Software Security Testing
Security testing software – Integrated Assessment of vulnerability to attacks of various kinds. This type of testing is fundamentally different from the functional (load, regression, etc.). Particular attention is given to cases in which the software generates an error, and assess the effects of errors in terms of protecting information from unauthorized access, hacking and other attacks.
Basic parameters for checking software security
The basic set of parameters covered by security testing are:
- Access control
- User authentication
- Validation of input
- Reliability of information encryption
- Correct handling errors
- Buffer overflows
- Server configuration
Testing access control, developers identify defects that could allow unauthorized access to applications.This may be deliberate introduction of errors used to break into the system during recovery attempts to guess the password by external means, and more.
Security check authorization helps detect defects associated with authentication of individual users and groups.
Testing data validation ensures that the database is stored only The valid information (e-mail addresses of users, etc.).
Reliability data encryption – one of the most important parameters of any software which is used to generate, store and forward confidential information. During testing, you must make sure that the systems encrypt and decrypt data, scanning and recognition of electronic signatures are no errors that can lead to cracking.
Verifying the error-handling code snippets into account the findings as they occur. Also studied the possibility of unnecessary disclosure of information when a malfunction in the system and the effects of errors for all software performance.
Due to buffer overflow information can also get in the open access. In most programming languages ??use the technology stack frames when the program data and control data are mixed in the process stack. Buffer overflow and the program hangs attacker can load machine code on its behalf.
Server configuration is checked for faults in multithreaded environments that can lead to data corruption and incorrect use. This is especially true for programs that run through automation of business processes .
In the process of testing the safety test acts as a cracker. Using special software and hardware, it tries to take all measures to ensure that:
- Learn passwords
- Attack the system using tools for analyzing security
- Penetrate the system by entering the wrong data and using it to restore access,
- Find authorization key using unclassified information. and other ways to crack the software.