Nowadays application security issues caused by security bug are increasing threat, Application security vulnerabilities will do lot of damage such as leak out secrets, break down database, or even take over the web server itself. So it is necessary to do such kinds of security testing to identify potential vulnerabilities and subsequently repair them.

Confidentiality, integrity, authentication, and authorization are four basic concepts of security testing, System testing ensures that the entire integrated software system meets requirements. It helps in improving the current system and also helps in ensuring that system will work for longer time.

Typically, vulnerabilities are exploited repeatedly by attackers to attack weaknesses that organizations have not patched or corrected. Security testing is concerned with checking that the system and its data are protected from accidental or malicious damage.

Security testing is beneficial to the organization almost in all aspects, and it contains many different kinds, the main types of security testing are security auditing, security scanning, vulnerability scanning, risk assessment etc. We often use AtStake Webproxy, SPIKE Proxy, Sleuth, Burp Suite to do such testing, and those tools are frequently used in both the pre-deployment and post-deployment test cycles.

Resource:http://www.testinggeek.com/index.php/testing-articles/171-application-security-testing