Security testing

Security testing is a process intended to detect flaws in the security mechanisms of an information system and as such help enable it to protect data and maintain functionality as intended.

Typical security requirements may include specific elements of confidentiality, integrity, authentication, availability, authorization and non-repudiation.

As such, a Security Taxonomy helps us to understand these different approaches and meanings by providing a base level to work from.

Integrity of information refers to protecting information from being modified by unauthorized parties This might involve confirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what its packaging and labelling claims to be, or assuring that a computer program is a trusted one.

Common terms used for the delivery of security testing: