In my earlier post Security Testing I have explained what is security testing and what are different types of attacks that can occur on a website.
Now let's see what are different security testing approaches -
1. Test Password cracking
Most web applications use log-in screens to authenticate users. In password cracking tester should for password complexity enforced by website.
If username and password are stored in cookie make sure they are highly encrypted as without encrypting attacker can use different methods to steal the cookies.
2. Test URL manipulation
The tester should check if the application passes important information in the query string (url). As url is easily accessible attacker can steal data from url. Tester can modify a parameter value in the query string to check if the server accepts it. Also test for the url entered directly in address bar without navigating from previous page.
3. Test SQL Injection
In UI controls like textboxes enter SQL statements which are always true like '1=1' (with quotes).
Make sure textbox does not accepts ('). If some database error is thrown after insterting above data that means application accepted the input, executed the statement on server. This is highly vunerable.
4. Cross Site Scripting (XSS)
The tester should also test for XSS (Cross site scripting). Any HTML code or any script code should not be accepted by the application. Many web applications use variables in url to pass data to server. E.g.:
http://www.mysite.com/Home.aspx?query=abcd
Attacker can easily pass some <script> code as a ‘query’ parameter. When page is sent, malicious <script> is executed on server.
Note - In order to perform a useful security test of a web application, the tester should have good knowledge of the HTTP protocol. It is important to have an understanding of how the client (browser) and the server communicate using HTTP. Additionally, the tester should at least know the basics of SQL injection and XSS.
Did you like the post? Please share your feedback!
Now let's see what are different security testing approaches -
1. Test Password cracking
Most web applications use log-in screens to authenticate users. In password cracking tester should for password complexity enforced by website.
If username and password are stored in cookie make sure they are highly encrypted as without encrypting attacker can use different methods to steal the cookies.
2. Test URL manipulation
The tester should check if the application passes important information in the query string (url). As url is easily accessible attacker can steal data from url. Tester can modify a parameter value in the query string to check if the server accepts it. Also test for the url entered directly in address bar without navigating from previous page.
3. Test SQL Injection
In UI controls like textboxes enter SQL statements which are always true like '1=1' (with quotes).
Make sure textbox does not accepts ('). If some database error is thrown after insterting above data that means application accepted the input, executed the statement on server. This is highly vunerable.
4. Cross Site Scripting (XSS)
The tester should also test for XSS (Cross site scripting). Any HTML code or any script code should not be accepted by the application. Many web applications use variables in url to pass data to server. E.g.:
http://www.mysite.com/Home.aspx?query=abcd
Attacker can easily pass some <script> code as a ‘query’ parameter. When page is sent, malicious <script> is executed on server.
Note - In order to perform a useful security test of a web application, the tester should have good knowledge of the HTTP protocol. It is important to have an understanding of how the client (browser) and the server communicate using HTTP. Additionally, the tester should at least know the basics of SQL injection and XSS.
Did you like the post? Please share your feedback!