Need for Security testing
Five Principles Needing to Test –
1. Authentication: Identity – Validity

    • Login, timeout, failures, pw changes, mins/maxs, stored encrypted, bypass captured URL, handling deletion of outdated, expirations, 2-factor:atm
    • Unix:Access.conf, .htaccess, .nsconfig
    • Windows: challenge/response; SSO; Passport

2. Integrity: protection from tampering/spoofing
3. Privacy: protection from eavesdropping
4. Non-Repudiation: accountability – digital sigs
5. Availability: RAID,clusters,cold standbys

Read More Here –

Pin It on Pinterest