SlideShare a Scribd company logo

Software security testing

Download as PPTX, PDF
N
nehabsairam

The document discusses software security testing. It defines software security testing as testing that aims to uncover vulnerabilities in a system and ensure data and resources are protected from intruders. The document then describes common security measures, approaches to security testing including functional and risk-based methods, and how security processes can be integrated into the software development lifecycle. It outlines how security testing is relevant at various stages including requirements, design, coding, integration, and system testing.

1 of 18
Downloaded 25 times
Software Security Testing Presented By: Name:Neha Bansal Mtech(ISSE)
Table of Contents  Software security measures  What is software security?  Why security testing?  Approaches to software security testing  Security models  Integration of security model in SDLC  Conclusion
Software Security measures Security testing takes the following six measures to provide a secured environment:  Confidentiality - It protects against disclosure of information to unintended recipients.  Integrity - It allows transferring accurate and correct desired information from senders to intended receivers.  Authentication - It verifies and confirms the identity of the user.  Authorization - It specifies access rights to the users and resources.  Availability - It ensures readiness of the information on requirement.  Non-repudiation - It ensures there is no denial from the sender or the receiver for having sent or received the message.
What is software security Testing?  Security Testing is a type of software testing that intends to uncover vulnerabilities of the system and determine that its data and resources are protected from possible intruders.  It states that a system meets its security requirements and to identify and minimize the number of vulnerabilities before the software goes into production.  It ensures the software being tested is robust and continues to function in presence of a malicious attack.
Why Security Testing  For Finding Loopholes  For Zeroing IN on Vulnerabilities  For identifying Design Insecurities  For identifying Implementation Insecurities  For identifying Dependency Insecurities and Failures  For Information Security  For Process Security  For Internet Technology Security  For Communication Security  For Improving the System  For confirming Security Policies
Approach to Software Security Testing  Study of Security Architecture  Analysis of Security Requirements  Classifying Security Testing  Developing Objectives  Threat Modeling  Test Planning  Execution  Reports
Security Methods Two common methods foe testing are:  Functional security testing  Risk-based security testing
Functional security testing  It ensures that software behaves as specified and the requirements defined are satisfied at an acceptable level.  It states that when a specific thing happens, then the software should respond in a certain way. It starts when software is ready to test.  It address with positive requirements.  Some functional testing techniques are:  Ad-hoc testing and exploratory testing  Specification-based and model based testing.  State based testing  Robustness and fault based testing  Code based testing  Control flow testing
Risk based testing  Risk based testing address with negative requirements which states that what a software system should not do.  It can encompass high level as well as low level risk in a software.  Test for negative requirements  Use past experience  Use of attack patterns
Integration of security processes with the SDLC  If we postpone security testing after software implementation phase or after deployment. So, it is necessary to involve security testing in SDLC life cycle in the earlier phases.
SDLC Phases Security Processes Requirements Security analysis for requirements and check abuse/misuse cases Design Security risks analysis for designing. Development of test plan including security tests Coding and Unit Testing Static and Dynamic Testing and Security white box testing Integration Testing Black Box Testing System Testing Black Box Testing and Vulnerability scanning Implementation Penetration Testing, Vulnerability Scanning Support Impact analysis of Patches
Software security in different phases  During the requirement phase test planning focus on how each requirement can and will be tested.  Security risk analysis starts from this phase.  Risk find in this phase can be reduced by a feature called mitigation of those risks.  After this secure design and code phase is conducted which includes security risk analysis for design and coding.  The role of security testing in test phase is given as:
Unit testing  In this individual classes, methods, functions are tested.  White box testing is used to validate design decisions and assumptions and finding errors.  It requires how to think like an attacker and how to use different testing tools for that.
Integrated testing  It focuses on a collection of subsystems,which may contain many executable components.  Many errors can occur when the components interact with each other.  Integration error are the most common sources of unchecked input values.  It is important to determine the which data flows and control flows can and can not influenced by a potential attacker.
System Testing It includes  stress testing:Software performs differently when it is under stress.It is common target of an attacker so it is important to consider early.  Black-box testing:It focues on the visible behavior of software like API’s.It include the network security,database security amd web application security.  Penetration Testing:It allows project managers to assess how an attacker is likely to try subvert the system. It refers to testing the computer security by compromise its security.
Conclusion  Analysis the definition of Software security testing.  Approaches of security testing.  Why and how to implement security testing in each phase of SDLC.  Hence software security testing is important part of software development.
Thank You
Any Question?
Ad

Recommended

Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
CSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatCSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoat
Surachai Chatchalermpun
 
CSSLP Course
CSSLP CourseCSSLP Course
CSSLP Course
Masoud Ostad
 
Security testing
Security testingSecurity testing
Security testing
Tabăra de Testare
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
OWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISOWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITIS
Null Bhubaneswar
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentation
Confiz
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
n|u - The Open Security Community
 
Simplified Security Code Review Process
Simplified Security Code Review ProcessSimplified Security Code Review Process
Simplified Security Code Review Process
Sherif Koussa
 
Test básico de seguridad informática
Test básico de seguridad informáticaTest básico de seguridad informática
Test básico de seguridad informática
sylvia1999
 
Software testing
Software testing Software testing
Software testing
Kunal Prajapati
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
DrBasemMohamedElomda
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
Shreedevi Tharanidharan
 
Black box software testing
Black box software testingBlack box software testing
Black box software testing
Rana Muhammad Asif
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applications
Adeel Javaid
 
Command center processing and display system replacement (ccpds-r) - Case Study
Command center processing and display system replacement (ccpds-r) - Case StudyCommand center processing and display system replacement (ccpds-r) - Case Study
Command center processing and display system replacement (ccpds-r) - Case Study
Kuppusamy P
 
Security testing fundamentals
Security testing fundamentalsSecurity testing fundamentals
Security testing fundamentals
Cygnet Infotech
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilities
Mayur Mehta
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Scott Hurrey
 
Web application security
Web application securityWeb application security
Web application security
Kapil Sharma
 
Security testing
Security testingSecurity testing
Security testing
baskar p
 
Software Development Security_ Protect Your Software From Cyber Attacks.pdf
Software Development Security_ Protect Your Software From Cyber Attacks.pdfSoftware Development Security_ Protect Your Software From Cyber Attacks.pdf
Software Development Security_ Protect Your Software From Cyber Attacks.pdf
RahimMakhani2
 
Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011
Atlantic Security Conference
 
Ad

More Related Content

What's hot (20)

Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentation
Confiz
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
n|u - The Open Security Community
 
Simplified Security Code Review Process
Simplified Security Code Review ProcessSimplified Security Code Review Process
Simplified Security Code Review Process
Sherif Koussa
 
Test básico de seguridad informática
Test básico de seguridad informáticaTest básico de seguridad informática
Test básico de seguridad informática
sylvia1999
 
Software testing
Software testing Software testing
Software testing
Kunal Prajapati
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
DrBasemMohamedElomda
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
Shreedevi Tharanidharan
 
Black box software testing
Black box software testingBlack box software testing
Black box software testing
Rana Muhammad Asif
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applications
Adeel Javaid
 
Command center processing and display system replacement (ccpds-r) - Case Study
Command center processing and display system replacement (ccpds-r) - Case StudyCommand center processing and display system replacement (ccpds-r) - Case Study
Command center processing and display system replacement (ccpds-r) - Case Study
Kuppusamy P
 
Security testing fundamentals
Security testing fundamentalsSecurity testing fundamentals
Security testing fundamentals
Cygnet Infotech
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilities
Mayur Mehta
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Scott Hurrey
 
Web application security
Web application securityWeb application security
Web application security
Kapil Sharma
 
Security testing
Security testingSecurity testing
Security testing
baskar p
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentation
Confiz
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
n|u - The Open Security Community
 
Simplified Security Code Review Process
Simplified Security Code Review ProcessSimplified Security Code Review Process
Simplified Security Code Review Process
Sherif Koussa
 
Test básico de seguridad informática
Test básico de seguridad informáticaTest básico de seguridad informática
Test básico de seguridad informática
sylvia1999
 
Software testing
Software testing Software testing
Software testing
Kunal Prajapati
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
DrBasemMohamedElomda
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
Shreedevi Tharanidharan
 
Black box software testing
Black box software testingBlack box software testing
Black box software testing
Rana Muhammad Asif
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applications
Adeel Javaid
 
Command center processing and display system replacement (ccpds-r) - Case Study
Command center processing and display system replacement (ccpds-r) - Case StudyCommand center processing and display system replacement (ccpds-r) - Case Study
Command center processing and display system replacement (ccpds-r) - Case Study
Kuppusamy P
 
Security testing fundamentals
Security testing fundamentalsSecurity testing fundamentals
Security testing fundamentals
Cygnet Infotech
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilities
Mayur Mehta
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Scott Hurrey
 
Web application security
Web application securityWeb application security
Web application security
Kapil Sharma
 
Security testing
Security testingSecurity testing
Security testing
baskar p
 

Similar to Software security testing (20)

Software Development Security_ Protect Your Software From Cyber Attacks.pdf
Software Development Security_ Protect Your Software From Cyber Attacks.pdfSoftware Development Security_ Protect Your Software From Cyber Attacks.pdf
Software Development Security_ Protect Your Software From Cyber Attacks.pdf
RahimMakhani2
 
Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011
Atlantic Security Conference
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptx
osandadeshan
 
Penetration testing -A systeamtic approch
Penetration testing -A systeamtic approchPenetration testing -A systeamtic approch
Penetration testing -A systeamtic approch
GANAPATHY RAMAN G V
 
Agile and Secure Development
Agile and Secure DevelopmentAgile and Secure Development
Agile and Secure Development
Nazar Tymoshyk, CEH, Ph.D.
 
Application Security Testing
Application Security TestingApplication Security Testing
Application Security Testing
Anju21552
 
Security Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSecurity Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar Tymoshyk
SoftServe
 
An integrated security testing framework and tool
An integrated security testing framework and toolAn integrated security testing framework and tool
An integrated security testing framework and tool
Moutasm Tamimi
 
Ownux global March 2023.pdf
Ownux global March 2023.pdfOwnux global March 2023.pdf
Ownux global March 2023.pdf
Bella Nirvana Center
 
CohenNancyPresentation.ppt
CohenNancyPresentation.pptCohenNancyPresentation.ppt
CohenNancyPresentation.ppt
mypc72
 
What is Security Testing Presentation download
What is Security Testing Presentation downloadWhat is Security Testing Presentation download
What is Security Testing Presentation download
Rosy G
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security Initiatives
Marco Morana
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.
Mykhailo Antonishyn
 
Introduction to Application Security Testing
Introduction to Application Security TestingIntroduction to Application Security Testing
Introduction to Application Security Testing
Mohamed Ridha CHEBBI, CISSP
 
The Role of System Testing in the Software Development Life Cycle (SDLC)
The Role of System Testing in the Software Development Life Cycle (SDLC)The Role of System Testing in the Software Development Life Cycle (SDLC)
The Role of System Testing in the Software Development Life Cycle (SDLC)
khushnuma khan
 
black and white Box testing.pptx
black and white Box testing.pptxblack and white Box testing.pptx
black and white Box testing.pptx
PavanNikhil3
 
Which Security Testing Technique is Best for Testing Applications.pdf
Which Security Testing Technique is Best for Testing Applications.pdfWhich Security Testing Technique is Best for Testing Applications.pdf
Which Security Testing Technique is Best for Testing Applications.pdf
Alpha BOLD
 
Secure in Software Development Life Cycle
Secure in Software Development Life CycleSecure in Software Development Life Cycle
Secure in Software Development Life Cycle
josheph max
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdf
AmeliaJonas2
 
What is the software supply chain and how can it be secured.pdf
What is the software supply chain and how can it be secured.pdfWhat is the software supply chain and how can it be secured.pdf
What is the software supply chain and how can it be secured.pdf
Jose thomas
 
Software Development Security_ Protect Your Software From Cyber Attacks.pdf
Software Development Security_ Protect Your Software From Cyber Attacks.pdfSoftware Development Security_ Protect Your Software From Cyber Attacks.pdf
Software Development Security_ Protect Your Software From Cyber Attacks.pdf
RahimMakhani2
 
Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011
Atlantic Security Conference
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptx
osandadeshan
 
Penetration testing -A systeamtic approch
Penetration testing -A systeamtic approchPenetration testing -A systeamtic approch
Penetration testing -A systeamtic approch
GANAPATHY RAMAN G V
 
Agile and Secure Development
Agile and Secure DevelopmentAgile and Secure Development
Agile and Secure Development
Nazar Tymoshyk, CEH, Ph.D.
 
Application Security Testing
Application Security TestingApplication Security Testing
Application Security Testing
Anju21552
 
Security Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSecurity Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar Tymoshyk
SoftServe
 
An integrated security testing framework and tool
An integrated security testing framework and toolAn integrated security testing framework and tool
An integrated security testing framework and tool
Moutasm Tamimi
 
Ownux global March 2023.pdf
Ownux global March 2023.pdfOwnux global March 2023.pdf
Ownux global March 2023.pdf
Bella Nirvana Center
 
CohenNancyPresentation.ppt
CohenNancyPresentation.pptCohenNancyPresentation.ppt
CohenNancyPresentation.ppt
mypc72
 
What is Security Testing Presentation download
What is Security Testing Presentation downloadWhat is Security Testing Presentation download
What is Security Testing Presentation download
Rosy G
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security Initiatives
Marco Morana
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.
Mykhailo Antonishyn
 
Introduction to Application Security Testing
Introduction to Application Security TestingIntroduction to Application Security Testing
Introduction to Application Security Testing
Mohamed Ridha CHEBBI, CISSP
 
The Role of System Testing in the Software Development Life Cycle (SDLC)
The Role of System Testing in the Software Development Life Cycle (SDLC)The Role of System Testing in the Software Development Life Cycle (SDLC)
The Role of System Testing in the Software Development Life Cycle (SDLC)
khushnuma khan
 
black and white Box testing.pptx
black and white Box testing.pptxblack and white Box testing.pptx
black and white Box testing.pptx
PavanNikhil3
 
Which Security Testing Technique is Best for Testing Applications.pdf
Which Security Testing Technique is Best for Testing Applications.pdfWhich Security Testing Technique is Best for Testing Applications.pdf
Which Security Testing Technique is Best for Testing Applications.pdf
Alpha BOLD
 
Secure in Software Development Life Cycle
Secure in Software Development Life CycleSecure in Software Development Life Cycle
Secure in Software Development Life Cycle
josheph max
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdf
AmeliaJonas2
 
What is the software supply chain and how can it be secured.pdf
What is the software supply chain and how can it be secured.pdfWhat is the software supply chain and how can it be secured.pdf
What is the software supply chain and how can it be secured.pdf
Jose thomas
 
Ad

More from nehabsairam (11)

Scope definition in Project ManagementSlides.ppt
Scope definition in Project ManagementSlides.pptScope definition in Project ManagementSlides.ppt
Scope definition in Project ManagementSlides.ppt
nehabsairam
 
Copy of MongoDB .pptx
Copy of MongoDB .pptxCopy of MongoDB .pptx
Copy of MongoDB .pptx
nehabsairam
 
Chapter 4 terminolgy of keyvalue databses from nosql for mere mortals
Chapter 4 terminolgy of keyvalue databses from nosql for mere mortalsChapter 4 terminolgy of keyvalue databses from nosql for mere mortals
Chapter 4 terminolgy of keyvalue databses from nosql for mere mortals
nehabsairam
 
Chapter 5 design of keyvalue databses from nosql for mere mortals
Chapter 5 design of keyvalue databses from nosql for mere mortalsChapter 5 design of keyvalue databses from nosql for mere mortals
Chapter 5 design of keyvalue databses from nosql for mere mortals
nehabsairam
 
Chapter 8(designing of documnt databases)no sql for mere mortals
Chapter 8(designing of documnt databases)no sql for mere mortalsChapter 8(designing of documnt databases)no sql for mere mortals
Chapter 8(designing of documnt databases)no sql for mere mortals
nehabsairam
 
Chapter 7(documnet databse termininology) no sql for mere mortals
Chapter 7(documnet databse termininology) no sql for mere mortalsChapter 7(documnet databse termininology) no sql for mere mortals
Chapter 7(documnet databse termininology) no sql for mere mortals
nehabsairam
 
Chapter 6(introduction to documnet databse) no sql for mere mortals
Chapter 6(introduction to documnet databse) no sql for mere mortalsChapter 6(introduction to documnet databse) no sql for mere mortals
Chapter 6(introduction to documnet databse) no sql for mere mortals
nehabsairam
 
Appache Cassandra
Appache Cassandra Appache Cassandra
Appache Cassandra
nehabsairam
 
introduction to NOSQL Database
introduction to NOSQL Databaseintroduction to NOSQL Database
introduction to NOSQL Database
nehabsairam
 
E governance and digital india initiative
E governance and digital india initiativeE governance and digital india initiative
E governance and digital india initiative
nehabsairam
 
localization in wsn
localization in wsnlocalization in wsn
localization in wsn
nehabsairam
 
Scope definition in Project ManagementSlides.ppt
Scope definition in Project ManagementSlides.pptScope definition in Project ManagementSlides.ppt
Scope definition in Project ManagementSlides.ppt
nehabsairam
 
Copy of MongoDB .pptx
Copy of MongoDB .pptxCopy of MongoDB .pptx
Copy of MongoDB .pptx
nehabsairam
 
Chapter 4 terminolgy of keyvalue databses from nosql for mere mortals
Chapter 4 terminolgy of keyvalue databses from nosql for mere mortalsChapter 4 terminolgy of keyvalue databses from nosql for mere mortals
Chapter 4 terminolgy of keyvalue databses from nosql for mere mortals
nehabsairam
 
Chapter 5 design of keyvalue databses from nosql for mere mortals
Chapter 5 design of keyvalue databses from nosql for mere mortalsChapter 5 design of keyvalue databses from nosql for mere mortals
Chapter 5 design of keyvalue databses from nosql for mere mortals
nehabsairam
 
Chapter 8(designing of documnt databases)no sql for mere mortals
Chapter 8(designing of documnt databases)no sql for mere mortalsChapter 8(designing of documnt databases)no sql for mere mortals
Chapter 8(designing of documnt databases)no sql for mere mortals
nehabsairam
 
Chapter 7(documnet databse termininology) no sql for mere mortals
Chapter 7(documnet databse termininology) no sql for mere mortalsChapter 7(documnet databse termininology) no sql for mere mortals
Chapter 7(documnet databse termininology) no sql for mere mortals
nehabsairam
 
Chapter 6(introduction to documnet databse) no sql for mere mortals
Chapter 6(introduction to documnet databse) no sql for mere mortalsChapter 6(introduction to documnet databse) no sql for mere mortals
Chapter 6(introduction to documnet databse) no sql for mere mortals
nehabsairam
 
Appache Cassandra
Appache Cassandra Appache Cassandra
Appache Cassandra
nehabsairam
 
introduction to NOSQL Database
introduction to NOSQL Databaseintroduction to NOSQL Database
introduction to NOSQL Database
nehabsairam
 
E governance and digital india initiative
E governance and digital india initiativeE governance and digital india initiative
E governance and digital india initiative
nehabsairam
 
localization in wsn
localization in wsnlocalization in wsn
localization in wsn
nehabsairam
 
Ad

Recently uploaded (20)

Smart Storage Solutions.pptx for production engineering
Smart Storage Solutions.pptx for production engineeringSmart Storage Solutions.pptx for production engineering
Smart Storage Solutions.pptx for production engineering
rushikeshnavghare94
 
five-year-soluhhhhhhhhhhhhhhhhhtions.pdf
five-year-soluhhhhhhhhhhhhhhhhhtions.pdffive-year-soluhhhhhhhhhhhhhhhhhtions.pdf
five-year-soluhhhhhhhhhhhhhhhhhtions.pdf
AdityaSharma944496
 
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdfMAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
ssuser562df4
 
Machine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptxMachine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptx
rajeswari89780
 
new ppt artificial intelligence historyyy
new ppt artificial intelligence historyyynew ppt artificial intelligence historyyy
new ppt artificial intelligence historyyy
PianoPianist
 
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITYADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ijscai
 
International Journal of Distributed and Parallel systems (IJDPS)
International Journal of Distributed and Parallel systems (IJDPS)International Journal of Distributed and Parallel systems (IJDPS)
International Journal of Distributed and Parallel systems (IJDPS)
samueljackson3773
 
RICS Membership-(The Royal Institution of Chartered Surveyors).pdf
RICS Membership-(The Royal Institution of Chartered Surveyors).pdfRICS Membership-(The Royal Institution of Chartered Surveyors).pdf
RICS Membership-(The Royal Institution of Chartered Surveyors).pdf
MohamedAbdelkader115
 
Degree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialistDegree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialist
shreyabhosale19
 
Data Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptxData Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptx
RushaliDeshmukh2
 
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Journal of Soft Computing in Civil Engineering
 
some basics electrical and electronics knowledge
some basics electrical and electronics knowledgesome basics electrical and electronics knowledge
some basics electrical and electronics knowledge
nguyentrungdo88
 
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptxLidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
RishavKumar530754
 
Level 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical SafetyLevel 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical Safety
JoseAlbertoCariasDel
 
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
charlesdick1345
 
Value Stream Mapping Worskshops for Intelligent Continuous Security
Value Stream Mapping Worskshops for Intelligent Continuous SecurityValue Stream Mapping Worskshops for Intelligent Continuous Security
Value Stream Mapping Worskshops for Intelligent Continuous Security
Marc Hornbeek
 
IntroSlides-April-BuildWithAI-VertexAI.pdf
IntroSlides-April-BuildWithAI-VertexAI.pdfIntroSlides-April-BuildWithAI-VertexAI.pdf
IntroSlides-April-BuildWithAI-VertexAI.pdf
Luiz Carneiro
 
Metal alkyne complexes.pptx in chemistry
Metal alkyne complexes.pptx in chemistryMetal alkyne complexes.pptx in chemistry
Metal alkyne complexes.pptx in chemistry
mee23nu
 
DSP and MV the Color image processing.ppt
DSP and MV the Color image processing.pptDSP and MV the Color image processing.ppt
DSP and MV the Color image processing.ppt
HafizAhamed8
 
Avnet Silica's PCIM 2025 Highlights Flyer
Avnet Silica's PCIM 2025 Highlights FlyerAvnet Silica's PCIM 2025 Highlights Flyer
Avnet Silica's PCIM 2025 Highlights Flyer
WillDavies22
 
Smart Storage Solutions.pptx for production engineering
Smart Storage Solutions.pptx for production engineeringSmart Storage Solutions.pptx for production engineering
Smart Storage Solutions.pptx for production engineering
rushikeshnavghare94
 
five-year-soluhhhhhhhhhhhhhhhhhtions.pdf
five-year-soluhhhhhhhhhhhhhhhhhtions.pdffive-year-soluhhhhhhhhhhhhhhhhhtions.pdf
five-year-soluhhhhhhhhhhhhhhhhhtions.pdf
AdityaSharma944496
 
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdfMAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
ssuser562df4
 
Machine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptxMachine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptx
rajeswari89780
 
new ppt artificial intelligence historyyy
new ppt artificial intelligence historyyynew ppt artificial intelligence historyyy
new ppt artificial intelligence historyyy
PianoPianist
 
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITYADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ADVXAI IN MALWARE ANALYSIS FRAMEWORK: BALANCING EXPLAINABILITY WITH SECURITY
ijscai
 
International Journal of Distributed and Parallel systems (IJDPS)
International Journal of Distributed and Parallel systems (IJDPS)International Journal of Distributed and Parallel systems (IJDPS)
International Journal of Distributed and Parallel systems (IJDPS)
samueljackson3773
 
RICS Membership-(The Royal Institution of Chartered Surveyors).pdf
RICS Membership-(The Royal Institution of Chartered Surveyors).pdfRICS Membership-(The Royal Institution of Chartered Surveyors).pdf
RICS Membership-(The Royal Institution of Chartered Surveyors).pdf
MohamedAbdelkader115
 
Degree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialistDegree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialist
shreyabhosale19
 
Data Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptxData Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptx
RushaliDeshmukh2
 
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Process Parameter Optimization for Minimizing Springback in Cold Drawing Proc...
Journal of Soft Computing in Civil Engineering
 
some basics electrical and electronics knowledge
some basics electrical and electronics knowledgesome basics electrical and electronics knowledge
some basics electrical and electronics knowledge
nguyentrungdo88
 
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptxLidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
RishavKumar530754
 
Level 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical SafetyLevel 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical Safety
JoseAlbertoCariasDel
 
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
charlesdick1345
 
Value Stream Mapping Worskshops for Intelligent Continuous Security
Value Stream Mapping Worskshops for Intelligent Continuous SecurityValue Stream Mapping Worskshops for Intelligent Continuous Security
Value Stream Mapping Worskshops for Intelligent Continuous Security
Marc Hornbeek
 
IntroSlides-April-BuildWithAI-VertexAI.pdf
IntroSlides-April-BuildWithAI-VertexAI.pdfIntroSlides-April-BuildWithAI-VertexAI.pdf
IntroSlides-April-BuildWithAI-VertexAI.pdf
Luiz Carneiro
 
Metal alkyne complexes.pptx in chemistry
Metal alkyne complexes.pptx in chemistryMetal alkyne complexes.pptx in chemistry
Metal alkyne complexes.pptx in chemistry
mee23nu
 
DSP and MV the Color image processing.ppt
DSP and MV the Color image processing.pptDSP and MV the Color image processing.ppt
DSP and MV the Color image processing.ppt
HafizAhamed8
 
Avnet Silica's PCIM 2025 Highlights Flyer
Avnet Silica's PCIM 2025 Highlights FlyerAvnet Silica's PCIM 2025 Highlights Flyer
Avnet Silica's PCIM 2025 Highlights Flyer
WillDavies22
 

Software security testing

  • 1. Software Security Testing Presented By: Name:Neha Bansal Mtech(ISSE)
  • 2. Table of Contents  Software security measures  What is software security?  Why security testing?  Approaches to software security testing  Security models  Integration of security model in SDLC  Conclusion
  • 3. Software Security measures Security testing takes the following six measures to provide a secured environment:  Confidentiality - It protects against disclosure of information to unintended recipients.  Integrity - It allows transferring accurate and correct desired information from senders to intended receivers.  Authentication - It verifies and confirms the identity of the user.  Authorization - It specifies access rights to the users and resources.  Availability - It ensures readiness of the information on requirement.  Non-repudiation - It ensures there is no denial from the sender or the receiver for having sent or received the message.
  • 4. What is software security Testing?  Security Testing is a type of software testing that intends to uncover vulnerabilities of the system and determine that its data and resources are protected from possible intruders.  It states that a system meets its security requirements and to identify and minimize the number of vulnerabilities before the software goes into production.  It ensures the software being tested is robust and continues to function in presence of a malicious attack.
  • 5. Why Security Testing  For Finding Loopholes  For Zeroing IN on Vulnerabilities  For identifying Design Insecurities  For identifying Implementation Insecurities  For identifying Dependency Insecurities and Failures  For Information Security  For Process Security  For Internet Technology Security  For Communication Security  For Improving the System  For confirming Security Policies
  • 6. Approach to Software Security Testing  Study of Security Architecture  Analysis of Security Requirements  Classifying Security Testing  Developing Objectives  Threat Modeling  Test Planning  Execution  Reports
  • 7. Security Methods Two common methods foe testing are:  Functional security testing  Risk-based security testing
  • 8. Functional security testing  It ensures that software behaves as specified and the requirements defined are satisfied at an acceptable level.  It states that when a specific thing happens, then the software should respond in a certain way. It starts when software is ready to test.  It address with positive requirements.  Some functional testing techniques are:  Ad-hoc testing and exploratory testing  Specification-based and model based testing.  State based testing  Robustness and fault based testing  Code based testing  Control flow testing
  • 9. Risk based testing  Risk based testing address with negative requirements which states that what a software system should not do.  It can encompass high level as well as low level risk in a software.  Test for negative requirements  Use past experience  Use of attack patterns
  • 10. Integration of security processes with the SDLC  If we postpone security testing after software implementation phase or after deployment. So, it is necessary to involve security testing in SDLC life cycle in the earlier phases.
  • 11. SDLC Phases Security Processes Requirements Security analysis for requirements and check abuse/misuse cases Design Security risks analysis for designing. Development of test plan including security tests Coding and Unit Testing Static and Dynamic Testing and Security white box testing Integration Testing Black Box Testing System Testing Black Box Testing and Vulnerability scanning Implementation Penetration Testing, Vulnerability Scanning Support Impact analysis of Patches
  • 12. Software security in different phases  During the requirement phase test planning focus on how each requirement can and will be tested.  Security risk analysis starts from this phase.  Risk find in this phase can be reduced by a feature called mitigation of those risks.  After this secure design and code phase is conducted which includes security risk analysis for design and coding.  The role of security testing in test phase is given as:
  • 13. Unit testing  In this individual classes, methods, functions are tested.  White box testing is used to validate design decisions and assumptions and finding errors.  It requires how to think like an attacker and how to use different testing tools for that.
  • 14. Integrated testing  It focuses on a collection of subsystems,which may contain many executable components.  Many errors can occur when the components interact with each other.  Integration error are the most common sources of unchecked input values.  It is important to determine the which data flows and control flows can and can not influenced by a potential attacker.
  • 15. System Testing It includes  stress testing:Software performs differently when it is under stress.It is common target of an attacker so it is important to consider early.  Black-box testing:It focues on the visible behavior of software like API’s.It include the network security,database security amd web application security.  Penetration Testing:It allows project managers to assess how an attacker is likely to try subvert the system. It refers to testing the computer security by compromise its security.
  • 16. Conclusion  Analysis the definition of Software security testing.  Approaches of security testing.  Why and how to implement security testing in each phase of SDLC.  Hence software security testing is important part of software development.