Security Testing

Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended.

The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorisation, availability and non-repudiation.

Software Testing Portal

Contents 1 Confidentiality 2 Integrity 3 Authentication 4 Authorization 5 Availability 6 Non-repudiation 7 See also

Confidentiality

• A security measure which protects against the disclosure of information to parties other than the intended recipient that is by no means the only way of ensuring confidentiality.

Integrity

• A measure intended to allow the receiver to determine that the information which it receives has not been altered in transit or by other than the originator of the information.
• Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but they usually involve adding additional information to a communication to form the basis of an algorithmic check rather than the encoding all of the communication.

Authentication

• A measure designed to establish the validity of a transmission, message, or originator.
• Allows a receiver to have confidence that information it receives originated from a specific known source.

Authorization

• The process of determining that a requester is allowed to receive a service or perform an operation.
• Access control is an example of authorization.

Availability

• Assuring information and communications services will be ready for use when expected.
• Information must be kept available to authorized persons when they need it.

Also authority to operate

Non-repudiation

• A measure intended to prevent the later denial that an action happened, or a communication that took place etc.
• In communication terms this often involves the interchange of authentication information combined with some form of provable time stamp