views:

543

answers:

3

What are the different types of Security Testing?

+1  A: 
  • Risk assessment - creating a threat model and defining what will be tested.
  • Security auditing - using the threat model to probe the system design.
  • Vulnerability scanning - using software to probe the system inplementation.
  • Penetration testing - trying to hack into the system, either externally or internally.
  • Operational testing - some or all of the above after the system is in production.
RoadWarrior
A: 

As per Wikipedia, the six basic security concepts that need to be covered by security testing are:

  • confidentiality
  • integrity
  • authentication,
  • authorization,
  • availability
  • non-repudiation.
philippe
A: 
  • Vulnerability Scanning - Typically an automated procedure to scan one or more systems against known vulnerability signatures.

  • Security Scanning - This is a vulnerability scan plus a manual verification of the findings to help remove false positives/ negatives. Penetration Testing - A tester will attempt to gain access and prove access to the system owner.

  • Risk Assessment - involves a security analysis of interviews with employees compiled with business and industry justifications for risks discovered.

  • Security Auditing - Typically an in-depth auditing of software code and/or Operating Systems. This is often a very thorough line-by-line inspection of code.

  • Ethical Hacking - This is very similar to a penetration test, but it is usually many of them against a number of systems in order to discover as many attack vectors as possible.

  • Posture Assessment and Security Testing - This combines security scanning, ethical hacking and risk assessments to show the overall security posture of the organization.

Each of these security testing types can be further sub-categorized by different methodologies.