Security testing



This website approaches security in two ways. Firstly it deals with keeping confidential information safe. This means limiting the options of viewing and changing data for the people you do know, and keeping out everyone you do not know.  Secondly it deals with validating the data that goes into your system. Do they only contain the values you were expecting?

Roles and authorisations

As soon as you have a description of the roles and the authorisations per role, it is quite easy to draw test cases from them. Usually it helps to create a matrix with on the horizontal axis the roles and on the vertical axis the authorisations. This also shows you which role is NOT allowed to perform a certain action, which is important for security testing. And if testing time is limited, discuss  with the business stakeholders which tests are the most important ones. These could be the allowed and the unallowed actions. Again, the matrix will help a lot with your discussions.

Hacker’s testing

Unwanted visitors will first try to figure out what your system looks like and then try to make use of this. To prevent this, very specific tests are neede to identify your system’s weaknesses. As you know, this website is aimed at starting up and structuring your testing efforts. However, for this subject, I advise you to NOT make a quick start and gradually make improvements. The risk of missing something that real hackers won’t miss is too high. So if your test strategy included a heavy security test, hire a specialized company to do this for you.

Input validations

The part above, about hackers, actually dealt with input validations already. Hackers try to enter nasty input instructions, using their own tools but also via your own screens if you offer webbased applications. Besides this, your own customers and employees may also enter incorrect data. Or leave out important data, either because they forget it or don’t find it important. To prevent this, you need a specification of what exactly you are expecting in each input field on your screen. An example (still in Dutch, sorry)


Your first task as a tester will be to ask for such an overview. The first view times they will question whether this is really necessary, later on they will thank you for it.

> > Continue to continuïteit testen

Plaats als eerste een reactie!

Naam*: E-mail*: