The Need For Security Testing?
The software industry has achieved a solid recognition in this age. In the recent decade, however, the cyber-world seems to be even more dominating and driving force which is shaping up the new forms of almost every business. Web-based ERP systems used today are the best evidence that IT has revolutionized our beloved global village.
These days, websites are not meant only for publicity or marketing but these have been evolved into the stronger tools to cater to complete business needs.
Web-based Payroll systems, Shopping Malls, Banking, Stock Trade application are not only being used by organizations but are also being sold as products today.
This means that online applications have gained the trust of customers and users regarding their vital feature named as SECURITY.
No doubt, the security factor is of primary value for desktop applications too.
However, when we talk about the web, the importance of security increases exponentially. If an online system cannot protect the transaction data, no one will ever think of using it. Security is neither a word in search of its definition yet, nor is it a subtle concept. However, I would like to list some compliments on security.
Examples of Security flaws in an application
- A Student Management System is insecure if the ‘Admission’ branch can edit the data of ‘Exam’ branch
- An ERP system is not secure if DEO (data entry operator) can generate ‘Reports’
- An online Shopping Mall has no security if the customer’s Credit Card Detail is not encrypted
- A custom software possess inadequate security if an SQL query retrieves actual passwords of its users
Now, I present to you the simplest definition of Security in my own words.
“Security means that authorized access is granted to protected data and unauthorized access is restricted”.
So, it has two major aspects; first is the protection of data and the second one is access to that data. Moreover, whether the application is desktop or web-based, security revolves around the two aforementioned aspects.
Desktop And Web Security Testing
A desktop application should be secure not only regarding its access but also with respect to the organization and storage of its data.
Similarly, web application demands, even more, security with respect to its access, along with data protection. A web developer should make the application immune to SQL Injections, Brute Force Attacks and XSS (cross-site scripting). Similarly, if the web application facilitates remote access points then these must be secure too.
Moreover, keep in mind that Brute Force Attack is not only related to web applications, desktop software is also vulnerable to this.
I hope this foreword is enough and now let me come to the point. Kindly accept my apology if you so far thought that you are reading about the subject of this article. Though I have briefly explained software Security and its major concerns, my topic is ‘Security Testing’.