Test types
<!– /* Font Definitions */ @font-face {font-family:Verdana; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:536871559 0 0 0 415 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:”"; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:”Times New Roman”; mso-fareast-font-family:”Times New Roman”;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} –>Penetration testing involves the testing of vurnelibility of a system to attacks by external adversaries like hackers. This involves testing the cryptographic security involved in monetary transactions, like those done by the credit card, testing of network security components like firewalls, routers, and VPN’s. It also involves the testing in the application layer, as to whether the systems are vurnerable to password cracking/unauthorized access.
The following are the four basic features to be tested while doing penetration testing:
Secure Authentication: A robust authentication mechanism which is very secure against impersonation through password cracking or by any other means.
Secure Communication Sessions: The end to end secure session between a server and a client or between any two points on the World Wide Web is provided by cryptography. All data transaction in these sessions happen to be encrypted so no adversary can take advantage by unfair means.
Privacy and confidentiality: In any business transaction it is imperative to vouchsafe the confidentiality and privacy of data and people. CSM will provide the means of keeping information secret from all but those who are authorized to see it.
Data integrity: To make sure the data has not been tampered. It is what it was in its original form. Data integrity is achieved through the hashing of original data and its match on the source and destination.
Entity Authentication or identification: To verify the entity whom you are communicating with that is the source of information origin. This can be achieved through digital signature of the sender.
Message authentication: To make sure that a message is coming from the given person.
Signature: To provide a mechanism this could be used to sign digital data.
Authorization: To convey to another entity the official sanction to do or be something.
Access control: control restricting access of resources to privileged entities.
Time stamping: The time and date is an important part of any business transaction. CSM will provide the facility of time stamping of all electronic documents. This will ensure the integrity of electronic data coupled with its time of creation.
Non-repudiation: Digital Signature provides this facility. Just like the paper documents, once signed can not later be repudiated preventing the denial of previous commitments or actions.
