SlideShare una empresa de Scribd logo

Security Testing

Kiran Kumar
Kiran Kumar

Learn More about Security Testing

TecnologíaNoticias y política
1 de 36
Security Testing through Automated Software Tests Stephen de Vries, Principal Consultant, Corsaire [email_address]
[object Object],Typical Iterative development life cycle ,[object Object],[object Object],[object Object]
Typical Iterative development life cycle
Typical Iterative development life cycle ,[object Object],[object Object],[object Object],[object Object]
Outline ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Use cases and Abuse cases ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Taxonomy of Automated Software Tests ,[object Object],[object Object],[object Object]
Taxonomy of Automated Software Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Taxonomy of Automated Software Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Taxonomy of Automated Software Tests ,[object Object],[object Object],[object Object],[object Object],[object Object]
Introducing JUnit ,[object Object],[object Object]
Introducing JUnit ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Introducing JUnit ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Introducing JUnit public class CartTest extends TestCase { public CartTest(String testName) { super(testName); } protected void setUp() throws Exception { //Code here will be executed before every testXXX method } protected void tearDown() throws Exception { //Code here will be executed after every testXXX method } public void testNewCartHasZeroItems() { // Test code goes here } public void testAddSingleItem() { // Test code goes here } public void testAddTwoItems() { // Test code goes here } public void testAddNullItem() { // Test code goes here } }
Introducing JUnit public void testAddTwoItems() { Cart instance = new Cart(); boolean isInStock = true; //First add an item Item item = new Item(); item.setItemId("item01"); instance.addItem(item, isInStock); //Test adding a second item Item item2 = new Item(); item2.setItemId("item02"); instance.addItem(item2, isInStock); //Check whether item01 is in the cart boolean result = instance.containsItemId("item01"); assertTrue("First item is in cart", result); //Check whether item02 is in the cart result = instance.containsItemId("item02"); assertTrue("Second item is in cart", result); //Check that there are 2 items in the cart assertEquals("2 items in cart", instance.getNumberOfItems(), 2); } USE CASE TEst
Introducing JUnit ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],ABUSE CASE TEST
Introducing JUnit ,[object Object],[object Object],[object Object],[object Object]
Introducing JUnit ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Web Application Security Standards ,[object Object],[object Object],[object Object],[object Object],[object Object]
Web Application Security Standards Example:
Web Application Security Standard
Testing Security in Unit Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Testing Security in Unit Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Testing Security in Unit Tests ,[object Object],[object Object],[object Object],[object Object],[object Object]
Testing Security in Integration Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Testing Security in Integration Tests ,[object Object],[object Object],[object Object],[object Object]
Testing Security in Integration Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Testing Security in Integration Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Testing Security in Integration Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Security Testing in Acceptance Tests ,[object Object],[object Object],[object Object],[object Object],[object Object]
Security Testing in Acceptance Tests ,[object Object],public class XSSinSearchFieldTest extends WebTestCase { public void setUp() throws Exception { getTestContext().setBaseUrl(&quot;http://example.corsaire.com/ispatula/&quot;); } public void testHtmlInjection() throws Exception { beginAt(&quot;/index.html&quot;); assertLinkPresentWithText(&quot;Enter the Store&quot;); clickLinkWithText(&quot;Enter the Store&quot;); assertFormPresent(&quot;searchForm&quot;); setFormElement(&quot;query&quot;, &quot;<a id=amp;quot;injectionamp;quot; href=amp;quot;http://www.google.com>Injection</a>&quot;); submit(); assertLinkNotPresent(&quot;injection&quot;); } public XSSinSearchFieldTest(String name) { super(name); } }
Security Testing in Acceptance Tests
Security Testing in Acceptance Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Security Testing in Acceptance Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Security Testing in Acceptance Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusions ,[object Object],[object Object],[object Object],[object Object],[object Object]

Recomendados

Security testing fundamentals
Security testing fundamentalsSecurity testing fundamentals
Security testing fundamentalsCygnet Infotech
 
Security Testing
Security TestingSecurity Testing
Security TestingQualitest
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentationConfiz
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyAditya Gupta
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Getting Started with API Security Testing
Getting Started with API Security TestingGetting Started with API Security Testing
Getting Started with API Security TestingSmartBear
 
Security testing
Security testingSecurity testing
Security testingKhizra Sammad
 

Recomendados

Security testing fundamentals
Security testing fundamentalsSecurity testing fundamentals
Security testing fundamentalsCygnet Infotech
 
Security Testing
Security TestingSecurity Testing
Security TestingQualitest
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentationConfiz
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyAditya Gupta
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Getting Started with API Security Testing
Getting Started with API Security TestingGetting Started with API Security Testing
Getting Started with API Security TestingSmartBear
 
Security testing
Security testingSecurity testing
Security testingKhizra Sammad
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics Mohammed Adam
 
Learn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAPLearn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAPPaul Ionescu
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Security testing
Security testingSecurity testing
Security testingTabăra de Testare
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Codemotion
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testingecmee
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryDaniel Miessler
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With ExamplesAlwin Thayyil
 
Security-testing presentation
Security-testing presentationSecurity-testing presentation
Security-testing presentationEzhilan Elangovan (Eril)
 

Más contenido relacionado

La actualidad más candente

Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics Mohammed Adam
 
Learn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAPLearn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAPPaul Ionescu
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Codemotion
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testingecmee
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryDaniel Miessler
 

La actualidad más candente (20)

Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?
 
Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics
 
Learn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAPLearn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAP
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & Testing
 
Security testing
Security testingSecurity testing
Security testing
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
Security testing
Security testingSecurity testing
Security testing
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
 

Destacado

Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With ExamplesAlwin Thayyil
 
Explore Security Testing
Explore Security TestingExplore Security Testing
Explore Security Testingshwetaupadhyay
 
Introduction to security testing
Introduction to security testingIntroduction to security testing
Introduction to security testingNagasahas DS
 
Web Security
Web SecurityWeb Security
Web SecurityTripad M
 
Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security TestingvodQA
 
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTING
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTINGANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTING
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTINGEditor IJMTER
 
Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1robin_bene
 
Portfolio
PortfolioPortfolio
Portfoliophpworm
 
Requirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing LabRequirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing LabSyed Ubaid Ali Jafri
 
Web security: concepts and tools used by attackers
Web security: concepts and tools used by attackersWeb security: concepts and tools used by attackers
Web security: concepts and tools used by attackerstomasperezv
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testingankitmehta21
 

Destacado (17)

Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
 
Security-testing presentation
Security-testing presentationSecurity-testing presentation
Security-testing presentation
 
Explore Security Testing
Explore Security TestingExplore Security Testing
Explore Security Testing
 
Introduction to security testing
Introduction to security testingIntroduction to security testing
Introduction to security testing
 
Web Security
Web SecurityWeb Security
Web Security
 
Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security Testing
 
Web Security
Web SecurityWeb Security
Web Security
 
Cygnet corporate ppt
Cygnet corporate pptCygnet corporate ppt
Cygnet corporate ppt
 
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTING
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTINGANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTING
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTING
 
Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1
 
Software Testing and UML Lab
Software Testing and UML LabSoftware Testing and UML Lab
Software Testing and UML Lab
 
Portfolio
PortfolioPortfolio
Portfolio
 
Requirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing LabRequirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing Lab
 
Security testing ?
Security testing ?Security testing ?
Security testing ?
 
Web security: concepts and tools used by attackers
Web security: concepts and tools used by attackersWeb security: concepts and tools used by attackers
Web security: concepts and tools used by attackers
 
Security Testing for Web Application
Security Testing for Web ApplicationSecurity Testing for Web Application
Security Testing for Web Application
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
 

Similar a Security Testing

J unit presentation
J unit presentationJ unit presentation
J unit presentationPriya Sharma
 
Junit4&testng presentation
Junit4&testng presentationJunit4&testng presentation
Junit4&testng presentationSanjib Dhar
 
Unit testing php-unit - phing - selenium_v2
Unit testing php-unit - phing - selenium_v2Unit testing php-unit - phing - selenium_v2
Unit testing php-unit - phing - selenium_v2Tricode (part of Dept)
 
Testes? Mas isso não aumenta o tempo de projecto? Não quero...
Testes? Mas isso não aumenta o tempo de projecto? Não quero...Testes? Mas isso não aumenta o tempo de projecto? Não quero...
Testes? Mas isso não aumenta o tempo de projecto? Não quero...Comunidade NetPonto
 
Grails unit testing
Grails unit testingGrails unit testing
Grails unit testingpleeps
 
Solit 2013, Автоматизация тестирования сложных систем: mixed mode automated t...
Solit 2013, Автоматизация тестирования сложных систем: mixed mode automated t...Solit 2013, Автоматизация тестирования сложных систем: mixed mode automated t...
Solit 2013, Автоматизация тестирования сложных систем: mixed mode automated t...solit
 
Unit Testing on Android - Droidcon Berlin 2015
Unit Testing on Android - Droidcon Berlin 2015Unit Testing on Android - Droidcon Berlin 2015
Unit Testing on Android - Droidcon Berlin 2015Buşra Deniz, CSM
 
The secret unit testing tools no one ever told you about
The secret unit testing tools no one ever told you aboutThe secret unit testing tools no one ever told you about
The secret unit testing tools no one ever told you aboutDror Helper
 
Secret unit testing tools no one ever told you about
Secret unit testing tools no one ever told you aboutSecret unit testing tools no one ever told you about
Secret unit testing tools no one ever told you aboutDror Helper
 
31b - JUnit and Mockito.pdf
31b - JUnit and Mockito.pdf31b - JUnit and Mockito.pdf
31b - JUnit and Mockito.pdfgauravavam
 
1 aleksandr gritsevski - attd example using
1 aleksandr gritsevski - attd example using1 aleksandr gritsevski - attd example using
1 aleksandr gritsevski - attd example usingIevgenii Katsan
 
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...GlobalLogic Ukraine
 
Pragmatic unittestingwithj unit
Pragmatic unittestingwithj unitPragmatic unittestingwithj unit
Pragmatic unittestingwithj unitliminescence
 
Unit Testing - Nakov's Talk @ VarnaConf 2013
Unit Testing - Nakov's Talk @ VarnaConf 2013Unit Testing - Nakov's Talk @ VarnaConf 2013
Unit Testing - Nakov's Talk @ VarnaConf 2013Svetlin Nakov
 
Unit testing by Svetlin Nakov
Unit testing by Svetlin NakovUnit testing by Svetlin Nakov
Unit testing by Svetlin Nakovit-tour
 

Similar a Security Testing (20)

J unit presentation
J unit presentationJ unit presentation
J unit presentation
 
JUnit Presentation
JUnit PresentationJUnit Presentation
JUnit Presentation
 
Junit4&testng presentation
Junit4&testng presentationJunit4&testng presentation
Junit4&testng presentation
 
Unit testing php-unit - phing - selenium_v2
Unit testing php-unit - phing - selenium_v2Unit testing php-unit - phing - selenium_v2
Unit testing php-unit - phing - selenium_v2
 
Testes? Mas isso não aumenta o tempo de projecto? Não quero...
Testes? Mas isso não aumenta o tempo de projecto? Não quero...Testes? Mas isso não aumenta o tempo de projecto? Não quero...
Testes? Mas isso não aumenta o tempo de projecto? Não quero...
 
Grails unit testing
Grails unit testingGrails unit testing
Grails unit testing
 
Solit 2013, Автоматизация тестирования сложных систем: mixed mode automated t...
Solit 2013, Автоматизация тестирования сложных систем: mixed mode automated t...Solit 2013, Автоматизация тестирования сложных систем: mixed mode automated t...
Solit 2013, Автоматизация тестирования сложных систем: mixed mode automated t...
 
Unit Testing on Android - Droidcon Berlin 2015
Unit Testing on Android - Droidcon Berlin 2015Unit Testing on Android - Droidcon Berlin 2015
Unit Testing on Android - Droidcon Berlin 2015
 
Unit Testing
Unit TestingUnit Testing
Unit Testing
 
The secret unit testing tools no one ever told you about
The secret unit testing tools no one ever told you aboutThe secret unit testing tools no one ever told you about
The secret unit testing tools no one ever told you about
 
J Unit
J UnitJ Unit
J Unit
 
Secret unit testing tools no one ever told you about
Secret unit testing tools no one ever told you aboutSecret unit testing tools no one ever told you about
Secret unit testing tools no one ever told you about
 
Unit testing - A&BP CC
Unit testing - A&BP CCUnit testing - A&BP CC
Unit testing - A&BP CC
 
31b - JUnit and Mockito.pdf
31b - JUnit and Mockito.pdf31b - JUnit and Mockito.pdf
31b - JUnit and Mockito.pdf
 
1 aleksandr gritsevski - attd example using
1 aleksandr gritsevski - attd example using1 aleksandr gritsevski - attd example using
1 aleksandr gritsevski - attd example using
 
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
 
Pragmatic unittestingwithj unit
Pragmatic unittestingwithj unitPragmatic unittestingwithj unit
Pragmatic unittestingwithj unit
 
Unit testing with JUnit
Unit testing with JUnitUnit testing with JUnit
Unit testing with JUnit
 
Unit Testing - Nakov's Talk @ VarnaConf 2013
Unit Testing - Nakov's Talk @ VarnaConf 2013Unit Testing - Nakov's Talk @ VarnaConf 2013
Unit Testing - Nakov's Talk @ VarnaConf 2013
 
Unit testing by Svetlin Nakov
Unit testing by Svetlin NakovUnit testing by Svetlin Nakov
Unit testing by Svetlin Nakov
 

Más de Kiran Kumar

User Interface Standards
User Interface StandardsUser Interface Standards
User Interface StandardsKiran Kumar
 
Banking Overview
Banking OverviewBanking Overview
Banking OverviewKiran Kumar
 
Winrunner Vs QTP
Winrunner Vs QTPWinrunner Vs QTP
Winrunner Vs QTPKiran Kumar
 
Software Testing
Software TestingSoftware Testing
Software TestingKiran Kumar
 
Software Testing
Software TestingSoftware Testing
Software TestingKiran Kumar
 
Software Testing
Software TestingSoftware Testing
Software TestingKiran Kumar
 
Software Testing Techniques
Software Testing TechniquesSoftware Testing Techniques
Software Testing TechniquesKiran Kumar
 
Software Testing Techniques
Software Testing TechniquesSoftware Testing Techniques
Software Testing TechniquesKiran Kumar
 
Testing Fundamentals
Testing FundamentalsTesting Fundamentals
Testing FundamentalsKiran Kumar
 
Quality Assurance
Quality AssuranceQuality Assurance
Quality AssuranceKiran Kumar
 
Software Quality Testing
Software Quality TestingSoftware Quality Testing
Software Quality TestingKiran Kumar
 

Más de Kiran Kumar (12)

User Interface Standards
User Interface StandardsUser Interface Standards
User Interface Standards
 
Banking Overview
Banking OverviewBanking Overview
Banking Overview
 
Winrunner Vs QTP
Winrunner Vs QTPWinrunner Vs QTP
Winrunner Vs QTP
 
Software Testing
Software TestingSoftware Testing
Software Testing
 
Software Testing
Software TestingSoftware Testing
Software Testing
 
Software Testing
Software TestingSoftware Testing
Software Testing
 
Testing
TestingTesting
Testing
 
Software Testing Techniques
Software Testing TechniquesSoftware Testing Techniques
Software Testing Techniques
 
Software Testing Techniques
Software Testing TechniquesSoftware Testing Techniques
Software Testing Techniques
 
Testing Fundamentals
Testing FundamentalsTesting Fundamentals
Testing Fundamentals
 
Quality Assurance
Quality AssuranceQuality Assurance
Quality Assurance
 
Software Quality Testing
Software Quality TestingSoftware Quality Testing
Software Quality Testing
 

Último

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Último (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Security Testing

  • 1. Security Testing through Automated Software Tests Stephen de Vries, Principal Consultant, Corsaire [email_address]
  • 2.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14. Introducing JUnit public class CartTest extends TestCase { public CartTest(String testName) { super(testName); } protected void setUp() throws Exception { //Code here will be executed before every testXXX method } protected void tearDown() throws Exception { //Code here will be executed after every testXXX method } public void testNewCartHasZeroItems() { // Test code goes here } public void testAddSingleItem() { // Test code goes here } public void testAddTwoItems() { // Test code goes here } public void testAddNullItem() { // Test code goes here } }
  • 15. Introducing JUnit public void testAddTwoItems() { Cart instance = new Cart(); boolean isInStock = true; //First add an item Item item = new Item(); item.setItemId(&quot;item01&quot;); instance.addItem(item, isInStock); //Test adding a second item Item item2 = new Item(); item2.setItemId(&quot;item02&quot;); instance.addItem(item2, isInStock); //Check whether item01 is in the cart boolean result = instance.containsItemId(&quot;item01&quot;); assertTrue(&quot;First item is in cart&quot;, result); //Check whether item02 is in the cart result = instance.containsItemId(&quot;item02&quot;); assertTrue(&quot;Second item is in cart&quot;, result); //Check that there are 2 items in the cart assertEquals(&quot;2 items in cart&quot;, instance.getNumberOfItems(), 2); } USE CASE TEst
  • 16.
  • 17.
  • 18.
  • 19.
  • 20. Web Application Security Standards Example:
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32. Security Testing in Acceptance Tests
  • 33.
  • 34.
  • 35.
  • 36.