Apa iku security testing?

Question

Accepted Answer

**Security testing** ngevaluasi software kanggo **vulnerabilities lan security weaknesses** — verifying yen iku nglindungi data lan nglawan attacks. Iki kalebu techniques macem-macem (SAST, DAST, penetration testing, dependency scanning) lan essential amarga security flaws bisa duwé consequences sing abot.

## Apa sing dicek dening security testing

```text
Security testing finds VULNERABILITIES and verifies defenses:
  → common flaws: injection (SQL, etc.), XSS, broken authentication/authorization,
    sensitive data exposure, misconfigurations, vulnerable dependencies (OWASP Top 10)
  → does the app properly authenticate, authorize, validate input, encrypt data, etc.?
→ ensures the software resists attacks and protects data/users.
```

## Types/techniques saka security testing

```text
SAST (Static) → analyze SOURCE CODE for vulnerabilities (without running it) — in CI
DAST (Dynamic) → test the RUNNING app for vulnerabilities (attack it from outside)
DEPENDENCY scanning (SCA) → find known vulnerabilities in libraries (Snyk, Dependabot)
PENETRATION testing → ethical hackers actively try to BREAK IN (find real exploitable flaws)
SECRET scanning → detect committed secrets; CONFIGURATION/IaC scanning
```

## Integrating security (shift left)

```text
✓ SHIFT SECURITY LEFT → test for vulnerabilities EARLY (in development/CI), not just at the end
✓ Automate SAST/dependency scanning in CI/CD (catch issues per change)
✓ Regular pen testing for critical apps; threat modeling; security code review
✓ WHY: security breaches are SEVERE (data leaks, financial/legal/reputation damage) →
  finding vulnerabilities before attackers do is critical
```

## Mengapa iki penting

Nangerteni security testing iku valuable senior-level knowledge amarga **security vulnerabilities bisa duwé severe consequences** (breaches, data leaks, financial lan reputational damage), dadi testing kanggo iki essential, nggawe iki important knowledge.

Security testing ngevaluasi software kanggo **vulnerabilities** (injection, XSS, broken authentication/authorization, data exposure, vulnerable dependencies — OWASP Top 10 kinds of flaws) lan verifying its defenses — ensuring yen software nglawan attacks lan nglindungi data lan users, critical quality amarga kerusakan sing akibat security failures.

Nangerteni **types lan techniques** penting: **SAST** (static analysis saka source code kanggo vulnerabilities, runnable ing CI), **DAST** (dynamic testing saka running app dening attacking iki), **dependency scanning/SCA** (nemokno known vulnerabilities ing libraries — increasingly important amarga supply-chain risks), **penetration testing** (ethical hackers actively trying kanggo break in kanggo nemokno real exploitable flaws), lan secret/configuration scanning — each addressing different aspects saka security.

Nangerteni **integrating security (shift left)** — testing kanggo vulnerabilities early ing development lan CI (ora mung ing end), automating SAST lan dependency scanning ing CI/CD, doing regular pen testing kanggo critical apps, lan rationale (finding vulnerabilities sadurunge attackers, amarga breaches abot) — reflects modern approach saka building security testing into development process.

Security iku essential, often-underemphasized quality dimension, lan nangerteni yen kepriye testing kanggo vulnerabilities increasingly important amarga security threats tuwuh.

Since security vulnerabilities duwé severe consequences lan security testing (SAST, DAST, dependency scanning, pen testing, integrated early via shift-left) iku kepriye vulnerabilities found sadurunge attackers exploit iki, lan since nangerteni techniques lan approach penting kanggo building secure software, nangerteni security testing iku valuable senior-level knowledge — important kanggo addressing critical security dimension saka quality, finding vulnerabilities sadurunge iki exploited, lan reflecting security awareness expected kanggo senior roles ing environment saka significant lan growing security threats.