Information system protects the data and maintains its functionality as desired. This can be determined through a process called security testing. Security testing offered by some companies helps in overcoming the performance limitations, overspending and security failures. Security testing is truly a cross disciplinary function and needs tester’s mindset, along with process, engineering and networking skills. Threat modeling, network penetration testing and application penetration testing are techniques used in security testing.
There are six concepts that are covered by the security testing and these are given below:
Confidentiality:
It is a security measure and it protects against the disclosure of information to the parties who are not intended to give the information and it is only way to ensure the security.
Availability:
The availability of information and communication services is the key to software development and implementation. It assures that information is available to the authorized persons when they need it.
Authorization:
The process of determining that a requester is allowed to receive a service or to perform an operation and access control is called authorization.
Authentication:
It involves confirming the identity of a person and tracing the origins of an artifact. It also ensures that a product is exactly according to the claims made on packaging and labeling, or assuring that a computer program is a trusted one.
Non Repudiation:
This involves the interchange of authentication information along with some form of provable time stamp. It is a measure intended to prevent the later denial that an action happened.
Integrity:
It is the last concept in the security testing and it is the measure intended to allow.
A security testing process is made effective by following all the above concepts.