Security Testing 2019-08-23T12:48:59+10:00




Security Testing

Security Testing encompasses all measures taken throughout the code’s life-cycle, to prevent gaps in the security policy of your software or any underlying system vulnerabilities.

These may have come about through flaws in the design, development, deployment, upgrade, or maintenance of the application. They are incredibly easy to overlook through internal or inexperienced eyes. Thus, independent and external Security Testing is vitally important before the release of any software.

Email us for a quote!

Some common security threats are:

Category Threats/Attacks
Input Validation Buffer overflow; cross-site scripting; SQL injection; canonicalization
Software Tampering Attacker modifies an existing application’s runtime behaviour to perform unauthorized actions; exploited via binary patching, code substitution, or code extension
Authentication Network eavesdropping ; Brute force attack; dictionary attacks; cookie replay; credential theft
Authorization Elevation of privilege; disclosure of confidential data; data tampering; luring attacks
Configuration Management Unauthorized access to administration interfaces; unauthorized access to configuration stores; retrieval of clear text configuration data; lack of individual accountability; over-privileged process and service accounts
Sensitive Information Access sensitive code or data in storage; network eavesdropping; code/data tampering
Session Management Session hijacking; session replay; man in the middle
Cryptography Poor key generation or key management; weak or custom encryption
Parameter Manipulation Query string manipulation; form field manipulation; cookie manipulation; HTTP header manipulation
Exception Management Information disclosure; denial of service
Auditing and Logging User denies performing an operation; attacker exploits an application without trace; attacker covers his or her tracks

Security testing checks for any vulnerabilities or security holes in your software. If left un-tested, these vulnerabilities leave your software and customers wide open to exploitation.

Automated tools associated with security detection are: vulnerability scanners, penetration testing tools and code analysis tools.