Security Testing Services

Security testing entails verification that the information data on the system is protected and assure that the system maintains its intended functionality. QualiTest’s structured methodology for software security testing accompanies the entire Systems Development Life Cycle (SDLC) throughout the different stages and ensures early detection of future critical faults.

Deliverables of QualiTest’s Security Testing Services

  • A complete system breakdown, detailing your system’s structure and our plan for testing.
  • A comprehensive defect report exhibits the details about any security weaknesses, each bug, its severity, location and much more.
  • On-going support is provided from a QualiTest senior test specialist to improve quality and incite continuous improvement
What You Get
All people provided by QualiTest have 'lived' the QualiTest values, integrating into the project to assure quality of both process and products.

Steve Whitby, EADS

EADS Logo

Features

QualiTest’s security testing process is comprised from the following activities:

  • Capture and define the security test requirements
  • Define all entry points to the system, such as: files, sockets,hypertext transfer Protocol (HTTP) requests, named pipes, pluggable activities protocol handlers, malicious server responses and so on.
  • Analyze potential threats and risk analysis based on the entry points defined.Example of threats and the methods to analyze them:
    • Authentication tests. This is achieved by performing these activities:
      • User guesses the password
      • Brute force attack
      • Password recovery validation
    • Session management
      • Session Management (reuse of session ID)
      • Session hijacking (check whether session ids are predictable)
      • Session visibility (Check if important data is transferred using HTTPS protocol)
    • Error handling
      • Buffer Overflow Testing
        • Long strings of a single character
        • Lengths of strings with common boundary conditions: 128 bytes, 256 bytes, 1024 bytes, 65535 bytes…
        • Varying string patterns
        • Random lengths of strings
      • Cross Site Scripting Testing
        • Less-Than Sign
        • Greater-Than Sign
        • Quotation Mark
        • Apostrophe
        • Alternate encodings of the same
      • Format String Testing
        • %s, %x, %n
        • Various repetitions of the same
      • Random Data Testing
        • Purely random data included in requests
        • Purely random data included as parameters
        • Encoded random data included as parameters
      • Random Mutation of Valid Data Testing
        • Bit flipping of known legitimate data
        • Byte stream sliding within known legitimate data
        • Random Mutation of Valid Data Testing
      • Encryption / Decryption
      • SQL injections
        • Cross –Script manipulation
          • Change data within the log in script
          • Insert malicious data
          • Pull data
          • Shut down services
        • Error Handling
          • Apostrophe
          • Quotation mark
          • Comma
          • Bracket
          • Alternate encodings of the same
        • Permissions
          • Implication of permission structure
          • Grant permissions
          • Attack based tests
        • Security Requirements Static Test (Security Audit)
        • Prepare Security Checklists
        • Plan and Execute Security Test Assets
        • Executing external ad-hoc penetration tests. This method is used to evaluate the security of a computer system or network by simulating an attack from a malicious source. Penetration test is usually performed at the latest stages of the coding phase.

Another great aspect of QualiTest’s security testing is that of Fuzz Testing through beSTORM.

The benefits of using QualiTest security testing services include:

  • Quality Insight – QualiTest can provide you with peace of mind and assurance of a clear insight into the quality of your system.
  • Existing testing labs with qualified security testing engineers at QualiTest test centers
  • No lead time - Reduce application time to market
  • Competitive pricing – Take advantage of our existing operation at competitive pricing
  • Quality Improvement– Our experienced testing engineers can increase your testing coverage and assure new quality standards.