A security testing is the most essential testing in the software field ,the users might compromise on the design or on the aspects based functionality, but security will not be compromised at any stage.
What makes this thing a diamond in the testing field is the confidentiality that any human what to keep on their activities, Its basic human nature to keep a secret by themselves, they don’t want any external interference in their data and of course the risks that a leaked data can cause such as:If a net banking details or credit card details are stolen then the person’s whole life’s savings will be finished in seconds
A security breach in a software can cause many adverse affects most dangerous one is the data theft and rest are like Application crashing, Database damages, Application design break or unauthorized content manipulation
Today Web application is the most commonly used IT product, we have web application for most of anything in this world. We are now using web applications for many things in our daily life like Social media, Food ordering, Online shopping, Internet banking etc.
It has limitless application in our day to day life.
So if a Web application is a common one and is used by vast customers on a day to day basis that one will definitely be tried to attack, such web applications should be tested with all the latest available security testing methods and frequent security and vulnerability tests should be done to ensure its safety.
The Web application can either be public or will be restricted one(to particular IP in most cases).The Public one here is most prone to attacks as it is publicly available to all.
Some of most common Security vulnerabilities in Web Application are:
SQL Injection :Using SQL injection an attacker can interfere with the SQL queries that an application makes to its database. Using this An attacker can fetch the data in database or corrupt the database
Cross Site Scripting: Here a malicious script is set in the vulnerable part of the web application and when the user interacts with that section the script is executed. A severe malicious script can lead to user losing the account permanently
Broken Authentication and Session Management: Here there is a potential to steal a user’s login data or clone session data to gain unauthorized access to users Account
Insecure Direct Object References: It is an access control vulnerability that arises when the critical information such as id or password is passed directly without any encryption to access any object.
Cross Site Request Forgery: This security flaw allows an attacker to make a user into submitting a web request that they did not intend. attack.
Distributed Denial of Service Attack: This type of attack involves a group of computers being harnessed together by a attacker and they flood the application with traffic
Insecure Cryptographic Storage: As the name itself says here a poorly encrypted data is targeted by attackers.
Failure to restrict URL Access :A web application will have url to access different contents and some path will be restricted to particular users or IP’s ,so failing to restrict the access to such path will make the Application vulnerable to attacks
Security test methodology
Vulnerability Scanning: Automated software is used to scan the application against known vulnerability signatures.
Security Scanning: Here the system weakness is identified and later it is fixed. Usually this is done based on a previously planned set of criteria. This can be done manually or automation
Penetration testing: It is an attack on a system with the intention of finding security breaches and loopholes, potentially gaining access to its functionality and data.
Risk Assessment: This testing includes analysis of security risks observed in the application. E.g. If a login to an account is done via Facebook.and that Facebook account is under attacked then our system is also possible under threat .So such assessments are done in Risk assessment and provide measures to avoid it.
Security Auditing: A security Auditing is like any other general auditing it inspects the application on a scheduled basis for find security flaws
Ethical hacking: Unlike external hackers, who steal for their own gains, this is done by the company authorised personals to find the vulnerabilities before an external hacker finds it.
Posture Assessment: It is a combination of Security scanning, Ethical Hacking and Risk Assessments to show an overall security posture of an organization.
Commonly Used Open source Testing tools:
Owasp ZAP
ZAP exposes:
- Application error disclosure
- Cookie not HttpOnly flag
- Missing anti-CSRF tokens and security headers
- Private IP disclosure
- Session ID in URL rewrite
- SQL injection
- XSS injection
Wapiti
Vulnerabilities exposed by Wapiti are:
- Command Execution detection
- CRLF injection
- Database injection
- File disclosure
- Shellshock or Bash bug
- SSRF (Server Side Request Forgery)
- Weak .htaccess configurations that can be bypassed
- XSS injection
- XXE injection
SQLMap
- Command Execution detection
- CRLF injection
- Database injection
- File disclosure
- Shellshock or Bash bug
- SSRF (Server Side Request Forgery)
- Weak .htaccess configurations that can be bypassed
- XSS injection
- XXE injection
Wfuzz
- LDAP injection
- SQL injection
- XSS injection
W3af
- Blind SQL injection
- Buffer overflow
- Cross-site scripting
- CSRF
- Insecure DAV configurations
Amal PV
Experienced in testing and doing advanced software security techniques in accordance with technical architecture. Good in executing on-going security testing and code review to improve software security.
English 
Japanese