SECURITY TESTING SERVICES

sweetlipscasteSecurity

Nov 2, 2013 (3 years and 5 months ago)

81 views

www.itcsoftware.com

ITC

Software

Software

ITC

SECURITY TESTING SERVICES

www.itcsoftware.com

ITC

Software

Security testing services

PRESENTATION PLAN


WHAT IS SECURITY TESTING


WHO NEEDS SECURITY TESTING


SECURITY TESTING AT ITC Software


SECURITY TESTING PROCESS


www.itcsoftware.com

ITC

Software

What is security testing

WHAT

IS

SECURITY

TESTING?

Security

testing

is

a

process

to

determine

that

an

information

system

protects

data

and

maintains

functionality

as

intended
.

The

six

basic

security

concepts

that

need

to

be

covered

by

security

testing

are
:

confidentiality,

integrity,

authentication,

authorization,

availability

and

non
-
repudiation
.

REASONS

FOR

SECURITY

TESTING


Information

and

access

security
.

Security

tests

help

to

find

out

loopholes

that

can

cause

loss

of

important

information

or

allow

intruder

into

the

systems
.



System

stability
.

Security

testing

helps

to

improve

the

system

and

finally

helps

it

to

work

for

longer

time

(or

it

will

work

without

hassles

for

the

estimated

time)
.


System

integrity
.

If

involved

on

the

early

stages

of

development

life

cycle,

security

testing

allows

to

eliminate

possible

flaws

in

system

design

and

implementation
.



Economical

efficiency
.

It’s

much

cheaper

to

prevent

the

possible

problem

rather

than

to

strive

for

resolving

it

and

its

consequences
.



www.itcsoftware.com

ITC

Software

Security testing services

PRESENTATION PLAN


WHAT IS SECURITY TESTING


WHO NEEDS SECURITY TESTING


SECURITY TESTING AT ITC Software


SECURITY TESTING PROCESS


www.itcsoftware.com

ITC

Software

What is solved with security testing

According OWASP Top Ten 2010
MAIN WEB SECURITY PROBLEMS

are:


Injections


Cross Site Scripting (XSS)


Broken authentification and session management


Insecure direct object reference


Cross Site Request Forgery (CSRF)


Security misconfigurations


Failure to restrict URL access


Unvalidated redirects and forwards


Insecure cryptographic storage


Insufficient transport layer protection

www.itcsoftware.com

ITC

Software

Who needs security testing

Security testing is very important for the following
TYPES OF APPLICATIONS
:


Web
-
applications


Applications with sensitive commercial or personal information


Payment and statistic systems


Applications, sensitive to data distortion


Social applications


Applications with expensive licensing


www.itcsoftware.com

ITC

Software

Security testing services

PRESENTATION PLAN


WHAT IS SECURITY TESTING


WHO NEEDS SECURITY TESTING


SECURITY TESTING AT ITC Software


SECURITY TESTING PROCESS


www.itcsoftware.com

ITC

Software

Security testing at ITC Software


TEAM
.

At

ITC

Software

we

have

a

dedicated

security

testing

team
.

Team

members

are

highly

experienced

professionals

in

web
-
based

and

desktop

applications

security

testing
.



METHODOLOGY
.

ITC

Software

security

testing

process

is

usually

based

on

OWASP

Testing

Guide,

PCI

DSS,

ISO

27001

and

other

most

common

standards

and

practices
.



TOOLS

EMPLOYED
.

We

use

IBM

Rational

Appscan,

WebInspect,

WebScarab,

Xspider,

Nessus,

Nikto,

Firebug,

and

other

small

tools

for

injection

checks
.


www.itcsoftware.com

ITC

Software

Security testing services

PRESENTATION PLAN


WHAT IS SECURITY TESTING


WHO NEEDS SECURITY TESTING


SECURITY TESTING AT ITC Software


SECURITY TESTING PROCESS


www.itcsoftware.com

ITC

Software

Security testing process

If

involved

on

the

early

stages

of

development

life

cycle,

security

testing

allows

to

eliminate

possible

flaws

in

system

design

and

implementation
.


www.itcsoftware.com

ITC

Software

Contact details

ITC

Software


Phone
:

+

978

287

4855

Email
:

info@itcsoftware
.
com


Web
:

www
.
itcsoftware
.
com