User talk:Raghavendra Rao PV

--Raghavendra Rao PV (talk) 04:44, 24 January 2014 (CST)

Security Testing - The Begining
Data or information can be globally accessed by individuals through the Internet. Depending on the criticality levels, data may be classified as: Critical, Highly Confidential, Confidential or Public. Such data/information residing at the servers will be managed by an Administrator or a group of administrators.

Web Applications designed and developed by an organization too serves a similar purpose and data classification approach.

1. Showcase the capabilities of the organization

2. Grant access to internal users/employees

3. Grant access to external users/customers

Customers/Organizations are at a constant risk of their sensitive data being exploited by unwanted users. Such users pose a threat to organizations by identifying loopholes/vulnerabilities in the web applications and exposing these vulnerabilities on the Internet. Doing so will bring down the reputation of these organizations in the show business. Hence to summarize, the major risks associated by showcasing an organizations information on the Internet can be considered to be:

1. Threat of misuse by individuals

2. Reputation of the organization

There came an urge to protect sensitive information from being disclosed out in the public via Internet. Individuals/Customers/Clients/Organizations started demanding the development community to build them SECURE softwares to overcome the already existing list of attack scenarios. Developers had to incorporate security controls while developing any software. Since most of the developers are unaware of security consequences nor given on the job trainings for building a secure software, there came a specialized group of Testers/Analysts/Consultants/Experts whose major role in the Organization is to identify security loopholes in the software and assist the developers in fixing them.

--Raghavendra Rao PV 03:59, 26 September 2012 (UTC)

Security Testing - An Overview
Developers are under strict timelines to complete the project. Hence developers concentrate more on the development activities than implementing security features in the application.

Testers concentrate more on the functional testing aspects and are less aware of testing applications specific to security controls.

Information Technology industry required a new breed of testers who could identify the security threats in their application and assist them in overcoming the security threats. Some of the skilled people enhanced their testing knowledge and concentrated more towards the security aspects. This group of skilled testers were coined as Security Testers/Advisors/Consultants/Experts.

Security Testing in the recent past has been considered as one of the critical stages of Software Development Life Cycle [SDLC] and Customers/Organizations/Clients/Vendors are insisting the Software Development Organizations to conduct a thorough round of security tests on their applications and comply to a Industry Standard. The Industry Standard is either:

1. Custom: Defined by the requesting Organization -or-

2. Public: As per the Software Development Organization or any Open Source Industry Standard.

Industry Standards/Guidelines play an important role in addressing the Confidentiality, Integrity and Availability [CIA] of information to the right person at the right time.