Testing cloud services - Testing security | Polteq, specialist in software testen
Delen Printen E-mail

5.3 Beveiliging - WitTo cover security risks, many kinds of measures are possible. The field of security is, just like the cloud, in continuous motion and requires regular research on new and updated measures. Security is predominantly about information security. Different standards exist in this field, such as ISO 27001, which differentiates the following three aspects:

  • Confidentiality of the data and the accompanying risk that unauthorized people can view the data
  • Integrity of data and the accompanying risk that data is altered or lost unintentionally
  • Availability of data and the accompanying risk that data (and services) is not available when it is required

The following three questions correspond to the three aspects of information security:

  • Who has access to the data?
  • Can the user trust that the data is correct?
  • Can the user gain access to the data at all times?

Checklist test measures ’testing security’

  • 5.3.1 Assessing network security
  • 5.3.2 Inventorying supplier securityauthorization
    • Physical security
    • Authentication
    • Authorization
    • Log files and audit trails
  • 5.3.3 Inventorying customer security
  • 5.3.4 Testing encryption
  • 5.3.5 Testing authentication
  • 5.3.6 Testing authorization
  • 5.3.7 Testing security robustness against Internet attacks; examples:
    • Directory traversal. Read and/or write in directories other than those allowed.
    • XML external entity attack. Include extra (bad) data in an XML file.
    • SQL injection. Request and/or change data by manipulating SQL queries.
    • Cross-site scripting (XSS). Transfer data to other websites without the user knowing.
    • Session manipulation. Skip steps or validation in a session.
  • 5.3.8 Testing log files and audit trails
  • 5.3.9 Testing security patch routines
  • 5.3.10 Performing audits

Terug naar Testing cloud services | Terug naar Test Measures

Meer informatie

Heeft u een vraag of wilt u een vrijblijvende afspraak maken? Laat hieronder uw gegevens achter, dan nemen wij zo snel mogelijk contact met u op. U kunt ons natuurlijk ook bellen:

+31 (0) 33 277 35 22 (Nederland)
+32 (0) 16 39 48 04 (België)

    Uw gegevens gebruiken wij alleen voor een correcte afhandeling van uw vraag. Lees voor meer informatie onze privacyverklaring.

    Hoe wij dat doen?
    Lees meer
    Deze website is gerealiseerd door Webheads.

    Neem contact op!