VietMX Staff asked 3 years ago
Security testing is to be carried out to make sure that whether the system prevents the unauthorized user to access the resource and data. Security Testing needs to cover the seven attributes of Security Testing:
- Authentication – Authentication is a process of identifying the person before accessing the system. It allows user to access the system information only if authentication check got passed.
- Authorization – Once the Authentication passed the Authorization comes in the picture to limit the user as per the permission set for the user.
- Confidentiality – Confidentiality is to be carried out to check if unauthorized user and less privileged users are not able to access the information. It is to check that the protection of information and resources from the users other than the authorized and authenticated.
- Availability – The availability of system is to check the system is available for authorized users whenever they want to use except for the maintenance window & upgrade for security patches.
- Integrity – Integrity is to make sure that the information received is not altered during the transit & check if correct information presented to user is as per the user groups, privileges & restrictions.
- Non-repudiation – Nonrepudiation is the assurance that someone cannot deny something. For security testing it is tracking who is accessing the systems and which of the requests were denied along with additional details like the Timestamp and the IP address from where the requests came from.
- Resilience – Resilience is to check the system is resistance to bear the attacks, this can be implemented using encryption, use OTP (One Time Password), two layer authentication or RSA key token.
