Cyber Security Penetration Testing Testing Models

End-to-End Security Testing

End-to-End Testing is a type of Software Testing that validates the software system under test and also checks its integration with external interfaces. Hence, it is referred to as “End-to-End Security Testing“. It also validates batch or data processing from other types of systems. It is executed after functional and system testing. It uses data and test environment to simulate real-time settings. This testing is also called Chain Testing.

In today’s world, software systems are complex and are interconnected with multiple sub-systems. A sub-system may be different from the system they are working on or may be owned by a different organization. If anyone of the sub-system fails, the whole software system might collapse. This is a major risk and can be avoided by End-to-End testing. It is helpful in the verification of the complete system flow. It also increases test coverage of various sub-systems. It helps in detecting issues with sub-systems and increases confidence in the overall software product.

End-to-End Testing Security Testing Process:

The chief activities involved in End-to-End Security Testing are –

Study of end-to-end testing requirements
Testing of Environmental setup and hardware/software requirements
Describing all the processes of systems and its subsystems.
Description of roles and responsibilities for all the systems
Standards should also be tested.
End-to-end requirements tracking and designing of test cases
Input and output data for each system

End to End Testing Design framework consists of three parts

Build user functions
Build Conditions
Build Test Cases

Different Types of Security Testing:

Usually, for any product such as web, network, mobile, cloud, IoT, Database all the below mentioned security testing are combined to deliver an end-to-end security testing. Security testing is also known as VAPT – Vulnerability Assessment and Penetration Testing where vulnerabilities of an application are identified and remediations are provided appropriately.

1. Web application penetration testing
2. Mobile application penetration testing(iOS/Android)
3. Network penetration testing
4. cloud security assessment/testing
5. IoT penetration testing
6. Database penetration testing
7. API penetration testing

Metrics for End-to-End Security testing:

Here are a few metrics used for End to End Testing-

Test Case preparation status: It gives Test Case preparation progress against plan.
Weekly Test Progress: It provides week-wise details of percentage test completion-whether it is Failed, not executed & executed against planned for execution tests.
Defects Status & Details: It gives the percentage of open & closed defects by the week. Week-wise defects distribution is based on severity and priority.
Environment Availability: It tells about the total number of hours per day for testing.
Test Case Execution: Executing the test cases identified in the environment
Defect Data Collection: Collecting all the PoC data such as steps, videos, screenshots
Report: Report is an important factor in end to end security testing. A report should usually contain all the vulnerabilities identified, recommendations to resolve the vulnerability, screenshot, etc.