Blog

Articles to grow your career

MainQA Testing TypesSecurity Testing

Article

Security Testing

Security testing is a software product research aimed at testing, detecting, and correcting defects related to the safety of user data, namely:

  • Integrity. Limiting the number of users who have access to data, determining the degree of damage caused by the loss of certain data.
  • Availability. This means that resources must be available to an authorized user, internal entity, or device. As a rule, the more critical the resource, the higher the level of availability should be.
  • Confidentiality. It means hiding certain resources or information. This presupposes restricting access to a resource for a certain category of users.

During testing, most often the tester plays the role of a hacker, and begins to manipulate the application in different ways:

  • Attempting to find out the password using external means.
  • Attacking the system using special utilities that analyze protection.
  • Suppressing or flooding the system to see if it refuses to serve other clients.
  • Deliberately injecting faults to infiltrate the system during recovery.
  • Browsing unrestricted data to find a login key.

Moving on, there are several types of vulnerabilities:

XSS (Cross-Site Scripting) is a type of web application vulnerability in which malicious scripts are executed on a server-generated page to attack the client.

XSRF/CSRF (Request Forgery) is a type of vulnerability that allows you to exploit the HTTP protocol. Attackers work according to the following scheme: a link to a malicious site is installed on a page that is trusted by the user; when the user clicks on the malicious link, a script that saves the user’s personal data (passwords, payment information, etc.) is executed or sends spam messages on behalf of the user, or modifies the access to the user account to gain full control over it.

Contact

Do you want to join us?

Leave an application and get a free consultation from our manager.

  • Help in choosing a direction
  • Course consultation
  • Additional materials for the start

Code injections (SQL, PHP, ASP, etc.) are a type of vulnerability that makes it possible to run executable code to gain access to system resources, unauthorized data access, or disable the system.

Server-Side Includes Injection is a type of vulnerability that inserts server-side commands into HTML code or runs them directly from the server.

Authorization Bypass is a type of vulnerability in which it is possible to gain unauthorized access to another user’s account or documents.

Learn about more testing types here.

a lady with a laptop

Alex Kara
By Alex Kara on Aug 12, 2021
QA Testing Types

Read also

Similar to this article

Manual Testing Best Practices: Tips and Techniques
IT Careers May 25, 2023

Manual Testing Best Practices: Tips and Techniques

Over the years, software testing has evolved into a crucial aspect of the development and launch process. While techniques like Automation have gained popularity for streamlining repetitive testing tasks, manual testing remains vital to achieving optimal performance and desired outcomes. Although manual testing may sometimes seem time-consuming, it is essential for testers to continually engage […]

Read more
Key Skills Required for a Career in Quality Assurance Testing
IT Careers May 20, 2023

Key Skills Required for a Career in Quality Assurance Testing

Customers seek bug-free products and seamless, efficient applications, and software testers strive to achieve that objective. The primary responsibility of QA testers is to ensure thorough testing and the absence of application defects by using both Manual QA and Automated QA Testing solutions. Becoming a successful QA tester is challenging; it requires a high level […]

Read more
Measuring the Effectiveness and Efficiency of Manual Testing
IT Careers May 19, 2023

Measuring the Effectiveness and Efficiency of Manual Testing

Manual Testing is essential in the Software Development Life Cycle, as software can only be released with approval from the quality testing team. However, it can be challenging to ensure that the tests being conducted are effective. This is where the concept of test effectiveness and efficiency comes into play. Test effectiveness assesses how well […]

Read more