Security testing is a highly specialized part of the testing process. When do we use Security Testing? Security testing is carried out when some important information and assets managed by the software application are of significant importance to the organization. Failures in the software security system can be serious especially when not detected, thereby resulting in a loss or compromise of information without the knowledge of that loss. The security testing should be performed both prior to the system going into the operation and after the system is put into operation. Rigorous security testing activities are performed to demonstrate that the system meets the specified security requirements & identify the left out security vulnerabilities, if any. The extent of testing largely depends upon the security risks, and the test engineers assigned to conduct the security testing are selected according to the estimated sophistication that might be used to penetrate the security. What are the objectives of Security Testing? Security defects do not come to surface that easily as other types of defects. Thus security testing is carried out to identify defects that are quite difficult to identify. The security testing is carried out to ensure that the software under test is sufficiently robust and functions in an acceptable manner even in the event of a malicious attack. The objectives of security testing can be: 1) To ensure that adequate attention is provided to identify the security risks 2) To ensure that a realistic mechanism to define & enforce access to the system is in place 3) To ensure that sufficient expertise exists to perform adequate security testing 4) To conduct reasonable tests to confirm the proper functioning of the implemented security measures Who should do the Security Testing? Majority of the security testing techniques are manual, requiring an individual to initiate and conduct the test. Automation tools can be helpful in executing simple tasks, whereas complicated tasks continue to depend largely on the intelligentsia of the test engineer. Irrespective of the type of testing, the testing engineers that plan and conduct security testing should have significant security and networking related knowledge, including expertise of following areas: 1) Network security 2) Firewalls 3) Intrusion detection system 4) Operating systems 5) Programming and networking protocols like TCP/IP Read the complete article at http://www.softwaretestinggenius.com/articalDetails.php?qry=765