by Nataliia Vasylyna | June 2, 2016 6:23 am
There is a quite popular approach to security testing. The approach is to find small security flaws that cannot actually bring severe damage to a product even if found and fully leveraged by hackers.
An experienced specialist from software testing company realizes that this is definitely not enough. Only much more systematic approach can provide really valuable results. An example of such an approach is thoroughly planned penetration testing. Each penetration test should be constructed in accordance with risk assessment factors.
External penetration testing implies thorough search of weaknesses that can be exploited by malicious external users. Internal penetration tests are intended for simulation of attacks from within. A lot of companies simply ignore this type of testing, explaining that they are completely confident in their employees. They may be right, but it’s better to be safe than sorry.
Before and during the execution of double-blind penetration testing, only a limited number of people know about the experiment. This will allow catching many of them flat-footed, finding unexpected security flaws, and determining the way a product will behave in case of a real malevolent attack.
To be on the safe side, testers should also perform confidentiality testing and vulnerability testing. This will help to reveal even more defects and intensify the assurance.
Source URL: https://blog.qatestlab.com/2016/06/02/penetration-tests-security/
Copyright ©2019 QATestLab Blog