As continues we are using web applications the size of useful data on the web increases, proper security testing of web applications is becoming very important. Security testing is the very much important process of testing life cycle, It is the process to confirm that confidential data stays confidential and users have access to perform only those tasks which are authorized to access.
The purpose of the security test is to discover the vulnerabilities of the web application so that the developers can then remove these vulnerabilities from the application and make the web application and data safe from unauthorized actions.
Key Terms Used in Security Testing
It is like any type of weakness in the web application. The cause of it can be bugs in the application, an injection (SQL/ script code) or the presence of viruses.
Vulnerability can be as simple as weak passwords or as complex SQL injection vulnerabilities.
- http://www.testattack.com/index.php?page=http://www.vulnerabilityattack.com (This attack is for executing attack code on remote server)
2. URL Manipulation
Also known as URL rewriting, is the process of modifying parameters. Websites communicate with servers for sharing information to client (browser). Changing some information in the URL may sometimes lead to abnormal behaviour by the server.
The tester must check url if the application passes important information in the query string. This happens when the application uses the HTTP methods to pass information between the client and the server. The tester can modify a parameter value in the query string to check if the server accepts it.
- http://www.testattack.com/savepage.php?nr=147&status=del (Changed status code from add to del to delete)
- http://www.testattack.com/customerdetails.php?cid=149 (Changed customer Id to view the details of customer id = 149)
3. SQL Injection
This is code injection technique through the web application. In this technique site parameters are passed to database in form of SQL query in order to access database or modify it. Special characters from user inputs should be handled/escaped properly.
Entering a single quote (‘) in any textbox should be rejected by the application. If the tester succeeds to generate a database error, it means that the user details inserted in some query which is then executed by the application. In such a case, the application is vulnerable to SQL injection.
- Write below query in input fields and submit page rather than write in url and post page on server.
- “SELECT * FROM users WHERE username = ‘martin'”;
- “SELECT * FROM users WHERE username = ” or ‘1=1′”;
4. XSS (Cross Site Scripting)
The tester should additionally check the web application for XSS (Cross site scripting). Any HTML e.g. <HTML> or any script e.g. <SCRIPT> should not be accepted by the application.
- <form action=”view.php” method=”GET” /> Welcome <p>Enter your name: <input type=”text” name=”myname” /><br /> <input type=”submit” value=”Find” /></p><br> </form> <?php echo “<p>Your Name <br />”; echo ($_GET[myname]); ?>
5. Password Cracking
In security testing of a web application Password cracking methods can be used to identify weak passwords. It can be start using guessing the common username and password or use of password cracking tool.
If username or password is stored in cookies without encrypting, attacker can use different methods to steal username and password.
- Try to get username and password details from cookie in browser.
- Modify variables using view source and resubmit page.
It is a type of security testing process to find out insecure areas in projects. The main purpose of this testing is to protect the secure/important data from unknown user who is not valid user of the system like hackers.
There are two types of penetration testing, White box testing & Black box testing. In White box testing tester is having all information of system like IP Address, Code & flow diagram & based on available information tester will perform the testing. In Black box testing, tester will perform testing without having any information of system. This will be more accurate testing method as testing done like real hackers.
- Try to get password using reset feature.
- Input validations must be validated server side also.
In this blog we’ve explained common terms which are used in web application vulnerabilities. Also we need to take care while security testing, the tester must be very careful and not to modify any of the following:
- Configuration of the application or the server.
- Services running on the server.
- Existing user or customer data hosted by the application.
Additionally, a security test should be avoided on a production system.