Secure Software Confidentiality Disclosure of information to only intended parties Integrity Determine whether the information is correct or not Data Security Privacy Data Protection Controlled Access Authentication Access to Authorized People Availability Ready for Use when expected Non Repudiation Information Exchange with proof
Secure Software. Confidentiality Disclosure of information to only intended parties Integrity Determine whether the information is correct or not Data Security Privacy Data Protection Controlled Access Authentication Access to Authorized People Availability Ready for Use when expected - PowerPoint PPT Presentation
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Secure Software Confidentiality
Disclosure of information to only intended parties Integrity
Determine whether the information is correct or not Data Security
Privacy Data Protection Controlled Access
Authentication Access to Authorized People
Availability Ready for Use when expected
Non Repudiation Information Exchange with proof
Software Security Security of Operating System Security of Client Software Security of Application Software Security of System Software Security of Database Software Security of Software Data Security of Client Data Security of System Data Security of Server Software Security of Network Software
Why Security Testing For Finding Loopholes For identifying Design Insecurities For identifying Implementation Insecurities For identifying Dependency Insecurities and Failures For Information Security For Process Security For Internet Technology Security For Communication Security For Improving the System For confirming Security Policies For Organization wide Software Security For Physical Security
Approach to Software Security Testing Study of Security Architecture Analysis of Security Requirements Classifying Security Testing Developing Objectives Threat Modeling Test Planning Execution Reports
Security Testing Techniques
OS Hardening Configure and Apply Patches Updating the Operating System Disable or Restrict unwanted Services and Ports Lock Down the Ports Manage the Log Files Install Root Certificate Protect from Internet Misuse and be Cyber Safe Protect from Malware
Vulnerability Scanning Identify Known Vulnerabilities Scan Intrusively for Unknown Vulnerabilities
Simulating Attack from a Malicious Source Includes Network Scanning and Vulnerability Scanning Simulates Attack from someone Unfamiliar with the System Simulates Attack by having access to Source Code, Network,
Passwords Port Scanning and Service Mapping
Identification and locating of Open Ports Identification of Running Services
Firewall Rule Testing Identify Inappropriate or Conflicting Rules Appropriate Placement of Vulnerable Systems behind Firewall Discovering Administrative Backdoors or Tunnels
Identifying Active Hosts on a network Collecting IP addresses that can be accessed over the Internet Collecting OS Details, System Architecture and Running Services Collecting Network User and Group names Collecting Routing Tables and SNMP data
Password Cracking Collecting Passwords from the Stored or Transmitted Data Using Brute Force and Dictionary Attacks Identifying Weak Passwords
Ethical Hacking Penetration Testing, Intrusion Testing and Red Teaming
File Integrity Testing Verifying File Integrity against corruption using Checksum