What is security testing and why it is so important?

Copyright © 2019 ONE BCG. All rights reserved.
Security Testing - Processes &
Techniques

2
• Why security testing is important?
• What is security testing
• Examples of security flaws in an application
• How does Security Testing add value to organizations?
• Types of Security Testing
• Security Testing Techniques
• Security Testing Tools
Agenda

3
Sensitive information like User Name/
Passwords,Credit/Debit card details or
private information stored online.
Security testing is to recognize the threats
in the system and measure its possible
vulnerabilities, so the system does not stop
functioning or is exploited.
Why Security Testing is Important?

4
• It ensures software applications are free from any vulnerabilities, threats, risks that
may cause a big loss.
• It is about finding all possible loopholes and weaknesses of the system which might
result in a loss of information or revenue.
• The goal of security testing is to identify the threats in the system and measure its
potential vulnerabilities, so the system does not stop functioning or is exploited.
• It also helps in detecting all possible security risks in the system and help developers
in fixing these problems through coding.
What is security testing?

5
• A Student Management System is insecure if the ‘Admission’ branch can edit the data
of ‘Exam’ branch
• An ERP system is not secure if DEO (data entry operator) can generate ‘Reports’
• An online Shopping Mall has no security if the customer’s Credit Card Detail is not
encrypted
• A custom software possess inadequate security if an SQL query retrieves actual
passwords of its users
Examples of security flaws in an application

6
• In today’s interconnected world with consumers depending more on online channels
to make transactions, any security breaches lead to a loss in customer confidence
and ultimately revenue.
• As security attacks have grown exponentially, security testing is the only discipline
that helps an organization identify where they are vulnerable and take corrective
measures to prevent as well rectifies the gaps in security.
• More and more organizations are getting the security audits done and testing
measures to ensure that the critical applications are shielded from any breaches or
unintended penetration.
Security Testing add value to organizations

7
Types of Security Testing

8
• Vulnerability testing:
– The automated computer program to proactively identify security vulnerabilities
of computing systems in a network to determine where a system can be exploited
and/or threatened.
– Generally done through various vulnerability scanning software. Ex: OpenVas,
Nessus, ZAP, Vega, and ISS.
– https://www.youtube.com/watch?v=koMo_fSQGlk
• Security Scanning
– This is a program that communicates with a web application through the web
front-end to identify potential security vulnerabilities in the web application, OS
and Networks.

9
• Penetration Testing
– A penetration test is an attack on a computer system to find security loopholes,
potentially gaining access to it, its functionality and data.
– Tester may try to enter into the application / system with the help of some other
application or with the help of combinations of loopholes that the application
has kept open unknowingly.
– It is the most effective way to practically find out potential loopholes in the
application

10
• Risk Assessment
– This is a process of assessing and deciding on the risk involved with the type of
loss and the possibility of vulnerability occurrence.
– This is determined within the organization by various interviews, discussions
and analysis.
• Security Auditing
– Security Auditing involves hands on internal inspection of Operating Systems
and Applications, often via line-by-line inspection of the code.
– A security audit is a systematic evaluation of the security of a company's
information system.

11
• Posture Assessment
– It combines Security Scanning, Ethical Hacking and Risk Assessments to show
an overall Security Posture of the organization.
• Ethical hacking
– Ethical Hacking involves number of penetration tests over the wide network on
the system under test. It is conducted by ethical hackers to find possible
problems in the system.

12
• Access to the Application
– Authentication:
Example: Some of the authentication tests include a test for
password quality rules, test for default logins, test for password
recovery, test captcha, test for logout functionality, test for
password change, test for security question/answer, etc.
– Authorization:
Example: Some of the authorization tests include a test for path
traversal, test for missing authorization, test for horizontal access
control problems, etc.
Security Testing Techniques

13
• Data Protection
– Data Manipulation
• In data manipulation, a hacker changes data used by a website to gain some
advantage or to embarrass the website’s owners. Hackers will often gain
access to HTML pages and change them to be satirical or offensive.
• Tools: Fidler, Charles Proxy, Web Sniffer, Burp Suite
• https://www.youtube.com/watch?v=8bo5kXMAcV0
– URL Manipulation
• URL manipulation is the process of manipulating the website URL query
strings & capture of important information by hackers. This happens when
the application uses the HTTP GET method to pass information -

14
between the client and the server. The information is passed in parameters in the query
string. The tester can modify a parameter value in the query string to check if the server
accepts it.
- File Uploads
• Only valid files should be permitted for uploading.
• http://demo.guru99.com/Security/SEC_V1/customer/contactus.php
• In the above link the upload file menu, currently accepts any file format
including .exe, PHP, Js, etc.
• A malicious user can upload a virus or executable file and using The file
size should also be checked so that users do not upload large files that
would eat up the server space.

15
● Command Execution
– SQL Injection:
• SQL Injection constructs illegal SQL statements on a web site application
from user-supplied input.
• https://www.guru99.com/learn-sql-injection-with-practical-example.html
• https://www.youtube.com/watch?v=WFFQw01EYHM
– Buffer Overflow:
• Buffer Overflow occurs when a program or process tries to store more data
in a buffer (temporary data storage area) than it was intended to hold.
• https://www.youtube.com/watch?v=mTrTwg03N9M

16
• Client-Side Attack
– Content Spoofing :
• Content Spoofing tricks a user into believing that certain content appearing
on a website is legitimate and not from an external source
• https://www.geeksforgeeks.org/content-spoofing/
– Cross-Site Scripting :
• Cross-site Scripting (XSS) forces a web site to echo attacker-supplied
executable code, which loads into a user’s browser.
• https://www.acunetix.com/websitesecurity/cross-site-scripting/
• https://www.youtube.com/watch?v=cbmBDiR6WaY

17
• Brute Force Attack
– Brute Force Attack aims at being the simplest kind of method to gain access to a
site: it tries usernames and passwords, over and over again, until it gets in.
– The most obvious way to block brute-force attacks is to simply lock out
accounts after a defined number of incorrect password attempts.
– https://www.youtube.com/watch?v=25cazx5D_vw

18
• DOS Attack
– A denial of service (DoS) attack is a malicious attempt to make a server or a
network resource unavailable to users.
– Consider a functionality (such as registration) which typically does not require
authentication. An attacker can easily place a heavy load on the server by
simulating multiple registration operations and by feeding in arbitrarily huge
input data through the registration fields, thus placing a further load on the
server and also consuming database connections. This could cause the server to
crash or slow down to a crawl.

19
• Forceful Browsing
– A malicious user can access the complete application from different browsers
without login.
– How to perform: Log in to an application then copy the URL now paste it in
another browser and check whether the user is logging in or redirected to the
login page.
– Recommendation: The application must implement proper session/cookie
management on the server-side, to ensure strict access control. This would avoid
any user indirectly copy-pasting of the link to get unauthorized access into the
internal pages.

20
• Spoofing
– Website/Email Id/Caller Id/IP Address/Mac Address/DNS/GPS Location
– https://www.youtube.com/watch?v=YKH2VJvQJfc
• Session Management
– A web session is a sequence of the HTTP request and response transactions
linked with the same user. The session management tests check how session
management is handled in the web app.
– You can test for session expiry after particular idle time, session termination
after maximum lifetime, session termination after log out, check for session
cookie scope and duration, testing if a single user can have multiple
simultaneous sessions, etc.

21
• Phishing Attack
– It is a technique that uses trickery and deceit to obtain private data from users.
– A hacker may try to impersonate a genuine website such as yahoo and then ask
the unsuspecting user to confirm their account name and password.
– This technique could also be used to get credit card information or any other
valuable personal data.

22
• Session Timeout.
• A session should terminate when the user is gone through an error page.
• Autofill should be off.
• Check whether an application is able to view the authenticated page using the back
button of the browser.
• Check whether It is possible to view the contents of the authenticated pages by fetching
the page from the browser cache memory and history.
• Users should not have the option to remember the password as this may give
unauthorized access to malicious users.
Other Security Checks

23
• OpenVas: This tool is used for Vulnerability Testing
• Websecurity: This tool is used for Vulnerability Testing
• Wapity: This tool is used for Vulnerability Testing
• Vega: This tool is used for Vulnerability Testing
• Zed Attack Proxy(ZAP): This tool is used for Penetration Testing
• Iron Wasp: This tool is used for Vulnerability Testing
• SQLMap: This tool is used for SQL Injection
• BeEF(Browser Exploitation Framework): This tool is used for Penetration Testing
Security Testing Tools

24

What is security testing and why it is so important?

More Related Content

What's hot (20)

Similar to What is security testing and why it is so important? (20)

More from ONE BCG (11)

Recently uploaded (20)

What is security testing and why it is so important?