Software Testing

Leave a comment Go to comments

There are many institutes offering courses in Software Testing.

These institutes also provide placement assistance to the students. Each institute has a full fleshed placement cell working for it. All these institutes provide a training on Manual as well as Automation testing & give certification for the same.

Testing Institutes are established as IT Education and work as Services Company . These Institutes provides training programmes with a thrust on long-term Career Qualifications and the high-end short-term programmes in Information Technology. These also has a significant business in the Institutional segment where it offers Total Learning Solutions to individuals, Corporate, and Government.

IT industry recruits and prefers employees based on the industry relevant skills, International certifications rather than basic academic degrees like B.E/ B. Tech / B.Sc / MCA. These IT relevant skills and certification programs are available through various testing training institutes.

These institutes starts operations and trains over thousands of professionals.They provide training of international standards to students and working professionals.

So…Welcome to the world of Software Testing……………………..

________________________________________________________________

 

SECURITY TESTING 

Security testing is testing how well the system is protected against unauthorized internal or external access, or willful damage. It also depends on two factors:

1)  Authorization   2) Authentication

         Authorization:It will check whether the product has been developed based on Security Standards, Policies and Procedures.

          Authentication :It will check whether product is authenticated or not. 

Types of Security Testing 

1)        Vulnerability Scanning:

  • Done using automated software to scan one or more systems against known vulnerability signatures.
  • Vulnerability analysis is a systematic review of networks and systems that determines the adequacy of security measures, identifies security deficiencies, and evaluates the effectiveness of existing and planned safeguards.


2)       Security Scanning:

  •  Testing how secure your computer is and identify threats residing on your computer.
  • It is Vulnerability Scan plus Manual verification


3)      Penetration Testing

  • The Tester will attempt to gain access to the user system and prove his access, usually, by saving a file on the machine.
  • It is a controlled and coordinated test with the client to ensure that no laws are broken during the test.
  • This is a live test mimicking the actions of real life attackers.

   4)   Risk Assessment  

Risk identification & management method used to identify and evaluate controls to manage and reduce risk in computer software. In this process the sources of the risk are listed. These resources can be: 

  A) Environmental Risks:   

       External factors: 

  • Client
  • Suppliers
  • Competitor
  • Regulatory agencies    
  •  Work ethics
  • Social, economical and Political conditions

B) Organizational Risks

       a) Organizational Structure

 1)  Type of Organization

  •   Functional Organizations
  •   Business Unit Organizations
  •   Matrix Organizations    

    2)    Organizational Processes  

    3)    Roles, Responsibilities, Accountabilities

     b) Organizational Behavior:          

  • Incentives
  • Goal Congruence (Organizational/Personal)
  • Cooperation and Conflict
  • Personal Goals And Needs

      c) Rules:

  •  Formal (e.g. written policies, regulations, procedures, guidelines)
  •  Informal (e.g. Understanding of Acceptable Behavior)

   

      d) Culture 

  • Culture Strengths :Habits of thought and behavior and structural characteristics that have served and will continue to serve the organization if not threatened by change.
  • Cultural Restraints:Deeply held assumptions that condition and restrain thinking about the future.

      e) Climate  

  • Cooperation 
  •  development of individuals

  • dedication or commitment to Organizational goals

6)  Password Cracking  

  • Password cracking programs used to identify weak passwords.
  • Passwords are stored & transmitted in an encrypted form called a hash. When a user logs on to a computer/system and enters a password, a hash is generated and compared to a stored hash.

     If the entered and the stored hashes match, the user is authenticated.  

  • During a penetration test or a real attack, password cracking employs captured password hashes. Passwords hashes can be intercepted when they are transmitted across the network (using a network sniffer) or they can be retrieved from the targeted system. The latter generally requires administrative or “root” access on the target system.

          Password cracking methods: 

  • Dictionary attack: It uses all words in a dictionary or text file.
  • Hybrid attack: builded on the dictionary method by adding numeric and symbolic characters to dictionary words. The attack tries common substitutes of characters and numbers for letters (e.g., p@ssword and h4ckme). Some will also try adding characters and numbers to the beginning and end of dictionary words (e.g., password99, password$%, etc.). 
  • Brute force: It randomly generates passwords and their associated hashes. However since there are so many possibilities it can take months to crack a password.

There are so many threats which are non technical but can affect worst. One of the threats is Social Engineering Attack.  Social Engineering Attack

  • It is used among hackers for cracking techniques that rely on weaknesses in physical security rather than software; the aim is to trick people into revealing passwords or other information that compromises a target system’s security.

  • Classic scams include phoning up an employee who has the required information (password, username, etc.) and posing as a computer technician or a fellow employee with an urgent access problem.

  

  1. No comments yet.
  1. No trackbacks yet.