Security Testing tests the ability of the system/software to prevent unauthorized access to the resources and data.
Security Testing needs to cover the six basic security concepts:
A security measure which protects against the disclosure of information to parties other than the intended recipient that is by no means the only way of ensuring the security.
A measure intended to allow the receiver to determine that the information which it is providing is correct.
Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but they usually involve adding additional information to a communication to form the basis of an algorithmic check rather than the encoding all of the communication.
The process of establishing the identity of the user.
Authentication can take many forms including but not limited to: passwords, biometrics, radio frequency identification, etc.
The process of determining that a requester is allowed to receive a service or perform an operation.
Access control is an example of authorization.
Assuring information and communications services will be ready for use when expected.
Information must be kept available to authorized persons when they need it.
A measure intended to prevent the later denial that an action happened, or a communication that took place etc.
In communication terms this often involves the interchange of authentication information combined with some form of provable time stamp.
6 basics terms used in Security Testing
Here are the useful terms frequently used in severity testing:
1) What is “Penetration Testing”?
Penetration testing is a type of security testing process to identify security vulnerabilities in an application by evaluating the system or network with various malicious techniques. The main purpose of this testing is to protect the identified vulnerabilities & secure the important data from unknown user who do not have the access to the system like hackers. The penetration testing can be carried out after the cautious consideration, notification, and planning.
There are two types of penetration testing, White box testing & Black box testing. In White box testing is all information is with tester prior start testing like IP Address, Code & Infrastructure diagram & based on available information tester will perform the testing. In Black box testing, tester do not has any information of system under test. This is more accurate testing method as we are simulating the testing with real hackers which they do not having the information of existing system.
2) Unauthorised Data Access:
One of the more popular types of attacks is gaining unauthorized access to data within an application. Data can be accessed on servers or on a network.
Unauthorized access includes:
- Unauthorized access to data via data-fetching operations
- Unauthorized access to reusable client authentication information by monitoring the access of others
- Unauthorized access to data by monitoring the access of others
3) What is “SQL injection”?
SQL injection is the most common application layer attack technique used by hackers, in which malicious SQL statements are inserted into an entry field for execution. SQL injection attacks are very critical as an attacker can get critical information from the server database. It is a type of attack which takes the advantage of loopholes present in the implementation of web applications that allows a hacker to hack the system. To check the SQL injection we have to take care of input fields like text boxes, comments, etc. To prevent injections, special characters should be either properly handled or skipped from the input.
4) Cross-site scripting:
Cross-site scripting is a Computer Security Vulnerability found in web applications. XSS enables attackers to inject client-side script into web pages viewed by other users and trick a user into clicking on that URL. Once executed by the other user’s browser, this code could then perform actions such as completely changing the behaviour of the website, stealing personal data, or performing actions on behalf of the user.
5) URL Manipulation:
URL Manipulation is very much interesting and most common type of attack by hackers. In this attack the hackers manipulate the website URL query strings & capture the important information.
This happens when the application uses the HTTP GET method to pass information between the client and the server. The information is passed in parameters in the query string. The tester can modify a parameter value in the query string to check if the server accepts it.
Via HTTP GET request user information is passed to server for authentication or fetching data. Attacker can manipulate every input variable passed from this GET request to server in order to get the required information or to corrupt the data. In such conditions any unusual behavior by application or web server is the doorway for the attacker to get into the application.
So while security testing the URL manipulation test cases should be considered to make sure that using URL manipulation unauthorized user is not able to access the important information or not corrupting the database records.
6) Vulnerability Scanning :
The automated computer program to proactively identify security vulnerabilities of computing systems in a network to determine where a system can be exploited and/or threatened.
SECURITY TEST TOOLS
These are just a few of the security testing tools available for web applications.
|BeEF||BeEF (Browser Exploitation Framework) is a tool which focuses on the web browser – this means it takes advantage of the fact that an open web-browser is the crack into a target system and designs its attacks to go on from this point onwards.||Linux, Apple Mac OS X and Microsoft Windows|
|BFBTester – Brute Force Binary Tester||BFBTester is a tool for security checks of binary programs. BFBTester will perform checks of single and multiple argument command line overflows and environment variable overflows. This tool alerts the security professional for any programs using unsafe tempfile names by watching for tempfile creation activity.||POSIX, BSD, FreeBSD, OpenBSD, Linux|
|Brakeman||Brakeman is an open source vulnerability scanner which is designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development.||Rails 3|
|CROSS||The CROSS (Codenomicon Robust Open Source Software) program is designed to help open source projects, that are part of the infrastructure of the internet, fix critical flaws in their code. Codenomicon’s product line is a suite of network protocol testing tools called DEFENSICS which helps the projects find and fix a large number of critical flaws very rapidly.||130 protocol interfaces and formats|
|Ettercap||Ettercap is a free and open source network security tool for man-in-the-middle attacks (MITM) on LAN. The security tool can be used to analyze computer network protocols within a security auditing context.|
|Flawfinder||Program that scans C/C++ source code and reports potential security flaws. By default, it sorts its reports by risk level.||Python 1.5 or greater|
|Gendarme||Gendarme is an extensible rule-based tool to find problems in .NET applications and libraries. Gendarme inspects programs and libraries that contain code in ECMA CIL format (Mono and .NET) and looks for common problems with the code, problems that compilers do not typically check or have not historically checked.||.NET (Mono or MS runtime)|
|Knock Subdomain Scan||Knock is an effective scanning tool to scan Transfer Zone discovery, subdomains, Wildcard testing with internal or external wordlist. This tool can be very helpful in black box penetration test to find vulnerable subdomains.||Linux, Windows and MAC OS X with Python version 2.x|
|Metasploit||The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testing, exploit development, and vulnerability research.||Win32 / UNIX|
|Nessus||The Nessus vulnerability scanner is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks.||Linux, Solaris, Mac, Windows|
|Nikto||Nikto is an open source web server scanner that caters to web servers specially to detect outdated software configurations, invalid data and/or CGIs etc. It performs comprehensive tests multiple times against web servers.||Windows/UNIX|
|Nmap||Nmap (Network Mapper) is an open source scanner for network discovery and security auditing. Nmap uses raw IP packets to determine available hosts on the network, what services (app name, version) those hosts are offering, what operating systems and OS versions they are running on, what type of packet filters/firewalls are in use, and other such characteristics.||Linux, Windows, and Mac OS X.|
|nsiqcppstyle||nsiqcppstyle is aiming to provide an extensible, easy to use, highly maintainable coding style checker for C/C++ source code. The rules and analysis engine are separated and users can develop their own C/C++ coding style rules. Furthermore, there is a customizable rule server as well.||Platform Independent|