Security Testing:

• Testers must use a risk-based approach, By identifying risks and potential loss associated with those risks in the system and creating tests driven by those risks, the testers can properly focus on areas of code in which an attack is likely to succeed.

• Therefore risk analysis at the design level can help to identify potential security problems and their impacts. Once identified ranked, software risks can help guide software security.

• It is a type of non-functional testing. Security testing is basically a type of software testing that’s done to check whether the application or the product is secured or not. It checks to see if the application is vulnerable to attacks, if anyone hack the system or login to the application without any authorization.

• It is a process to determine that an information system protects data and maintains functionality as intended. The security testing is performed to check whether there is any information leakage in the sense by encrypting the application or using wide range of software’s and hardware’s and firewall etc.

• Software security is about making software behave in the presence of a malicious attack. The six basic security concepts / elements that need to be covered by security testing are:

  confidentiality,

  Integrity,

  Authentication,

  Availability,

  Authorization and

  Non-repudiation