Security testing is the process of ensuring that defensive mechanisms are operating correctly. This is different to ensuring that software or systems are able to pass functionality tests. At Skiva, we recognize that ensuring security standards are met in software products is growing in importance. Using security tests is a way we determine that information and software systems protect your data and at the same time maintain functionality.
Security testing operates in six basic concepts, these being confidentiality, authentication, authorization, non-repudiation, availability and integrity. Security testing must be defined first in order to establish a base. Specifically, confidentiality protects against disclosure of information to unauthorized persons. Authentication has the purpose of confirming identify or checking trust levels on a program. Authorization ensures that the requester is allowed to proceed. Non-repudiation tests that the sender and recipient are the individuals who claim to have performed the action. Availability looks for evidence that the systems will be available on demand. Integrity assures the receiver that information provided is accurate.
At Skiva, procedures commonly followed during security testing include discovery, a vulnerability scan, and vulnerability assessment. Once the vulnerabilities are identified a manual verification can be added in order to confirm that there are genuine risks. A security assessment enters the system to determine operations and confirm system settings. The security assessment is a generalized coverage of the systems and involves a penetration test which simulates an attack that might occur from a malicious party.
Here at Skiva we can offer you comprehensive security testing which checks all the major areas of vulnerability and we cannot recommend this type of testing strongly enough to reduce the effect of malicious attacks resulting from poor security.
