Security testing is a process intended to reveal
flaws in the security mechanisms of an
information system that protect data and
maintain functionality as intended. Due to the
logical limitations of security testing, passing
security testing is not an indication that no
flaws exist or that the system adequately
satisfies the security requirements.
Typical security requirements may include
specific elements of confidentiality, integrity,
authentication, availability, authorization and
non-repudiation. Actual security requirements
tested depend on the security requirements
implemented by the system. Security testing
as a term has a number of different meanings
and can be completed in a number of different
ways. As such a Security Taxonomy helps us
to understand these different approaches and
meanings by providing a base level to work
A security measure which protects against
the disclosure of information to parties other
than the intended recipient is by no means the
only way of ensuring the security.
A measure intended to allow the receiver to
determine that the information provided by a
system is correct.
Integrity schemes often use some of the
same underlying technologies as confidentiality
schemes, but they usually involve adding
information to a communication, to form the
basis of an algorithmic check, rather than the
encoding all of the communication.
This might involve confirming the identity of a
person, tracing the origins of an artifact,
ensuring that a product is what its packaging
and labeling claims to be, or assuring that a
computer program is a trusted one.
The process of determining that a requester
is allowed to receive a service or perform an
Access control is an example of