Security Testing

Security Testing

Security Testing tests the ability of the system/software to prevent unauthorized access to the resources and data.

Security Testing needs to cover the six basic security concepts: confidentiality, integrity, authentication, authorization, availability and non-repudiation.

Confidentiality

A security measure which protects against the disclosure of information to parties other than the intended recipient that is by no means the only way of ensuring the security.

Integrity

A measure intended to allow the receiver to determine that the information which it is providing is correct.

Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but they usually involve adding additional information to a communication to form the basis of an algorithmic check rather than the encoding all of the communication.

Authentication

The process of establishing the identity of the user.

Authentication can take many forms including but not limited to: passwords, biometrics, radio frequency identification, etc.

Authorization

The process of determining that a requester is allowed to receive a service or perform an operation.

Access control is an example of authorization.

Availability

Assuring information and communications services will be ready for use when expected.

Information must be kept available to authorized persons when they need it.

Non-repudiation

A measure intended to prevent the later denial that an action happened, or a communication that took place etc.

In communication terms this often involves the interchange of authentication information combined with some form of provable time stamp.