Software Security Testing: An Essential In Todays WorldSoftware development consists of much more than just developing and building the software. Of all the time that is put into developing software, over 50% of this is used on testing the software. You've read about functional testing, unit testing, performance testing and integration testing-all of which are vital to the success of the software. One of the most important types of software testing is software security testing. In recent years, software security has been a very hot topic in the world of software development. Companies are constantly concerned with the security of their software as well as their entire systems. Numerous large and small businesses and government offices are increasingly concerned about the security and spending large amounts of money to add more security to their software. Software security is a very serious matter and should be taken care of at the time the system is built, however, with addition software being built, there is always a need for more security, especially software security testing when new software is developed. With hackers, crackers and new viruses developing daily, security takes top priority over almost every other aspect involving computers and computer software. The main purpose of security testing is to make sure that an information system not only protects the data on the system, but that the system remains functional. There are six basic security concepts involved in software security testing: confidentiality, authorization, availability, integrity, authentication and non-repudiation. Confidentiality is obtained by use of security measures that protect information from getting to sources other than whom it is intended for, often by use of encrypted codes or passwords. Authorization is the process of allowing a person authorization for a site by use of login ids and passwords. Availability means that the information will be ready to the qualified individuals when they need it ready. Integrity is measured when an individual receives information or data and is assured that nothing has been changed and it is as it should be. Authentication means that the information or message comes from a specific known source. Non-repudiation means that a person can't later deny receiving a message or data as it is date and time stamped. Many types of software testing are similar to each other in one way or another. Security testing is different from other software in one major way. Whereas most of the software tests are designed to show the good in the system, the purpose of security software is to show its weakness so it can be always improved. Software security testing requires someone qualified with knowledge of software testing, platform, application domain, computer security as well as great programming skills. The main goal of security software is to test for attacks and hacks and rather then positive results, they need to see negative results (leaks in security) so they know where improvement is needed. |