionary Attack and server hundred types of other attacks. Hope this information helps you in some respect

[sharma.raja82@yahoo.com]

HI,
Dreamzunlimited,

Can you tell me sometiong about "Ciphers"...

Like.. How we can test "weak ciphers" and "Strong ciphers".