What are different characteristics of security testing?

Security testing as its name suggests can be defined as a process to determine that whether a software or information system or application is capable of protecting data and keeping it secure.
It also determines that the software or the information system keeps the functionality of the system intact and as intended.

Security testing needs to cover up six important concepts. They have been discussed below in detail:
1. Confidentiality
- It can be defined as a measure of security which seeks to provide protection against the disclosure information or data to the third parties or any unauthorized parties other than the authorized parties or individuals.
- This is not the only way of ensuring security of the information.

2. Integrity
- This is a security measure intended to inform the information or data receiver about whether the information or data which is being provided is correct and fully legal.
- Most often, same underlying techniques are used for both confidentially and integrity aspects of security.
- There is a basic difference between integrity and confidentiality and that is: for integral security, additional information is also provided.
- This additional information usually forms the basis of not only encoding of the whole communication data but also forms the basis for an algorithmic check.

3. Authentication
- This security measure involves the confirmation of the identity of a particular person.
- It ensures that a packed product contains exactly what its packaging and labeling claims to be.
- The process of authentication is also used to trace the origins of a software system, application or an artifact.
- The process of authentication plays a big role in determining that a computer software system or application is a trusted one or not.

4. Authorization
- The process of authorization is an important security measure.
- It verifies the identity of the receiver of that particular service.
- It can be defined as a process for determining that a person who has requested for some service is allowed and is eligible to receive that service or to carry out some operation.
- The best example of authorization security measure is given by access control.

5. Availability
- Availability security measure assures that that the communication services and information will be always ready for use whenever they are needed.
- This security measure ensures that the required information is always available to the authorized people when they are in need of it.

6. Non- Repudiation
- It basically falls under the category of digital security measures.
- Non- repudiation security measure confirms that the data, information and messages are transferred and received by the people or parties claiming to have sent the data, information or messages.
- The security measure like non- repudiation offers a way to guarantee that the person or the party who had sent the message, later cannot deny sending the message and the recipient also cannot deny having received the message if any issue is raised.

Security testing as a term has a number of different meanings and cannot be explained in just one way. Security taxonomy provides a better way to under stand all these concepts.

- Discovery
- Vulnerability scan
- Vulnerability assessment
- Security assessment
- Penetration test
- Security audit
- Security review

What are different design issues and attributes for web applications?

Design model contains enough information to reflect how requirements are translated into content and executable code. Design should be specific. It is an engineering activity. It leads to a high quality product. the major attributes for quality of web applications are:

- Security of web applications is the ability of WebApp and its server environment to stop unauthorized access or threat.
- Availability plays an important attribute. Availability is the measure of the percentage of time that a web application is available for use. The expectation of a end user regarding the availability of a web application is each and every moment. Using features available on one browser or platform makes the web application unavailable to those who work on different platform or browser.
- Scalability is whether the web application and interfacing systems are able to handle significant variation in volume or will the responsiveness drop. Web application should be designed in such a way that it is able to accommodate the burden.
- Time to market is a measure of quality from a business point of view.

Assessing content quality includes :
- whether the user needs are met by determining the scope and depth of content?
- whether the background and authority of content's authors be easily identified?
- whether it is possible to determine the currency of content, last update and what was updated?
- whether the content and its location stable?
- credibility of content?
- uniqueness of content?
- whether content is valuable to targeted user?
- whether the content is well organized and easily accessible?

What role does documentation plays in development process?

Documentation is a set of documents or informational products to describe a computer system. Each document is designed to represent particular function like reference, instructional and motivational.
Some types of documentation and informational products are system features and functions, user and management summaries, users manual, video and multimedia, tutorials, demonstrations, reference guide, technical references, system test models,
operations/operators manual, wall charts, newsletters.

A useful document furthers the understanding of the system's desired andactual behavior and structure. The criteria for measuring usability of documents are readability, availability, suitability and accessibility.

Purpose of Documentation

- It provides a reasonably permanent statement of a system's structure or behavior through reference manuals, user guides and systems architecture documents.
- It serves as transitory documents that are part of the infrastructure involved in running real projects.

Importance of Documents and Manuals

- Cost saving.
- They serve as sales and marketing tools.
- They serve as tangible deliverables.
- They serve as contractual obligations.
- They serve as security blankets.
- They serve as testing and implementation aids.
- They are used to compare the old and new systems.