What is Security Testing | Types of Security Testing in IT Industry - Curious CORP

Tuesday, July 23, 2019

What is Security Testing | Types of Security Testing in IT Industry

When you are into the world of Ethical hacking, you will confront another term 'security testing'. In big companies and organization security testing is done to find any loophole or security vulnerability in the system and hence patch it.



Security testing is generally done by white hat hackers to find the loopholes and vulnerabilities in the system. 

There are different variants of security testing of a system,network, application of an organization. Different security testing have different procedures and that also depends upon the security tester or white hat hacker and also what information is provided by the organization of the company.

In this article we will look at the following topics :

What is security testing ?
Types of security testing
  • Black box testing
  • White box Testing
  • Grey box testing
Categories of testing
  • Internal testing
  • External testing

what is security testing and types of security testing


What is security testing?

Security testing is carried out by white hat hackers who are being appointed by the company or the organization. It is also referred to as penetration testing or pen-testing.

When a company or organization hires a security tester or a white hat hacker they may give him some information or assistance to get started with the hacking procedure or they may not provide him with any of the details or assistance for his practice of hacking.


What are the types of security testing



So depending upon how the company assess the white hat hacker, the security testing is divided into three categories which are,
  • Black box testing 
  • White box testing 
  • Grey box testing


White box testing

When the security tester or the hacker is provided with Complete details and assistance from the organization to find loopholes in the system it is known as white box testing.

so, for example, the company or the organization may provide the white hat hacker for security testing with some essential details like login credentials, the source of the website and server details which might help the hacker to hack into the system.

The point of providing this essential details to the hacker is to confirm that not even the slightest loophole is left out while doing this exercise so this ensures that proper security of the system.


Black box testing

When the security tester or hacker is provided with no information and and no assistance from the company or the organization it is known as Black box testing.

In this exercise of black box testing, the organization do not give any credential or any details to the hacker and and so the hacker has to find its own way into the system without any help. The hacker has as much information as any normal person would have.

The goal of this type of testing is to see if hacker can hack into the system without any assistance from the company and what are the ways the hacker tries to hack into the system.


Grey box testing

This type of testing is a mixture of black box and white box testing in this testing process, the hacker is provided with some partial or very few information from the organization of the company.

So, for example, the company or the organization may provide the hacker or security tester with some demo account, some server details but the company may not provide some crucial information or important information like the source code of the website, admin access etc.

The goal of doing a grey box testing is to find out if someone or some hacker has a pretty basic knowledge about a company or organization, how can he hack into system with that little information.


Categories of Security Testing



Based on the location of the security tester or white hat hacker, the security testing has two categories in it. Which are,
  • Internal Testing 
  • External Testing

Internal testing

This type of testing is done when the organization or the company wants to check for any security loopholes or vulnerability in their private network. 

So the hacker tries to hack into the system of the company within the premises of the company, he directly connects to the private network of the company and looks for any vulnerability. Internal testing is done when a company wants to secure its internal network or an internal application which the company may find vulnerable to the the people working with them.

External testing

External testing is done when the hacker tries to hack into the system or look for the vulnerabilities outside the organization's network. This means the company or organizations that is simply connected to the internet and the hacker can connect to the internet and look for vulnerabilities by accessing their system. 

Most companies prefer this type of testing from security tester.




Conclusion

This was the classification of security testing that is being followed by the white and hackers in the IT industry. Ethical hacking is very important for securing any system or any application to block all the loopholes and vulnerabilities in it. Security testers are the ones who looks for loopholes in the system and provide valuable assistance.


No comments:

Post a Comment