i thought security testing is all about testing whether the information in a software [web based or intranet] is safe ,i.e. the information is not leaked. Important information like Passwords, Creditcard numbers etc are safe.
And how to test whether a software is robust against hackers because hackers pounce on the loopholes in a software.
Are there any standards in security testing?