| Security Testing |
|
Security goals aim at ensuring availability and confidentiality. Security Testing at enterprise can be classified in four levels.
1.0 Security Strategy: 1.1 Optimized Security Solutions: There are conflicting goals between security and projects. The projects goals aim at simplicity, efficiency, timely deliveries and usability. Security goals may inhibit/impede project goals due to elaborate nature of secured solutions. Our security team has an important role to perform. Between the project goals and software security goals, the security team understands the system architecture and application design between the four enterprising levels classified above, recommend trade off optimized solutions between project and security goals. 1.2 Security Test Plan: Our security team make a study about the current environment that consist of collecting information on trusted and untrusted networks, hardware and software setups, the available security policies, security goals and objectives, the threats include vulnerabilities, attacks, integrity, Denial of Services, Disclosures etc, the existing business continuity plans, disaster recovery plans etc to make a Security Test Plan document (STP). The document is shared with the customer. 2.0 Secured Solutions Secured solutions are the actual implementation through the software development life cycle during code construction, integration of various third party API’s, third party interfaces with in the core observations made in Security Plan Document (SPD). The secured solutions include the following: 2.1 Software Application – Application Security Testing 2.2 Databases – Database Security Testing 2.3 Trusted and Untrusted Networks – Network Security Testing 2.4 Third Party API’s and Interfaces – Application Security Testing, API/Interface security testing |
