HomeSecurity Testing Concepts

Security Testing Types

Security Testing Types
Security Testing is performed to find the security flaws in the systems under test. The purpose of Security Testing is to identify the security flaws/loopholes/weaknesses in the system with an intention of protecting the system against the possible attacks. The following sections will categorize the Security Testing in different ways:

  • Application Security Testing: Security Testing can be categorized into the following based on the Application platform type:
    • Web Application Security Testing
    • Mobile Application Security Testing
    • Desktop Application Security Testing (alias Thick Client Security Testing)
    • Cloud Application Security Testing
    • Based on the different focus areas in the Applications, Security Testing can be further classified into the following types:
      • Client Side Application Security Testing
      • Server Side Application Security Testing
  • Infrastructure Security Testing: Security Testing can be categorized into the following based on the Infrastructure type:
    • Network Penetration Testing
      • External Infrastructure Security Testing
      • Internal Infrastructure Security Testing
    • Wireless Security Testing
    • Secure build of configuration review
    • Red Teaming
  • Security Testing on latest technologies: Security Testing can be categorized based on the latest technologies it is performed on:
    • Cloud Security Testing
    • IoT Security Testing
    • Embedded Software Security Testing
    • And others
  • Architecture Risk Assessment: As part of this, Security Testing can be categorized as below:
    • Threat Modeling
    • Architecture Risk Analysis (ARA)
    • Security Architecture Survey (SAS)
  • Security Testing Methods: Security Testing can be categorized into the following based on the methodologies:
    • Black Box Security Testing
    • White Box Security Testing
    • Grey Box Security Testing
  • Security Testing Software Layers: Security Testing can be categorized according to different layers of the Software:
    • User Interface Security Testing
    • API/Web Services Security Testing
    • Database Security Testing
  • Security Testing Delivery: Based on the type of tasks performed, Security Testing can be categorized as:
    • Vulnerability Assessment
    • Security Scanning
    • Penetration Testing
    • Risk Assessment
    • Security Auditing
    • Posture Assessment
    • Ethical Hacking
  • SAST and DAST: Security Testing can also be classified as:
    • SAST (Static Application Security Testing)
    • DAST (Dynamic Application Security Testing)
  • Other types of Security Testing:
    • Source Code Reviews
    • PCI DSS compliance security testing
    • Social engineering attacks security testing

Conclusion: Security Testing can be categorized in different ways.

Please leave your questions/comments/feedback below.

Happy Learning 🙂

Arun Motoori (www.QAFox.com)

Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *