Security Testing Service | Security Testing Services

Services > Security Testing Services

Security Testing Services

Security Testing Services

Security testing is an indispensable part of building modern software. It’s performed as part of the software development lifecycle by testers armed with both software security and software testing expertise.

QualiTest security testing service has two main objectives:

  1. Verify that the information data on the system is protected
  2. Assures the system maintains its functionality as intended

In industries with extra sensitive information such as defense and finance, the need for security testing becomes greater and mandates a high level of expertise and experience in order to ensure the system protection and functionality.

QualiTest has developed a structured methodology for security testing. This methodology is designed to accompany the entire Systems Development Life Cycle (SDLC) throughout the different stages and ensure early detection of future critical faults.

The testing process is comprised from the following activities:

  • Capture and define the security test requirements
  • Define all entry points to the system, such as: files, sockets, hypertext transfer Protocol (HTTP) requests, named pipes, pluggable activities protocol handlers, malicious server responses and so on.
  • Analyze potential threats and risk analysis based on the entry points defined.

    Example of threats and the methods to analyze them:
    • Authentication tests. Done by performing these activities:
      • User guesses the password
      • Brute force attack
      • Password recovery validation
    • Session management
      • Session Management (reuse of session ID)
      • Session hijacking (check whether session ids are predictable)
      • Session visibility (Check if important data is transferred using HTTPS protocol)
    • Error handling
      • Buffer Overflow Testing
        • Long strings of a single character
        • Lengths of strings with common boundary conditions: 128 bytes, 256 bytes, 1024 bytes, 65535 bytes…
        • Varying string patterns
        • Random lengths of strings
      • Cross Site Scripting Testing
        • Less-Than Sign
        • Greater-Than Sign
        • Quotation Mark
        • Apostrophe
        • Alternate encodings of the same
      • Format String Testing
        • %s, %x, %n
        • Various repetitions of the same
      • Random Data Testing
        • Purely random data included in requests
        • Purely random data included as parameters
        • Encoded random data included as parameters
      • Random Mutation of Valid Data Testing
        • Bit flipping of known legitimate data
        • Byte stream sliding within known legitimate data
        • Random Mutation of Valid Data Testing
      • Encryption / Decryption
      • SQL injections
        • Cross –Script manipulation
          • Change data within the log in script
          • Insert malicious data
          • Pull data
          • Shut down services
        • Error Handling
          • Apostrophe
          • Quotation mark
          • Comma
          • Bracket
          • Alternate encodings of the same
        • Permissions
          • Implication of permission structure
          • Grant permissions
          • Attack based tests
        • Security Requirements Static Test (Security Audit)
        • Prepare Security Checklists
        • Plan and Execute Security Test Assets
        • Executing external ad-hoc penetration tests. This method is used to evaluate the security of a computer system or network by simulating an attack from a malicious source. Penetration test is usually performed at the latest stages of the coding phase

QualiTest offers a full security testing converge service. The service includes managing the entire Security Test Lifecycle while implementing QualiTest security testing methodology according to the need and project stages.

security testing service