What is Security Testing?
Security testing is a Non-Functional Testing process to determine that security mechanism of an information system protects data and maintain functionality as intended. It is done to check whether the application or the product is secured or not. It checks whether there is any information leakage in encrypting the application or using wide range of software, hardware and firewall etc. It ensures that no one can hack the system and login to the application without any authorization.
ISTQB Definition : Security Testing is a type of software testing that intends to uncover vulnerabilities of the system and determine that its data and resources are protected from possible intruders.
Principle of Security Testing : Confidentiality, Integrity, Authentication, Availability, Authorization and Non-Repudiation.
There are four main focus areas to be considered in security testing (Especially for web sites/applications):
- Network security: This involves looking for vulnerabilities in the network infrastructure (resources and policies).
- System software security: This involves assessing weaknesses in the various software (operating system, database system, and other software) the application depends on.
- Client-side application security: This deals with ensuring that the client (browser or any such tool) cannot be manipulated.
- Server-side application security: This involves making sure that the server code and its technologies are robust enough to fend off any intrusion.
Why Security Testing?
- Loss of customer trust.
- Disturbance to your online system leads to revenue impact.
- Website downtime leads to time loss and expenditures in recovering from damage.
- Cost associated with securing web applications against future attacks.
- Related legal implications and fees for having lax security measures in place.
- Privilege Elevation: When a hacker has an account on a system and uses it to increase his system privileges to a higher level.
- SQL Injection: Malicious SQL statements are inserted into an entry field for execution to get critical information from the server database.
- Unauthorized Data Access : Gaining unauthorized access to data within an application from servers or on a network.
- URL Manipulation : Application uses HTTP GET method to pass information between the client and the server and attackers manipulating the website URL query strings & capture of the important information.
- Denial Of Service : (DoS) attack is an explicit attempt to make a machine or network resource unavailable to its legitimate users.
- Cross-Site Scripting (XSS) : XSS enables attackers to inject client-side script into Web pages viewed by other users and trick a user into clicking on that URL.
- Data Manipulation : Hacker changes data used by a website in order to gain some advantage or to embarrass the website’s owners.
- Identity Spoofing : Hacker uses the credentials of a legitimate user or device to launch attacks against network hosts.
Security Testing Techniques
- SQL Injection : Entering a single quote (‘) in any text-box should be rejected by the application. Instead, if the tester encounters a database error, it means that the user input is inserted in some query and that is executed by the application.
- Cross Site Scripting (XSS): The tester should additionally check the web application for XSS (Cross site scripting). Any HTML e.g. <HTML> or any script e.g. <SCRIPT> should not be accepted by the application.
- Ethical Hacking : This helps identify potential threats on a computer or network. An ethical hacker attempts to bypass the system security and search for any vulnerability that could be exploited by malicious hackers aka Black hats.
- Password Cracking : Hackers can use a password cracking tools to crack passwords. Until a web application enforces a complex password (long password with combination of numbers, letters, and special characters), it is easy to crack.
- Penetration Testing : A penetration test is an attack on a computer system with the intention of finding security loopholes, potentially gaining access to it, its functionality and data.
- Risk Assessment : This is a process of assessing and deciding on the risk involved with the type of loss and the possibility of vulnerability occurrence.
- Security Auditing : A security audit is a systematic evaluation of the security of a company’s information system by measuring how well it conforms to a set of established criteria.
- Security Scanning : This is a program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application, OS and Networks.