Entries Tagged 'Security testing' ↓
February 12th, 2009 — Security testing, Testing Tips and resources, software testing links
Just a quick note to share a useful resource with you. Just came across a good article “25 common programming errors” for software programmers and software testers. Basically this is more useful for programmers but I think software testers can get insight on how developers can unknowingly leave bugs in software programs.
Each bug listed in this resource can lead to serious software vulnerabilities if not fixed. The top 25 security bugs list will help programmers to avoid some common but serious coding mistakes. For software testers list will be useful as a security testing checklist for Internet as well as for testing desktop application.
Continue reading →
January 17th, 2009 — Security testing, Web Testing
Security testing of web applications against SQL Injection, explained with simple examples – By Inder P Singh.
Many applications use some type of a database. An application under test might have a user interface that accepts user input that is used to perform the following tasks:
1. Show the relevant stored data to the user e.g. the application checks the credentials of the user using the log in information entered by the user and exposes only the relevant functionality and data to the user
Continue reading →
November 17th, 2008 — Security testing, Web Testing
This is guest article by “Inder P Singh”
Introduction
As more and more vital data is stored in web applications and the number of transactions on the web increases, proper security testing of web applications is becoming very important. Security testing is the process that determines that confidential data stays confidential (i.e. it is not exposed to individuals/ entities for which it is not meant) and users can perform only those tasks that they are authorized to perform (e.g. a user should not be able to deny the functionality of the web site to other users, a user should not be able to change the functionality of the web application in an unintended way etc.).
Some key terms used in security testing
Before we go further, it will be useful to be aware of a few terms that are frequently used in web application security testing:
What is “Vulnerability”?
This is a weakness in the web application. The cause of such a “weakness” can be bugs in the application, an injection (SQL/ script code) or the presence of viruses.
Continue reading →
