Security testing is a process that is performed with the intention of revealing flaws in security mechanisms and finding the vulnerabilities or weaknesses of software applications
Jaiswal’s prime objective of security testing is to find out how vulnerable a system may be and to determine whether its data and resources are protected from potential intruders. Security testing is more effective in identifying potential vulnerabilities when performed regularly.
The first step is to understand the business requirements, security goals, and objectives in terms of the security compliance of the organization.
All security testing cannot be executed manually, so identify the tool to execute all security test cases faster & more reliably.
Understand and analyze the requirements of the application under test.
Based on identified Threat, Vulnerabilities and Security Risks prepare test plan to address these issues.
Prepare the Security tests case document.
Based on above step, prepare Threat profile.
For each identified Threat, Vulnerabilities and Security Risks prepare Traceability Matrix.
Perform the Security Test cases execution and retest the defect fixes. Execute the Regression Test cases.
Collect all system setup information used for development of Software and Networks like Operating Systems, technology, hardware. Make out the list of Vulnerabilities and Security Risks.
Prepare detailed report of Security Testing which contains Vulnerabilities and Threats contained, detailing risks, and still open issues etc.