1. What is Authorization?
- Authorization means checking permission.
- Authorization is the process of verifying that a user has the necessary permissions to access a particular resource.
- It is typically done by comparing the user's credentials against an access control list to determine if the user is allowed to perform a particular action.
- Authorization is an important part of the security of any system, as it ensures that only authorized users can access sensitive data.
2. What is Authentication?
- Authentication means checking credentials.
- Authentication is the process of verifying that a person, device, or other entity is who it claims to be.
- It is usually accomplished through the use of credentials such as a username/password combination, security tokens, biometric data, or a combination of factors.
- Authentication is an important component of data security, as it helps to ensure that only authorized users can access sensitive information.
3. Why do we do security testing?
- To remove vulnerabilities.
- Security testing is important because it helps ensure that applications, networks, and systems are protected against potential threats and vulnerabilities.
- Security testing helps ensure that data is secure and protected from unauthorized access, manipulation, and theft.
- Security testing also helps protect applications, networks, and systems against malicious attacks, and can help detect and identify weaknesses in applications and systems before they can be exploited.
4. Which methods/techniques are used for security testing?
- XSS and SQL injection.
5. What is “Vulnerability”?
- Weakness in the web application.
6. Security Tests are created on the basis of:
- Roles
7. Security Testing is a type of:
- Review Testing.
- It involves testing the system to identify any security vulnerabilities that could be exploited and gain unauthorized access to the system.
- Security testing is typically done at the end of the software development life cycle.
8. Which symbol is used to test SQL injection?
- The most commonly used symbol to test SQL injection is the single quotation mark (').
9. What is the full form of XSS?
- Cross-Site Scripting.
- Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications.
- XSS enables attackers to inject client-side scripts into web pages viewed by other users.
- A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.
No comments:
Post a Comment