General knowledge of security testing
Goals of security testing are simple: finding flaws in your software’s security mechanisms and possible vulnerabilities some may use for malicious impact. Meaning determining how exactly is the system vulnerable and what may such vulnerability lead to is what you are probably doing at your security testing sessions.
Common security breaches:
- SQL Injections. This is probably the most commonly spread type of threat. Malicious and harmful SQL statements are being inserted straight into any entry field by hackers. These types of attack are of the most dangerous ones as are relatively easy to be performed and are of the most harmful ones as well as attackers may gain access to information of critical importance from the database located in the server. This particular type of attack is using loopholes as a tool of achieving malicious goals. Thus all input field should be tested properly.
- Privilege Elevation. This is an attack from an existing account of your system owned by a hacker. Usually, such attack’s purposes is in increasing the account’s system privileges and gaining more rights and authorization. Meaning the hacker may gain access to the systems root code and modify it by will.
- Data Manipulations. Data owned by you will be changed by a hacker to grant him more advantages.
- URL Manipulations. URL query string manipulations are done to capture some important info. HTTP GET method used for information travel from a client to a server allows hackers to do this type of hacking. Yet valley parameters may be modified by a tester to make sure server is not accepting them.
- DoS or denial-of-service. This attack aims to make whatever your software is out of service via different resources that are unavailable to primary users.
- Unauthorized data access. Gaining access to vital data within any app is by far one of the world’s most well-known and used ways of hacking. There are several layers that are endangered with unauthorized access both on servers and on a network. Data may be accessed via several data-fetching operations or monitoring of others accessing the app or a website. Old client authentication data may also be used here.
- XSS or Cross-Site Scripting. This vulnerability may be found in many web apps. Client-side script is injected into pages that are being viewed by other people and tricks such users into clicking a certain URL. Many actions of the malicious code mentioned here may be triggered by such a click. The websites entire behavior may be changed, personal data may be stolen, etc.
Tools that help test security
With such a vast amount of possible dangers it is getting harder to properly test applications. Luckily there are many great tools that will be assisting testers in this dangerous battlefield. Here are some you all may benefit from:
- BeEF. This tool will be focused on a web browser meaning will assist you with finding flaws that may be caused by an open browser.
- Brakeman. A nice little open source scanner of vulnerabilities that is designed especially for one language: Ruby on Rails. The tool analyses app’s code and can find flaws on any development stage.
- Ettercap.This is a handy free open-source tool designed for network security. Man-in-middle or MITM attacks on LAN are of the tool’s strong sides. Network protocol analysis within a security test context is one of the tools best features.
- Metasploit. This framework is also open source and allows users with both development, testing as well as exploit code features. This is one of the best known and well used penetration testing and exploit development tools. Metasploit is also great for searching vulnerabilities.
- nsiqcppstyle.The tool is amazing for coding style checks within C/C++ code.
- Oedipus. A tool written in Ruby and used for source web app security testing and analysis. Its capabilities include parsing of various log types to identify possible threats and vulnerabilities. Oedipus uses gained info to test websites and web apps.
Hope all that was of use to you and we are looking forward to hearing what you may say about web app or website security testing in the comments.