1 / 11

SECURITY TESTING SERVICES

SECURITY TESTING SERVICES. Security testing services. PRESENTATION PLAN WHAT IS SECURITY TESTING WHO NEEDS SECURITY TESTING SECURITY TESTING AT ITC Software SECURITY TESTING PROCESS. What is security testing. WHAT IS SECURITY TESTING?

ursala
Télécharger la présentation

SECURITY TESTING SERVICES

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SECURITY TESTING SERVICES

  2. Security testing services PRESENTATION PLAN • WHAT IS SECURITY TESTING • WHO NEEDS SECURITY TESTING • SECURITY TESTING AT ITC Software • SECURITY TESTING PROCESS

  3. What is security testing WHAT IS SECURITY TESTING? Security testing is a process to determine that an information system protects data and maintains functionality as intended. The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorization, availability and non-repudiation. REASONS FOR SECURITY TESTING • Information and access security. Security tests help to find out loopholes that can cause loss of important information or allow intruder into the systems. • System stability. Security testing helps to improve the system and finally helps it to work for longer time (or it will work without hassles for the estimated time). • System integrity. If involved on the early stages of development life cycle, security testing allows to eliminate possible flaws in system design and implementation. • Economical efficiency. It’s much cheaper to prevent the possible problem rather than to strive for resolving it and its consequences.

  4. Security testing services PRESENTATION PLAN • WHAT IS SECURITY TESTING • WHO NEEDS SECURITY TESTING • SECURITY TESTING AT ITC Software • SECURITY TESTING PROCESS

  5. What is solved with security testing According OWASP Top Ten 2010 MAIN WEB SECURITY PROBLEMS are: • Injections • Cross Site Scripting (XSS) • Broken authentification and session management • Insecure direct object reference • Cross Site Request Forgery (CSRF) • Security misconfigurations • Failure to restrict URL access • Unvalidated redirects and forwards • Insecure cryptographic storage • Insufficient transport layer protection

  6. Who needs security testing Security testing is very important for the following TYPES OF APPLICATIONS: • Web-applications • Applications with sensitive commercial or personal information • Payment and statistic systems • Applications, sensitive to data distortion • Social applications • Applications with expensive licensing

  7. Security testing services PRESENTATION PLAN • WHAT IS SECURITY TESTING • WHO NEEDS SECURITY TESTING • SECURITY TESTING AT ITC Software • SECURITY TESTING PROCESS

  8. Security testing at ITC Software • TEAM. At ITC Software we have a dedicated security testing team. Team members are highly experienced professionals in web-based and desktop applications security testing. • METHODOLOGY. ITC Software security testing process is usually based on OWASP Testing Guide, PCI DSS, ISO 27001 and other most common standards and practices. • TOOLS EMPLOYED. We use IBM Rational Appscan, WebInspect, WebScarab, Xspider, Nessus, Nikto, Firebug, and other small tools for injection checks.

  9. Security testing services PRESENTATION PLAN • WHAT IS SECURITY TESTING • WHO NEEDS SECURITY TESTING • SECURITY TESTING AT ITC Software • SECURITY TESTING PROCESS

  10. Security testing process If involved on the early stages of development life cycle, security testing allows to eliminate possible flaws in system design and implementation.

  11. Contact details ITC Software Phone: + 978 287 4855 Email: info@itcsoftware.com Web: www.itcsoftware.com

More Related