← Back to Home

Security Testing

Security Testing is the process of evaluating an application to identify vulnerabilities and ensure that data and functionality are protected from unauthorized access, misuse, or attacks.

Security testing answers: “Is the application protected against threats and misuse?”

1. Definition

Security Testing is the process of evaluating an application to identify vulnerabilities and ensure that data and functionality are protected from unauthorized access, misuse, or attacks.

Security testing answers: “Is the application protected against threats and misuse?”

2. Purpose of Security Testing

  • Protect sensitive user and business data
  • Prevent unauthorized access
  • Ensure compliance with security standards
  • Reduce risk of security breaches

3. Manual Tester’s Scope (Conceptual)

Manual testers focus on:

  • Authentication and authorization checks
  • Role-based access control
  • Input validation
  • Session handling behavior
  • Error message exposure

(Deep penetration testing is usually done by security specialists.)

4. Common Security Threats (High-Level)

  • Unauthorized access
  • Data exposure
  • SQL Injection (conceptual awareness)
  • Cross-Site Scripting (XSS) (conceptual)
  • Broken authentication

5. Manual Security Test Scenarios (Conceptual)

  • Login with invalid credentials
  • Access restricted pages via direct URL
  • Verify logout functionality
  • Session timeout behavior
  • Error message does not expose sensitive data

6. Security Testing vs Functional Testing

Aspect Security Testing Functional Testing
Focus Protection & risk Feature behavior
Goal Prevent misuse Validate functionality
Risk High impact Medium impact

7. Real-Time Example

A user logged in as “Customer”:

  • Should not access “Admin” pages
  • Direct URL access should be blocked

8. Entry & Exit Criteria

Entry Criteria

  • Functional testing completed
  • Roles and permissions defined

Exit Criteria

  • Major security gaps identified
  • Access control validated
  • Known risks documented

9. Common Security Defects (Manual View)

  • Role escalation issues
  • Weak password rules
  • Session not invalidated on logout
  • Sensitive data visible in UI

10. Common Mistakes

  • Ignoring security testing at UI level
  • Assuming security is only backend responsibility
  • Displaying technical error messages

11. Interview-Ready Answers

Short answer:

Security testing ensures that an application protects data and functionality from unauthorized access.

Detailed answer:

Security testing evaluates the application’s ability to safeguard data, enforce access controls, and prevent common security vulnerabilities.

12. Key Takeaway

Security Testing protects users, business, and trust, even at a conceptual manual-testing level.