- It is a type of non-functional testing.
- Security testing is basically a type of software testing that’s done to check whether the application or the product is secured or not. It checks to see if the application is vulnerable to attacks, if anyone hack the system or login to the application without any authorization.
- It is a process to determine that an information system protects data and maintains functionality as intended.
- The security testing is performed to check whether there is any information leakage in the sense by encrypting the application or using wide range of software’s and hardware’s and firewall etc.
- Software security is about making software behave in the presence of a malicious attack.
- The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, availability, authorization and non-repudiation.
Other popular articles:
- What are Security testing tools in software testing?
- What is Compatibility testing in software testing?
- What is Endurance testing in software testing?
- What is Non-functional testing (Testing of software product characteristics)?
- What is Recovery testing in software?
Nafis Rahman says
**Collected
Some sources, e.g. ISTQB, claim that security testig is a functional one. This would be compliant with ISO 9126 (which the ISTQB is based on) but it goes against most other sources – as far as I know, security is a non functional requirement. In ISO 25010, security is one of the quality characteristics (non functional).
I believe security testing is non functional testing as we do not test functionality, we examine the system from this perspective the same way we test performance.
ISO 25010 is an updated revision of ISO 9126. Security is considered non-functional.
Link: https://sqa.stackexchange.com/questions/13281/security-testing-functional-or-non-functioal-iso-9126-vs-iso-25010
Ertan Eyimaya says
Hi,
According to ISTQB Syllabus 2011 security test is a functional one in contrast to ISO9126. Syllabus says that “a type of functional testing, security testing investigates the functions…” in 2.3.1.