SPONSORS:






User Tag List

Thanks Thanks:  0
Likes Likes:  0
Dislikes Dislikes:  0
Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16
  1. #11
    SQA Knight
    Join Date
    May 2006
    Location
    Playa Del Rey, California, United States
    Posts
    2,647
    Post Thanks / Like
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Total Downloaded
    0
    I consider QA's role more security scanning and not truly security testing. Most QA personal have no formal study/training in serious computer security and threat assessment. Nor should they have to worry about security, as there are tons to do already.

    I see running scans like Zap, Skipfish, etc.. and doing some rudimentary checks for security part of the job. However I do not consider it security testing. I usually like to make it clear in my test plans that, X, Y, Z scans are what I'm performing. And that it can only find security flaws in regards to known vulnerability signatures. And if they are serious about security, they should perform a formal threat assessment and code review by a formal security expert (such as an outside consulting firm).
    David Lai
    SDET / Consultant
    LinkedIn profile

  2. #12
    Super Member
    Join Date
    Jul 1999
    Location
    Rancho Santa Margarita, CA
    Posts
    1,464
    Post Thanks / Like
    Mentioned
    4 Post(s)
    Tagged
    1 Thread(s)
    Total Downloaded
    0
    We have a big Security Team/Group here in the company already.
    So if assigned, what else could QA be doing that Security Team is not doing for Security Testing purposes?

    Thanks.
    Gilbert

  3. #13
    New Member
    Join Date
    Aug 2014
    Posts
    1
    Post Thanks / Like
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Total Downloaded
    0
    To save the site from unauthorise access

  4. #14
    Member
    Join Date
    Feb 2016
    Posts
    131
    Post Thanks / Like
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Total Downloaded
    0
    Blog Entries
    1
    Quote Originally Posted by Titti View Post
    Hi,
    For what purpose we are using the Security Testing during the web site Testing.


    Thanks and regards,
    TITTI
    Basic information is put away in web applications and the quantity of exchanges on the web increments, legitimate security testing of web applications is turning out to be essential. Security testing is the procedure that establishes that classified information stays secret and clients can perform just those undertakings that they are approved to perform

  5. #15
    New Member
    Join Date
    Jul 2016
    Posts
    6
    Post Thanks / Like
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Total Downloaded
    0
    security testing is done to check whether the application is secured or not,it checks to see if the application is harmed to any attacks

  6. #16
    SQA Knight
    Join Date
    May 2006
    Location
    Playa Del Rey, California, United States
    Posts
    2,647
    Post Thanks / Like
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Total Downloaded
    0
    Since this thread is revived from a long slumber.. I guess it's a good time to provide some new insight.

    What you'll want to remember in a job interview or a certification test are the 4 A's of Security.

    1) Availability - The service has to be available. Can the service be easily taken out?
    2) Accessibility/Authorization - Is the access given to the right people?
    3) Authenticity - Can data be faked or spoofed?
    4) Auditability - Are there checks and balances in the business logic and data. Can actions be traced back to their origin and verified as authentic?
    David Lai
    SDET / Consultant
    LinkedIn profile

 

 
Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Search Engine Optimisation provided by DragonByte SEO v2.0.40 (Pro) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Resources saved on this page: MySQL 10.00%
vBulletin Optimisation provided by vB Optimise v2.7.1 (Pro) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.3.0 (Pro) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
vBNominate (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Feedback Buttons provided by Advanced Post Thanks / Like (Pro) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Username Changing provided by Username Change (Free) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
BetaSoft Inc.
Digital Point modules: Sphinx-based search
All times are GMT -8. The time now is 03:44 PM.

Copyright BetaSoft Inc.