Security Testing

Security Testing is a type of software testing in which testing is performed on an application to check if the security is maintained in such a way that the valid users are able to access, invalid users are unable to access and the vital information is protected from destructive agents like viruses and also protect from hackers.

This type of software testing can be done in many ways with several objectives in many areas.
Some of them are given below.

Loging in to application:
Security testing is performed on login page to test valid user is able to access and invalid user is unable to access.

Illegal access of web page:
Here, testing is performed to test the acess of the web page with URL with out login and see the security is maintained.

Firewall:
Firewall is a means of security usually is established before the servers where in vital information is stored. Security testing is performed to check if the firewall
is working as per the administrative setting to allow the desire requests and not to allow the undesired requests. In other words it must have capability
to block destructive agents like viruses for the sake of protection.
Security should be maintained to avoid the following :
Checklist for security testing

A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards


Security testing is must for Banking & financial domain projects.This type of testing is optional for all other domains and will be opted by clients.

The Test Planning Process

What is a Test Strategy? What are its Components?

Test Policy - A document characterizing the organization’s philosophy towards software testing.

Test Strategy - A high-level document defining the test phases to be performed and the testing within those phases for a programme. It defines the process to be followed in each project. This sets the standards for the processes, documents, activities etc. that should be followed for each project.
 For example, if a product is given for testing, you should decide if it is better to use black-box testing or white-box testing and if you decide to use both, when will you apply each and to which part of the software? All these details need to be specified in the Test Strategy.

Project Test Plan - a document defining the test phases to be performed and the testing within those phases for a particular project. A Test Strategy should cover more than one project and should address the following issues: An approach to testing high risk areas first, Planning for testing, How to improve the process based on previous testing, Environments/data used, Test management - Configuration management, Problem management, What Metrics are followed, Will the tests be automated and if so which tools will be used, What are the Testing Stages and Testing Methods, Post Testing Review process, Templates.

Test planning needs to start as soon as the project requirements are known. The first document that needs to be produced then is the Test Strategy/Testing Approach that sets the high level approach for testing and covers all the other elements mentioned above.

Test Planning – Sample Structure

Once the approach is understood, a detailed test plan can be written. Usually, this test plan can be written in different styles. Test plans can completely differ from project to project in the same
organization.

IEEE SOFTWARE TEST DOCUMENTATION Std 829-1998 - TEST PLAN

Purpose

To describe the scope, approach, resources, and schedule of the testing activities. To identify the items being tested, the features to be tested, the testing tasks to be performed, the personnel responsible for each task, and the risks associated with this plan.

OUTLINE

A test plan shall have the following structure:


 • Introduction: Summarized the software items and features to be tested and the need for   them to be included.

 • Test items: Identify the test items, their transmittal media which impact their

 • Features to be tested

 • Features not to be tested

 • Approach

 • Item pass/fail criteria

 • Suspension criteria and resumption requirements

 • Test deliverables

 • Testing tasks

 • Environmental needs

 • Responsibilities

 • Staffing and training needs

 • Schedule

 • Risks and contingencies

 • Approvals


Major Test Planning Tasks

Like any other process in software testing, the major tasks in test planning are to – Develop Test Strategy, Critical Success Factors, Define Test Objectives, Identify Needed Test Resources, Plan Test Environment, Define Test Procedures, Identify Functions To Be Tested, Identify Interfaces With Other Systems or Components, Write Test Scripts, Define Test Cases, Design Test Data, Build Test Matrix, Determine Test Schedules, Assemble Information, Finalize the Plan .• Test plan identifier. A unique identifier assign to the test plan.