SlideShare une entreprise Scribd logo

Security testing fundamentals

Télécharger en tant que PPTX, PDF
Cygnet Infotech
Cygnet Infotech

Security Testing is deemed successful when the below attributes of an application are intact - Authentication - Authorization - Availability - Confidentiality - Integrity - Non-Repudiation Testing must start early to minimize defects and cost of quality. Security testing must start right from the Requirements Gathering phase to make sure that the quality of end-product is high. This is to ensure that any intentional/unintentional unforeseen action does not halt or delay the system.

Technologie
1  sur  14
Security Testing Fundamentals Presented by Cygnet Infotech Pvt. Ltd.
Overview • Security Testing is deemed successful when the below attributes of an application are intact • Authentication • Authorization • Availability • Confidentiality • Integrity • Non-Repudiation www.cygnet-infotech.com
Authentication • To confirm that something or someone is authentic – true to the claims. • The digital identity of a user is validated and verified. www.cygnet-infotech.com
Authorization • To ensure that a person/program is authorized to see the contents or make changes in an application. • User/Access rights are used. www.cygnet-infotech.com
Availability • To ensure that an application is up and running; its services and information available as and when needed. • Number of failures are reduced and backups are kept ready. www.cygnet-infotech.com
Confidentiality • To make sure that the information and services are available only when requested by and for intended users. • Penetration testing is done and defects are fixed. www.cygnet-infotech.com
Integrity • To ensure that the service provides the user with correct information. • It is also essential to make sure that no obsolete or outdated information is presented. www.cygnet-infotech.com
Non-repudiation • To ensure that the message was sent and received by authentic users only. • The sender/receiver must not be able to deny their involvement. www.cygnet-infotech.com
When to start Security Testing? • In general, testing must start early to minimize defects and cost of quality. • Security testing must start right from the Requirements Gathering phase to make sure that the quality of end-product is high. • This is to ensure that any intentional/unintentional unforeseen action does not halt or delay the system. www.cygnet-infotech.com
SDLC and Security Testing • Requirements Gathering • Design • Development/Unit Testing • Integration Testing • System Testing • Deployment • Support/Maintenance • Security Requirements Study • Develop Security Test Plan • White box Security Testing • Black box Security Testing • Vulnerability Scanning • Penetration Testing • Post-production analysis www.cygnet-infotech.com
Security Testing Types www.cygnet-infotech.com Vulnerability Scanning •Scanning a system to find vulnerable signatures and loopholes. Penetration Testing •An attack from a hacker is simulated on the system. Ethical Hacking •The system is attacked from within to expose all the security flaws in the system. Risk Assessment •Observing the security risks in the system, classifying them as high, medium and low. Security Scanning •Network/system weakness are studies, analyzed and fixed. Security Review •To check that security standards have been implemented appropriately through gap analysis and code/design reviews.
About Cygnet Infotech • We are a global IT services & solutions provider. • We provide custom software development services across technologies and domains to our clients in over 23 countries. • We are ISO 9001, ISO 27001 and CMMi Level III Certified www.cygnet-infotech.com
Enterprise QA & Software Testing • We provide following testing services • Functional Testing • Performance Testing • Load Testing • Automated Testing • Security Testing • Mobile Testing www.cygnet-infotech.com
Contact Us • Email: info@cygnet-infotech.com • Twitter: @cygnetinfotech • Skype: cygnet-infotech-pvt-ltd

Recommandé

Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentationConfiz
 
Security testing
Security testingSecurity testing
Security testingTabăra de Testare
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
Security Testing
Security TestingSecurity Testing
Security TestingKiran Kumar
 
Security testing
Security testingSecurity testing
Security testingKhizra Sammad
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Security testing
Security testingSecurity testing
Security testingRihab Chebbah
 
Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security TestingvodQA
 

Recommandé

Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentationConfiz
 
Security testing
Security testingSecurity testing
Security testingTabăra de Testare
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
Security Testing
Security TestingSecurity Testing
Security TestingKiran Kumar
 
Security testing
Security testingSecurity testing
Security testingKhizra Sammad
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Security testing
Security testingSecurity testing
Security testingRihab Chebbah
 
Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security TestingvodQA
 
Security Testing for Web Application
Security Testing for Web ApplicationSecurity Testing for Web Application
Security Testing for Web ApplicationPrecise Testing Solution
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Security Testing
Security TestingSecurity Testing
Security TestingQualitest
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suitejasonhaddix
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Secure Coding and Threat Modeling
Secure Coding and Threat ModelingSecure Coding and Threat Modeling
Secure Coding and Threat ModelingMiriam Celi, CISSP, GISP, MSCS, MBA
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityPrecisely
 
It security cognic_systems
It security cognic_systemsIt security cognic_systems
It security cognic_systemsCognic Systems Pvt Ltd
 

Contenu connexe

Tendances

Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Security Testing
Security TestingSecurity Testing
Security TestingQualitest
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suitejasonhaddix
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 

Tendances (20)

Security Testing for Web Application
Security Testing for Web ApplicationSecurity Testing for Web Application
Security Testing for Web Application
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suite
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Secure Coding and Threat Modeling
Secure Coding and Threat ModelingSecure Coding and Threat Modeling
Secure Coding and Threat Modeling
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & Testing
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 

Similaire à Security testing fundamentals

Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityPrecisely
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNicholas Davis
 
Network security, change control, outsourcing
Network security, change control, outsourcingNetwork security, change control, outsourcing
Network security, change control, outsourcingNicholas Davis
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayChris Gates
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart WaySecurity Innovation
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Knoldus Inc.
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile WorldDavid Lindner
 
Chapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxChapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxToxicHawk
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAlgoSec
 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptxdotco
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptxdotco
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Michael Hidalgo
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerSameer Paradia
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopPriyanka Aash
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
 

Similaire à Security testing fundamentals (20)

Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
 
It security cognic_systems
It security cognic_systemsIt security cognic_systems
It security cognic_systems
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, Outsourcing
 
Network security, change control, outsourcing
Network security, change control, outsourcingNetwork security, change control, outsourcing
Network security, change control, outsourcing
 
Security Design Concepts
Security Design ConceptsSecurity Design Concepts
Security Design Concepts
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart Way
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
Chapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxChapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptx
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptx
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptx
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developer
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shop
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 

Plus de Cygnet Infotech

Roadmap for Digital Transformation
Roadmap for Digital TransformationRoadmap for Digital Transformation
Roadmap for Digital TransformationCygnet Infotech
 
Robotic Process Automation Capabilities - Cygnet Infotech
Robotic Process Automation Capabilities - Cygnet InfotechRobotic Process Automation Capabilities - Cygnet Infotech
Robotic Process Automation Capabilities - Cygnet InfotechCygnet Infotech
 
Enterprise QA and Application Testing Services
Enterprise QA and Application Testing ServicesEnterprise QA and Application Testing Services
Enterprise QA and Application Testing ServicesCygnet Infotech
 
Salesforce CRM - To Achieve Unparalleled ROI
Salesforce CRM - To Achieve Unparalleled ROISalesforce CRM - To Achieve Unparalleled ROI
Salesforce CRM - To Achieve Unparalleled ROICygnet Infotech
 
Full-stack Front-end Engineering Services
Full-stack Front-end Engineering ServicesFull-stack Front-end Engineering Services
Full-stack Front-end Engineering ServicesCygnet Infotech
 
Modernizing Supply Chain with Blockchain Technology
Modernizing Supply Chain with Blockchain TechnologyModernizing Supply Chain with Blockchain Technology
Modernizing Supply Chain with Blockchain TechnologyCygnet Infotech
 
IT Consulting - Aligning Technology to Business Strategy
IT Consulting - Aligning Technology to Business StrategyIT Consulting - Aligning Technology to Business Strategy
IT Consulting - Aligning Technology to Business StrategyCygnet Infotech
 
Emerging Technologies: The Power to Future Ready Business
Emerging Technologies: The Power to Future Ready BusinessEmerging Technologies: The Power to Future Ready Business
Emerging Technologies: The Power to Future Ready BusinessCygnet Infotech
 
Cloud Computing: Delivering Public, Private and Hybrid Cloud Solutions
Cloud Computing: Delivering Public, Private and Hybrid Cloud SolutionsCloud Computing: Delivering Public, Private and Hybrid Cloud Solutions
Cloud Computing: Delivering Public, Private and Hybrid Cloud SolutionsCygnet Infotech
 
Microsoft Dynamics 365 - The Engine that Thrives Transformation
Microsoft Dynamics 365 - The Engine that Thrives TransformationMicrosoft Dynamics 365 - The Engine that Thrives Transformation
Microsoft Dynamics 365 - The Engine that Thrives TransformationCygnet Infotech
 
DevOps - The Best Way to Break the Silos
DevOps - The Best Way to Break the SilosDevOps - The Best Way to Break the Silos
DevOps - The Best Way to Break the SilosCygnet Infotech
 
Robotic Process Automation (RPA) in Manufacturing Industry
Robotic Process Automation (RPA) in Manufacturing IndustryRobotic Process Automation (RPA) in Manufacturing Industry
Robotic Process Automation (RPA) in Manufacturing IndustryCygnet Infotech
 
Quality Engineering in the New Era
Quality Engineering in the New EraQuality Engineering in the New Era
Quality Engineering in the New EraCygnet Infotech
 
5 ways blockchain improves business flexibility
5 ways blockchain improves business flexibility 5 ways blockchain improves business flexibility
5 ways blockchain improves business flexibility Cygnet Infotech
 
5 Reasons to Adopt Product Engineering
5 Reasons to Adopt Product Engineering5 Reasons to Adopt Product Engineering
5 Reasons to Adopt Product EngineeringCygnet Infotech
 
Successful SAP Implementation Checklist
Successful SAP Implementation ChecklistSuccessful SAP Implementation Checklist
Successful SAP Implementation ChecklistCygnet Infotech
 
The Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive TestingThe Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive TestingCygnet Infotech
 
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)Cygnet Infotech
 
Introduction to Blockchain-as-a-Service (BaaS)
Introduction to Blockchain-as-a-Service (BaaS)Introduction to Blockchain-as-a-Service (BaaS)
Introduction to Blockchain-as-a-Service (BaaS)Cygnet Infotech
 
5 Ways MS Dynamics 365 Empowers Digital Transformation
5 Ways MS Dynamics 365 Empowers Digital Transformation5 Ways MS Dynamics 365 Empowers Digital Transformation
5 Ways MS Dynamics 365 Empowers Digital TransformationCygnet Infotech
 

Plus de Cygnet Infotech (20)

Roadmap for Digital Transformation
Roadmap for Digital TransformationRoadmap for Digital Transformation
Roadmap for Digital Transformation
 
Robotic Process Automation Capabilities - Cygnet Infotech
Robotic Process Automation Capabilities - Cygnet InfotechRobotic Process Automation Capabilities - Cygnet Infotech
Robotic Process Automation Capabilities - Cygnet Infotech
 
Enterprise QA and Application Testing Services
Enterprise QA and Application Testing ServicesEnterprise QA and Application Testing Services
Enterprise QA and Application Testing Services
 
Salesforce CRM - To Achieve Unparalleled ROI
Salesforce CRM - To Achieve Unparalleled ROISalesforce CRM - To Achieve Unparalleled ROI
Salesforce CRM - To Achieve Unparalleled ROI
 
Full-stack Front-end Engineering Services
Full-stack Front-end Engineering ServicesFull-stack Front-end Engineering Services
Full-stack Front-end Engineering Services
 
Modernizing Supply Chain with Blockchain Technology
Modernizing Supply Chain with Blockchain TechnologyModernizing Supply Chain with Blockchain Technology
Modernizing Supply Chain with Blockchain Technology
 
IT Consulting - Aligning Technology to Business Strategy
IT Consulting - Aligning Technology to Business StrategyIT Consulting - Aligning Technology to Business Strategy
IT Consulting - Aligning Technology to Business Strategy
 
Emerging Technologies: The Power to Future Ready Business
Emerging Technologies: The Power to Future Ready BusinessEmerging Technologies: The Power to Future Ready Business
Emerging Technologies: The Power to Future Ready Business
 
Cloud Computing: Delivering Public, Private and Hybrid Cloud Solutions
Cloud Computing: Delivering Public, Private and Hybrid Cloud SolutionsCloud Computing: Delivering Public, Private and Hybrid Cloud Solutions
Cloud Computing: Delivering Public, Private and Hybrid Cloud Solutions
 
Microsoft Dynamics 365 - The Engine that Thrives Transformation
Microsoft Dynamics 365 - The Engine that Thrives TransformationMicrosoft Dynamics 365 - The Engine that Thrives Transformation
Microsoft Dynamics 365 - The Engine that Thrives Transformation
 
DevOps - The Best Way to Break the Silos
DevOps - The Best Way to Break the SilosDevOps - The Best Way to Break the Silos
DevOps - The Best Way to Break the Silos
 
Robotic Process Automation (RPA) in Manufacturing Industry
Robotic Process Automation (RPA) in Manufacturing IndustryRobotic Process Automation (RPA) in Manufacturing Industry
Robotic Process Automation (RPA) in Manufacturing Industry
 
Quality Engineering in the New Era
Quality Engineering in the New EraQuality Engineering in the New Era
Quality Engineering in the New Era
 
5 ways blockchain improves business flexibility
5 ways blockchain improves business flexibility 5 ways blockchain improves business flexibility
5 ways blockchain improves business flexibility
 
5 Reasons to Adopt Product Engineering
5 Reasons to Adopt Product Engineering5 Reasons to Adopt Product Engineering
5 Reasons to Adopt Product Engineering
 
Successful SAP Implementation Checklist
Successful SAP Implementation ChecklistSuccessful SAP Implementation Checklist
Successful SAP Implementation Checklist
 
The Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive TestingThe Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive Testing
 
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
 
Introduction to Blockchain-as-a-Service (BaaS)
Introduction to Blockchain-as-a-Service (BaaS)Introduction to Blockchain-as-a-Service (BaaS)
Introduction to Blockchain-as-a-Service (BaaS)
 
5 Ways MS Dynamics 365 Empowers Digital Transformation
5 Ways MS Dynamics 365 Empowers Digital Transformation5 Ways MS Dynamics 365 Empowers Digital Transformation
5 Ways MS Dynamics 365 Empowers Digital Transformation
 

Dernier

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Dernier (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

Security testing fundamentals

  • 1. Security Testing Fundamentals Presented by Cygnet Infotech Pvt. Ltd.
  • 2. Overview • Security Testing is deemed successful when the below attributes of an application are intact • Authentication • Authorization • Availability • Confidentiality • Integrity • Non-Repudiation www.cygnet-infotech.com
  • 3. Authentication • To confirm that something or someone is authentic – true to the claims. • The digital identity of a user is validated and verified. www.cygnet-infotech.com
  • 4. Authorization • To ensure that a person/program is authorized to see the contents or make changes in an application. • User/Access rights are used. www.cygnet-infotech.com
  • 5. Availability • To ensure that an application is up and running; its services and information available as and when needed. • Number of failures are reduced and backups are kept ready. www.cygnet-infotech.com
  • 6. Confidentiality • To make sure that the information and services are available only when requested by and for intended users. • Penetration testing is done and defects are fixed. www.cygnet-infotech.com
  • 7. Integrity • To ensure that the service provides the user with correct information. • It is also essential to make sure that no obsolete or outdated information is presented. www.cygnet-infotech.com
  • 8. Non-repudiation • To ensure that the message was sent and received by authentic users only. • The sender/receiver must not be able to deny their involvement. www.cygnet-infotech.com
  • 9. When to start Security Testing? • In general, testing must start early to minimize defects and cost of quality. • Security testing must start right from the Requirements Gathering phase to make sure that the quality of end-product is high. • This is to ensure that any intentional/unintentional unforeseen action does not halt or delay the system. www.cygnet-infotech.com
  • 10. SDLC and Security Testing • Requirements Gathering • Design • Development/Unit Testing • Integration Testing • System Testing • Deployment • Support/Maintenance • Security Requirements Study • Develop Security Test Plan • White box Security Testing • Black box Security Testing • Vulnerability Scanning • Penetration Testing • Post-production analysis www.cygnet-infotech.com
  • 11. Security Testing Types www.cygnet-infotech.com Vulnerability Scanning •Scanning a system to find vulnerable signatures and loopholes. Penetration Testing •An attack from a hacker is simulated on the system. Ethical Hacking •The system is attacked from within to expose all the security flaws in the system. Risk Assessment •Observing the security risks in the system, classifying them as high, medium and low. Security Scanning •Network/system weakness are studies, analyzed and fixed. Security Review •To check that security standards have been implemented appropriately through gap analysis and code/design reviews.
  • 12. About Cygnet Infotech • We are a global IT services & solutions provider. • We provide custom software development services across technologies and domains to our clients in over 23 countries. • We are ISO 9001, ISO 27001 and CMMi Level III Certified www.cygnet-infotech.com
  • 13. Enterprise QA & Software Testing • We provide following testing services • Functional Testing • Performance Testing • Load Testing • Automated Testing • Security Testing • Mobile Testing www.cygnet-infotech.com
  • 14. Contact Us • Email: info@cygnet-infotech.com • Twitter: @cygnetinfotech • Skype: cygnet-infotech-pvt-ltd