Security testing basics
This chapter is an overview of security testing. We discuss the pillars of security around which security tests can be developed. The second section discusses different kinds of security testing.
Security tenets
Any kind of application security testing should follow the six tenets of security, namely authentication, authorization, availability, confidentiality, integrity, and non-repudiation. We have covered most of these concepts and how to implement them in Chapter 6, Your Tools – Crypto APIs.
Authentication is the measure of identifying the user. You can use authentication APIs from companies such as Facebook, Twitter, LinkedIn, and PayPal. The main protocols used are OAuth and OpenIDConnect. These techniques offload the task of authentication from the application. It is a win-win condition for both application developers and users. Application developers do not have to implement their own schemes and can use built-in mechanisms for authentication. Users do not need...
