What is Security Testing?
Security testing is one of the most important types of software testing that intended to find the vulnerabilities or weakness of the software application. The main objective of security testing is to find the vulnerabilities of system & determine that its data and resources are protected from possible intruder. Security testing allows us to identify the confidential data stays confidential or not.
Now a day’s online transaction are rapidly increasing, so security testing on web application is one of the most important thing to be carried out while testing web applications. The security testing is to be carried out once the system is developed & installed. To identify the vulnerabilities the network security testing should be performed periodically.
There are “Seven attributes of Security Testing” as follows, for more details check here:
In the pie-chart below, created by the Web Hacking Incident Database for 2011 (WHID) clearly shows that whilst many different attack methods exist, SQL injection and XSS are the most popular.
Image Credit: @acunetix.com
6 basics terms used in Security Testing
Here are the useful terms frequently used in severity testing:
1) What is “Penetration Testing”?
Penetration testing is a type of security testing process to identify security vulnerabilities in an application by evaluating the system or network with various malicious techniques. The main purpose of this testing is to protect the identified vulnerabilities & secure the important data from unknown user who do not have the access to the system like hackers. The penetration testing can be carried out after the cautious consideration, notification, and planning.
There are two types of penetration testing, White box testing & Black box testing. In White box testing is all information is with tester prior start testing like IP Address, Code & Infrastructure diagram & based on available information tester will perform the testing. In Black box testing, tester do not has any information of system under test. This is more accurate testing method as we are simulating the testing with real hackers which they do not having the information of existing system.
2) Password cracking:
In security testing of a web application Password cracking programs can be used to identify weak passwords. It can be start using guessing the common username and password or use of password cracking tool. Password cracking confirms that users are making use of adequately strong passwords.
In the system password are generally stored in the encrypted format like hash, so once the use try to login using login credentials then hash is created for newly entered password & compared with the original stored hash, once the stored hash matches then user is authenticated. Automated Password cracking is basically generates the random hashes unless and until match is not found. The most commonly used password cracking is the use of Dictionary attack. In this case automated tool is try all words from dictionary.
It would be easier if the password does not asking for complex passwords like password must having at least one digit one character and one special characters etc. Sometimes the passwords are stored on cookies, if such login credentials information stored without encryption in cookies then hacker can use different methods to get the username & password information.
3) What is “Vulnerability”?
The Vulnerability is a weakness in a system under test which may cause the malicious attaches by unauthorized users. The vulnerability can be increase due to bugs in the software, lacking of Security testing or viruses etc. These security vulnerabilities require patches, or fixes, in order to prevent the potential for compromised integrity by hackers or malware.
4) What is “URL manipulation”?
URL Manipulation is very much interesting and most common type of attack by hackers. In this attack the hackers manipulate the website URL query strings & capture the important information.
This happens when the application uses the HTTP GET method to pass information between the client and the server. The information is passed in parameters in the query string. The tester can modify a parameter value in the query string to check if the server accepts it.
Via HTTP GET request user information is passed to server for authentication or fetching data. Attacker can manipulate every input variable passed from this GET request to server in order to get the required information or to corrupt the data. In such conditions any unusual behavior by application or web server is the doorway for the attacker to get into the application.
So while security testing the URL manipulation test cases should be considered to make sure that using URL manipulation unauthorized user is not able to access the important information or not corrupting the database records.
5) What is “SQL injection”?
SQL Injection is one of the most common application layer attack techniques used by hackers. SQL Injection is one of the several web attack mechanisms used by hackers to steal data from organizations. SQL injection attacks are very critical as attacker can get vital information from server database. It is a type of attack which takes the advantage of loop holes present in implementation of web application that allows hacker to hack the system like passing sql queries into all input fields and tries to hack the system.
Hackers try to query database with SQL injection statements or part of SQL statement as user input & pull out the vital information from system or crash the system & from the error displayed on browser can get the required information what they are looking for.
To check the sql injection we have to take care of the input fields like text boxes, comments etc. The Special characters should be either properly handled or skipped from the input.
6) Cross Site Scripting (XSS)
Types of testing to perform while Security Testing
Let’s discuss what all steps to prepare while preparing and planning for Security testing:
- The first step is to understand the business requirement, security goals and objective in terms of security compliance of the organization. The test planning should consider all security factors like Organization might have planned to achieve PCI compliance etc.
- Understand and analyze the requirements of the application under test.
- Collect all system setup information used for development of Software and Network like Operating Systems, technology, hardware.
- Make out the list of Vulnerabilities and Security Risks.
- Based on above step prepare Threat profile.
- Based on identified Threat, Vulnerabilities and Security Risks prepare test plan to address these issues.
- For each identified Threat, Vulnerabilities and Security Risks prepare Traceability Matrix.
- All security testing cannot possible to execute manually, so identify the tool to execute the all security test cases faster & more reliable.
- Prepare the Security tests case document.
- Perform the Security Test cases execution and retest the defect fixes.
- Execute the Regression Test cases.
- Prepare detailed report of Security Testing which contains Vulnerabilities and Threats contained, detailing risks, and still open issues etc.