We have a non web based three tier app based on java. The users will be able to see items according to the levels of their Login ID's. I am very new to testing, can anyone please tell me in order to security test what needs to be done or point me to some articles ?One thing that I will test is loging in with users with various levels and check whether things are working according to the level of the user logged in but I guess this is not security testing. Can anyone please help.
There are loads of things you should need to check when doing Testing! I am considering that you will be doing Functional and other testings and here you are only interested in security testing. First of all, the test you suggested is more of a functional test rather than security test. In security testing, you want to unveil the hidden security flaws like able to login in the system without providing credentials, try find out what information is stored in cookies, if you are expert enough then try to find how session hijacking is protected, try sqlinjection, find out any page that requires the login can't be accessed without providing login (try entering the url in the address bar of a page that's only accessible after login). You can try many other such things. I once read that a vast resource of security bugs lies in the architecture and design of the application so try to figure out those bugs as well.
A Candle Losses Nothing By Lightening Another Candle