Security testing

Security testing is a software quality assurance discipline concerned with verifying that a system adequately protects itself and its data against unauthorized access, malicious attack, and willful damage. The primary objective is to ensure that only authorized personnel can access the application and its underlying resources, and that the system behaves safely and predictably even when subjected to hostile or unexpected inputs.

Security testing goes beyond checking that a system does what it is supposed to do, and additionally examines whether it can be made to do things it should not.

Common areas of focus include authentication and authorization mechanisms, data encryption, session management, input validation, and resistance to well-known attack vectors such as SQL injection, cross-site scripting (XSS), and privilege escalation.

Security testing may be conducted using both [black-box] and [white-box] approaches, and often involves specialized techniques such as [penetration testing], [vulnerability scanning], and [threat modelling].

Given the increasing regulatory and reputational consequences of data breaches, security testing has grown from a niche concern into an essential component of the modern software development lifecycle.