Test Environment for Security Testing – by Santhoshst

Security Testing Tips: Test Environment for Security Testing

One of the challenges in security testing is, setting up the test environment. If you are a small scale organization and there are no lots of processes, then it could be easy for you to go ahead and setup a test environment like you want, but in the bigger organizations when it has lots of processes it could be hard. There could be network related blockers that you may want to clear (Example: You want to download a software which you want to use for security testing purpose, and that source of download is blocked by the network of the organization). If your test environment is a blocker for you, then I would better recommend to not performing security testing and thereby, you can at least save costs.

Isolated network of computers
It is important to have a separate network dedicated for security testing. This is because, you do not want to affect the other computers on the network if you download some software and it is infected with malware / adware or any malicious thing.

No website blockers
The network shouldn’t be blocking any website that you want to browse for learning about some hacks or downloading any software to aid your hacking activity. Let your network policy doesn’t end up blocking your learning.

Administrator rights for computers & other devices
In my experience, I have faced lot of blockers when the computer that was given to me did not provide administrative rights. For changing some of the settings in order test for security, I had to e-mail the infrastructure team to change the settings and that consumed time. Before starting, it is important to ask for a computer with all the rights to change / modify any setting.

Installations of software before commencement
Make sure that you are ready with installations of all required software before you commence security testing activity. This is because, it will save you time if something doesn’t get installed or doesn’t work properly while you are testing for security. So, installing the required software like proxy, burp suite, Wireshark, backtrack, kali linux, mantra browser, nmap and lot of many other tools happens without any hassles.

No code changes to be done
When testers are testing for security, no code changes should be done. It is important that you have separate environment and not the same which developer uses check in his / her code. And also, security testing needs to be done once functional testing is done and all the bugs reported are fixed.

https://www.testingcircus.com/test-environment-for-security-testing/https://i0.wp.com/www.testingcircus.com/wp-content/uploads/security-testing-tips-2.jpeg?fit=600%2C449&ssl=1https://i0.wp.com/www.testingcircus.com/wp-content/uploads/security-testing-tips-2.jpeg?resize=150%2C150&ssl=12014-12-28T17:31:41-05:00Santhosh TuppadSecurity Testing TipsSecurity Testing TipsSecurity Testing Tips: Test Environment for Security Testing One of the challenges in security testing is, setting up the test environment. If you are a small scale organization and there are no lots of processes, then it could be easy for you to go ahead and setup a test environment like...Santhosh TuppadSanthosh Tuppad[email protected]AuthorSanthosh Tuppad is the Cofounder & Software Tester of Moolya Software Testing Private Limited (www.moolya.com). He also won the uTest Top Tester of the Year 2010 apart from winning several testing competitions from uTest and Zappers. Santhosh specializes in exploratory testing approach and his core interests are security, usability and accessibility amidst other quality criteria. Santhosh loves writing and he has a blog http://tuppad.com/blog. He has also authored several articles and crash courses in the past. He attends conferences and confers with testers he meets. Santhosh is known for his skills in testing and you should get in touch with him if you are passionate about testing.Testing Circus