QualiTest’s security testing services verify that the system's information data is protected and that the intended functionality is maintained - http://bit.ly/1EKt0k1
2. • World’s 2nd Largest
Independent Testing Company
2
• QA & Testing focus
QA and Software Testing is all that we do!
QualiTest Group
3. About QualiTest
• Global Service delivery Model – Right Shore!
Onshore, Near-Shore, Offshore and Crowd Testing
• Results Based Testing (RBT)
Contractual guarantees for quality Improvement & cost
reduction
• Managed Testing Solutions (MTS)
Long term, SLA based testing outsourcing
• Knowledge center for Global practices
Customized testing solutions based on proven test
methodologies and QualiTest’s unique perspective
4. QualiTest’s Strategic Statement:
4
Design & deliver the right
industry & technology
focused SQA solutions,
leveraging our diversified
business models & ability to
gain a deep understanding of
customer’s goals &
challenges
5. Security Testing
5
QualiTest’s security testing services verify that the systems
information data is protected and that the intended
functionality is maintained
6. Features of Security Testing
6
QualiTest’s security testing process is comprised from the
following activities:
Capture and define security
test requirements
Define all entry points to
the system
Analyze potential threats
and risk analysis based on
the entry points
7. What is Security Testing
7
Security Testing is focused on unacceptable inputs and whether
these inputs are likely to create significant failure in regards to the
given requirements of the product under test
The most important part of Security Testing is providing sufficient
evidence to clients to show that their system and its information is
safe and secure from unacceptable inputs
8. Information Security Terms
8
Some of the basic Information security terms are :
Asset
Anything that has value to an organization, subject to many
kinds of threats
Threat
A potential cause of an unwanted incident, which may result
in harm to a system or organization
Vulnerability
A weakness of an asset or group of assets that can be
exploited by one or more threats
Risk
The potential that a given threat will exploit vulnerabilities to
cause loss or damage to an asset or group of information
assets and thereby cause harm to the organization
Information Security
The preservation of confidentiality integrity and availability of
information
9. Vulnerabilities
9
There are established vulnerabilities and also tools which can help
us identify common vulnerabilities in code:
Top 10 Vulnerabilities
• Injection Flaws (SQL Injection)
• Malicious File Execution
• Insecure Direct Object Reference
• Cross Site Request Forgery (CSRF)
• Information Leakage and Improper Error Handling
• Broken Authentication and Session Management
• Insecure Cryptographic Storage
• Insecure Communications
• Failure to Restrict URL Access
10. Deliverables of Security Testing
10
• A complete system breakdown, detailing your system’s structure and
our plan for testing
• A comprehensive defect report exhibits the details about any security
weaknesses, each bug, its severity, and location.
• On-going support is provided from a QualiTest senior test specialist to
improve quality and incite continuous improvement.
11. Benefits
11
The benefits of using QualiTest’s Security testing services include:
• Quality Insight
• QualiTest’s can provide you with peace of mind and assurance of a clear insight into the
quality of your system
• No Lead Time
• Reduce application time to market
• Competitive pricing
• Take advantage of our existing operation at competitive pricing
• Quality Improvement
• Our experienced testing engineers can increase your testing coverage and assure new quality
standards