I am looking forward to give a detailed presentation at my software house regarding security testing.
Please let me know what open source tools available for it?
What are the proper methods that how we can do the security testing?
What the tester should have the knowledge before going to do the security testing?
Well tools aside, first some awareness is needed. If you have it thats fine but otherwise I recommend you start reading the Top Ten vulnerabilities listed at www.owasp.org
And assuming that you are on a web-app under test, I would say demonstrate how SQL Injection can be a dangerous bug. You can put together a demor or use www.testersdesk.com to show how SQL Injection works (by the way, testersdesk.com is not a pure securty testing tool per-se but you can use the SQL Injection generator in it, provide your HTML form information and get a downloadabe plain HTML file that has in-built automated tests for SQL injections).
>> What the tester should have the knowledge before going to do the security testing?
Little bit (or more) of how apps access their resources like files, network and so on...
<ul type="square">[*]www.testersdesk.com- The Online Tool Platform for Software Testers.[*]Building test engineering tools & training test engineers is what value-creation means to me in the race of Deterministic Technology.[/list]
First think is you know the proper business logic of your application, OS, file system,Networking
E.g. suppose your app is preven execute unauthorized executables. So you think in a such ways that, which is alternate method/methods to run THAT executables