What is the software security testing?

Secure Software

In the Software industry, Most of the clients have a main requirement which is “we want the system to be secured”. Security is a non-functional property of the system, the main goal for securing the system to make this system dependable. So, we can depend on this system and it can perform its excepted functions as required and specified.

Therefore, it is mandatory to run the security testing procedures to ensure that we can depend on this system, but we need also to consider some functional requirements on writing requirements specifications document that help to obtain this goal.

Definition of Security testing

“Security testing is a process to determine that an information system protects data and maintains functionality as intended” Wikipedia

We can summarize that we need security testing on the following:

  1. Information and access security. Security tests help to find out loopholes that can cause loss of important information or allow the intruder into the systems.
  2. System stability and availability. Security testing helps to improve the system and finally helps it to work for a longer time (or it will work without hassles for the estimated time).
  3. System integrity. If involved in the early stages of development life cycle, security testing allows eliminating possible flaws in system design and implementation. We need to consider security aspects in architecture phase.
  4. Economic efficiency. It’s much cheaper to prevent the possible problem rather than to strive for resolving it and its consequences.

The main objective of software security analysis and testing is the verification that the software exhibits the following properties and behaviors:

  1. Its behavior is predictable and secure.
  2. It exposes no vulnerabilities or weaknesses (ideally it contains no vulnerabilities or weaknesses, exposed or not).
  3. Its error and exception handling routines enable it to maintain a secure state when confronted by attack patterns or intentional faults.
  4. It satisfies all of its specified and implicit nonfunctional security requirements.
  5. It does not violate any specified security constraints.
  6. As much of its runtime-interpretable source code and bytecode as possible has been obscured or obfuscated to deter reverse engineering.

You can share your thoughts here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s