Security Testing – Security Testing
With a website with huge data like banks, hospitals… if one day they are stolen, what do you think the consequences will be? Personal information as well as transaction information or patient information will be disclosed. What are the consequences once they spread out? It’s worrisome about it.
So how to avoid cases of information disclosure and leakage? An important step when testing is Security testing that every Tester – Software tester must know. Today we are going with Tester to learn about the terminology used in website security testing and methods.
1. What is Security Testing?
Security testing is to check if the data is kept secret and in the software system the user will only be able to use the functions they are authorized to use. For example: In a human resource management system, this employee cannot see the details of another employee, only the manager can see the information. Some terms used in security testing
What is “Vulnerability”?
This is the weak point in the web application. It is a bug in the application, SQL/script code or the presence of a virus.
What is “URL Manipulation”?
As we all know, some web applications communicate information between client (browser) and server (server) via URL. In case we make changes to some information in the URL it can lead to unintended server behavior – This is called URL manipulation.
What is “SQL injection”?
This is the process by which the user intentionally inserts SQL statements through the web application user interface with some query statements that are then executed by the server.
What is “XSS (Cross-Site Scripting)”?
When a user inserts a client-side html script in the web application’s interface, the insertion is visible to other users and it is called XSS.
What is “Spoofing”?
It’s the creation of hoax-like web pages or emails known as Spoofing.
Security testing of any system is focused on finding all the vulnerabilities and weaknesses in the system that could lead to the loss of information or the reputation of the organization.
The goals of security testing are:
- To identify threats in the system.
- To measure the potential vulnerabilities of the system.
- To help detect any possible security risks in the system.
- To help developers overcome security issues through encryption.
Key areas of focus in security testing:
- Network security
- System software security
- Client-side application security
- Server-side application security
2. Types of Security Testing
- Check for Potential Vulnerabilities: Vulnerabilities are performed with the help of automated software to scan a system for known vulnerability patterns.
- System Vulnerability Review: includes identifying network and system weaknesses. It then provides solutions to reduce these defects or risks. Security scans can be performed both manually and automatically.
- Security assessment by attack on the system: is a type of test that simulates an attack from a black hat hacker. Testing involves analyzing a particular system, finding potential vulnerabilities by external attack.
- Risk assessment: this testing involves analysis of perceived security risks. The risks are classified as Low, Medium, High. This type of testing gives recommendations to minimize the risks.
- Internal system security check: check the application and OS internal security. Testing can also be done through line-by-line testing.
- Attacks on the system to find security weaknesses: white hat hackers perform the same method as black hat hackers, with the goal of finding security weaknesses and determining how to penetrate the target, in order to assess the extent of damage caused by these vulnerabilities, thereby giving warnings and appropriate solutions to strengthen and improve security.
- Posture assessment: Combines security scanning, ethical hacking, risk assessment, and system attack for security weaknesses to assess an organization’s overall security.
3. Some notes when testing security
To test the security of web applications, testers need to have good knowledge of HTTP protocol. And also need to know that the browser and the server communicate using HTTP. In addition, testers should also know the basics of SQL and XSS.
4. Some methods for security testing
- Password Cracking – Password Cracking
We probably hear a lot about jailbreaking. So we need to check security whether the web is cracked or not. For example when logging into the system, one can guess the username/password or use a password cracking tool. A list of common usernames and passwords is available along with open source password cracking tools.
If the web application does not enforce a complex password (e.g. with alphabets, uppercase letters, lowercase letters, numbers and special characters), it may not take long to crack the username and password. If the username or password is stored in a cookie without encryption, an attacker (hacker) can use different methods to steal the cookie and the information stored in the cookie such as username and password. password.
- URL manipulation via HTTP GET . methods
For a tester should check if the application is passing important information in the query string. It occurs when using HTTP GET method to pass information between client and server. Information is passed through parameters in the query string. The tester can modify a parameter value in the query string to check if the server accepts it.
Through HTTP GET request user information is passed to the server for authentication or data fetching. An attacker can manipulate every input variable passed from this GET request to the server to get the necessary information.
- SQL Injection
We hear a lot about hacker attacks from SQL. So what is SQL attack? Why is it so influential? SQL attacks are important because an attacker can get important information from the server database. To test SQL entry points into your web application, learn the code from your codebase where direct MySQL queries are executed on the database by accepting some human input. use.
If user input is generated in SQL queries to query the database, an attacker can inject SQL statements or part of SQL statements as user input to extract important information from the database. Even if the attacker succeeds to crash the application, from the SQL query error displayed on the browser, the attacker can get the information they are looking for.
- Cross-Site Scripting (XSS)