What is Security Testing?
Security Testing intends to uncover threats, viruses, risks, or vulnerabilities of the system and ensure data and resources are protected from possible intruders. It aims at verifying confidentiality, integrity, authentication, authorization, and non-repudiation of the system.
The objective is to expose all the loopholes and fragility of the software which might result in loss of data under security attack.
Objectives of security testing
- To identify virus, threats, and vulnerabilities
- Detecting intrusions such as a denial of service attacks
- Checking for open ports
- Checking integrity of files and week passwords
Types of Security Testing
There are 7 types of security testing which are as below:
Vulnerability scanning: It performed with the help of automated software that scans a system against identified vulnerability.
Security scanning: It identifies the network and system weaknesses and provides the necessary solution. This scanning can be performed by both Manual and Automated way.
Penetration testing: Potential vulnerabilities are detected by simulating the attack that hacker can attempt to hack the system
Risk assessment: The analysis of security risks observed in the organization is being done. Risks are categorized as Low, Medium, and High which will further help to provide measures to reduce the risks.
Security auditing: An internal inspection of the application is done in the browser for checking the security flaws using code.
Posture assessment: This combines security scanning, ethical hacking, and risk assessments to grant the overall security of the organization.
Ethical hacking: It is an attempt to hack the security system of the organization in order to expose the flaws.
Focus of security testing
- Network security
- Support software such as OS, API, Database
- Application code and browser security
- Server security
Security Testing Areas
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It allows an attacker to view data that they are not normally unable to view. This might include data belonging to other users, or any other data that the application itself is able to access. An attacker can modify or delete this data, causing persistent changes to the application’s content or behavior. They can escalate an SQL injection attack to compromise the underlying server or other back-end infrastructure or perform a denial-of-service attack.
Broken Authentication & Session Management
Broken Authentication is in one of the OWASP Top 10 Vulnerabilities. The essence of Broken Authentication is where you (Web Application) allow your users to get into your website by creating a new account and handling it for specific reasons. In Broken Authentication, whenever a user login into its account, a session id is being created, and that session id is allowed to that particular account only
Now if the web application is crafted securely in terms of Authentication, then it is well and good but in case if it is not then the attacker may use several under given techniques.
- Credentials stuffing: In Credential Stuffing an attacker has a standard list of default passwords and usernames. By this list, they can brute-force the accounts and can log in into legitimate accounts. It is hardly recommended for users to change their default usernames and passwords to get secure from such attacks. An attacker can generate a list of Custom passwords also depending upon his prior information to the target by various tools in Linux such as CRUNCH.
- Unhashed Passwords: Changement of clear-text password into scrambled words through which an attacker can be tricked is called hashing of passwords. What an attacker does is, an attacker can intercept the user request as both of them are on the same network. Using the intercepted request they can clearly see the Clear Text Submission Of passwords that users submit on the website. Using this technique user can lose his Account Authorization & Confidentiality.
- Misconfigured Session Timeouts: The scenario where a user had log out of the account and an attacker has the cookie of that user. Using the cookie, an attacker can still have access to that account. Using this type of loophole Cookie Tampering, Session hijacking and other attacks can be chained into one single loophole, which is also known as chaining of bug. Such type bugs are referred to as Misconfigured Session Timeout
Insecure Direct Object Reference
Insecure direct object references (IDOR) are a cybersecurity issue that occurs when a web application developer uses an identifier for direct access to an internal implementation object but provides no additional access control and/or authorization checks. For example, an IDOR vulnerability would happen if the URL of a transaction could be changed through client-side user input to show unauthorized data of another transaction
Cross-Site Scripting (XSS)
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec up until 2007. In 2017, XSS attacks were still considered a major threat vector. XSS effects vary in range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site’s owner network.
If a component is susceptible to attack due to an insecure configuration it would classify as security misconfiguration. This is considered the same vulnerability regardless of whether the misconfiguration occurs in the web server, database, or in custom code. It is further classified as below:
- Prevalence: As security misconfiguration is such a broad category, it is a very common vulnerability. A web application is built upon multiple layers and making a configuration mistake in one of them is quite likely.
- Potential impact: The impact varies and depends on the specific kind of misconfiguration. At worst, it could lead to a full takeover, which means stolen sensitive data and expensive recovery.
- Exploitability: In many cases, this is one of the easiest vulnerabilities to exploit. For example, if a system admin forgets to delete a default account with admin privileges, all an attacker has to do is to simply google the default credentials to log in.
The Web Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control.
This attack can be performed by a malicious user who wants to exploit the application for their own benefit or an attacker who wishes to attack a third-person using a Man-in-the-middle attack. In both cases, tools like Webscarab and Paros proxy are mostly used.
The attack success depends on integrity and logic validation mechanism errors, and its exploitation can result in other consequences including XSS, SQL Injection, file inclusion, and path disclosure attacks.
Unvalidated redirect vulnerabilities occur when an attacker is able to redirect a user to an untrusted site when the user visits a link located on a trusted website. This vulnerability is also often called Open Redirect. Unvalidated redirects and forwards were ranked as uncommon both in 2010 and 2013 when OWASP graded vulnerabilities in their top ten list.
The potential danger of Unvalidated Redirects and Forwards is not to be considered as that serious. The most common use case is phishing attacks or others that also involve Social Engineering, which lowers the potential impact of the vulnerability. It also happens that this is part of a chained attack, where it is only one in a chain of multiple vulnerabilities used. This type of attack is more advanced and therefore not as common.
In most cases, this vulnerability is very easy to exploit, which increases the likelihood of someone finding and abusing it. There have, of course, been cases where it has been much harder to exploit, but as the impact is not that great, the time used to look for the vulnerability is limited. This means it is mainly the easier cases of Unvalidated Redirects and Forwards that are discovered and exploited.