Security Testing is performed to find the security flaws in the systems under test. The purpose of Security Testing is to identify the security flaws/loopholes/weaknesses in the system with an intention of protecting the system against the possible attacks. The following sections will categorize the Security Testing in different ways:
- Application Security Testing: Security Testing can be categorized into the following based on the Application platform type:
- Web Application Security Testing
- Mobile Application Security Testing
- Desktop Application Security Testing (alias Thick Client Security Testing)
- Cloud Application Security Testing
- Based on the different focus areas in the Applications, Security Testing can be further classified into the following types:
- Client Side Application Security Testing
- Server Side Application Security Testing
- Infrastructure Security Testing: Security Testing can be categorized into the following based on the Infrastructure type:
- Network Penetration Testing
- External Infrastructure Security Testing
- Internal Infrastructure Security Testing
- Wireless Security Testing
- Secure build of configuration review
- Red Teaming
- Network Penetration Testing
- Security Testing on latest technologies: Security Testing can be categorized based on the latest technologies it is performed on:
- Cloud Security Testing
- IoT Security Testing
- Embedded Software Security Testing
- And others
- Architecture Risk Assessment: As part of this, Security Testing can be categorized as below:
- Threat Modeling
- Architecture Risk Analysis (ARA)
- Security Architecture Survey (SAS)
- Security Testing Methods: Security Testing can be categorized into the following based on the methodologies:
- Black Box Security Testing
- White Box Security Testing
- Grey Box Security Testing
- Security Testing Software Layers: Security Testing can be categorized according to different layers of the Software:
- User Interface Security Testing
- API/Web Services Security Testing
- Database Security Testing
- Security Testing Delivery: Based on the type of tasks performed, Security Testing can be categorized as:
- Vulnerability Assessment
- Security Scanning
- Penetration Testing
- Risk Assessment
- Security Auditing
- Posture Assessment
- Ethical Hacking
- SAST and DAST: Security Testing can also be classified as:
- SAST (Static Application Security Testing)
- DAST (Dynamic Application Security Testing)
- Other types of Security Testing:
- Source Code Reviews
- PCI DSS compliance security testing
- Social engineering attacks security testing
Conclusion: Security Testing can be categorized in different ways.
Please leave your questions/comments/feedback below.
Happy Learning 🙂
Arun Motoori (www.QAFox.com)