Security Testing 简明教程

Security Testing - Overview

安全性测试对于保护系统免受 Web 上的恶意活动非常重要。

Security testing is very important to keep the system protected from malicious activities on the web.

What is Security Testing?

安全性测试是一种测试技术,旨在确定信息系统是否保护数据并按预期维护功能。安全性测试并不能保证系统完全安全,但将安全性测试作为测试流程的一部分很重要。

Security testing is a testing technique to determine if an information system protects data and maintains functionality as intended. Security testing does not guarantee complete security of the system, but it is important to include security testing as a part of the testing process.

安全性测试采取以下六项措施来提供安全的环境 −

Security testing takes the following six measures to provide a secured environment −

  1. Confidentiality − It protects against disclosure of information to unintended recipients.

  2. Integrity − It allows transferring accurate and correct desired information from senders to intended receivers.

  3. Authentication − It verifies and confirms the identity of the user.

  4. Authorization − It specifies access rights to the users and resources.

  5. Availability − It ensures readiness of the information on requirement.

  6. Non-repudiation − It ensures there is no denial from the sender or the receiver for having sent or received the message.

Example

在基于 Web 的应用程序中发现安全缺陷涉及复杂步骤和创造性思维。有时候,一个简单的测试就能暴露最严重的安全性风险。您可以在任何 Web 应用程序上尝试这个非常基本的测试 −

Spotting a security flaw in a web-based application involves complex steps and creative thinking. At times, a simple test can expose the most severe security risk. You can try this very basic test on any web application −

  1. Log into the web application using valid credentials.

  2. Log out of the web application.

  3. Click the BACK button of the browser.

  4. Verify if you are asked to log in again or if you are able go back to the logged in page again.