The Methods and Techniques Used for Security Testing

The Methods and Techniques Used for Security Testing

The Methods and Techniques Used for Security Testing


Free Online Articles Directory




Why Submit Articles?
Top Authors
Top Articles
FAQ
ABAnswers

Publish Article

0 && $.browser.msie ) {
var ie_version = parseInt($.browser.version);
if(ie_version Login


Login via


Register
Hello
My Home
Sign Out

Email

Password


Remember me?
Lost Password?

Home Page > Computers > Software > The Methods and Techniques Used for Security Testing

The Methods and Techniques Used for Security Testing

Edit Article |

Posted: Sep 22, 2008 |Comments: 0
| Views: 326 |



]]>

Security testing can be performed in many ways like,

Black Box Level White Box Level Database Level

Black Box Level

Session Hijacking

Session Hijacking commonly called as “IP Spoofing” where a user session will be attacked on a protected network.

Session Prediction

Session Prediction is a method of obtaining data or a session ID of an authorized user and gets access to the application. In a web application the session ID can be retrieved from cookies or URL. 

The Session Prediction happening can be predicted when a website is not responding normally or stops responding for an unknown reason.

Email Spoofing

Email Spoofing is duplicating the email header (“From” address) to look like originated from actual source and if the email is replied it will land in the spammers inbox. By inserting commands in the header the message information can be altered. It is possible to send a spoofed email with information you didn’t write.

Content Spoofing

Content spoofing is a technique to develop a fake website and make the user believe that the information and website is genuine. When the user enters his Credit Card Number, Password, SSN and other important details the hacker can get the data and use if for fraud purposes.

Phishing

Phishing is similar to Email Spoofing where the hacker sends a genuine look like mail attempting to get the personal and financial information of the user. The emails will appear to have come from well known websites.

Password Cracking

Password Cracking is used to identify an unknown password or to identify a forgotten password. 

Password cracking can be done through two ways, 

Brute Force – The hacker tries with a combination of characters within a length and tries until it is getting accepted. Password Dictionary – The hacker uses the Password dictionary where it is available on various topics.

 White Box Level 

Malicious Code Injection

SQL Injection is most popular in Code Injection Attack, the hacker attach the malicious code into the good code by inserting the field in the application. The motive behind the injection is to steal the secured information which was intended to be used by a set of users.

Apart from SQL Injection, the other types of Malicious code injection are XPath Injection, LDAP Injection, and Command Execution Injection. Similar to SQL Injection the XPath Injection deals with XML document.

Penetration Testing

Penetration Testing is used to check the security of a computer or a network. The test process explores all the security aspects of the system and tries to penetrate the system.

Input Validation

Input validation is used to defend the applications from hackers. If the input is not validated mostly in web applications it could lead to system crashes, database manipulation and corruption.

Variable Manipulation

Variable manipulation is used as a method for specifying or editing the variables in a program. It is mostly used to alter the data sent to web server.

Database Level 

SQL Injection

SQL Injection is used to hack the websites by changing the backend SQL statements, using this technique the hacker can steal the data from database and also delete and modify it.

For more information in Software Testing, Please visit softwaretestingguide.blogspot.com

Retrieved from “http://www.articlesbase.com/software-articles/the-methods-and-techniques-used-for-security-testing-571687.html

(ArticlesBase SC #571687)

Need more traffic? No problem. Publish with us and see why everyone’s talking about Articlesbase.com
Liked this article? Click here to publish it on your website or blog, it’s free and easy!

Jerry Ruban
About the Author:

Author of softwaretestingguide.blogspot.com

]]>

Questions and Answers

Ask our experts your Software related questions here…

Ask

200 Characters left

What are two techniques used to indent a paragraph?
Describe the consultation techniques used and identify design objectives
I am in the security industry,and was ask to do competency mapping for the staff.I have no idea, what is it about. any idea, and what is the best method to apply?

Rate this Article

Pages: 1 2 3 4 5