14. Security Testing

Security Testing is a process to determine that an information system protects data and maintains functionality as intended

System Overview In order to identify the threats to an Application, it is essential to have a general understanding of high level architecture, technical implementation, functionality and User Roles of the Application. The Application Overview is commonly captured in a diagrammatic form as Deployment Diagram. The identified threats can also be placed on the diagram with the affected components indicated

System Decomposition involves breaking down the System into its parts in order to gain a deeper understanding of it. The following elements of the web service application are to be broken out to assist threat detection:
  • Assets are the elements that hold important data
  • Entry Points are the avenue for incoming data to enter the system
  • Data Flows represent the paths that the Web Service requests and responses take between Client and Server
  • Functional Use Cases are another source of information that can be used to derive potential threats to the web service
What Next?

1. Threats identification: is possible using STRIDE classification:
  • S - Spoofing covers the broad use of faked Credentials to gain access to resources
  • T - Tampering with data means malicious modification of data
  • R - Repudiation represents the risk that a legitimate transaction will be disowned by one of the participants
  • I - Information Disclosure means that the attacker can gain access to data without permission form Owner
  • D - Denial of Service is a attempt to prevent the legitimate User form Using a service or system
  • E - Elevation of Privileges means a non-privileged User gains privileged access (Normal User is added to Admin Group)

2. List of Vulnerabilities to be Tested:

1) Injection Flaws allows a User to create, read, update and delete any data available in the Application. The Application is susceptible to an injection flaw if the Web Application takes User input and inserts that User input into a back-end database, shell command, or operating system call
  • SQL Injection consists of insertion or injection of a SQL Query via the input data. A successful injection  Exploit can read, insert, update and delete sensitive data from the database. It can also execute the administration operations on the database. 
    •     ------> Learn More - Click here

  • Command Injection The application which executes unwanted System Commands is like a Pseudo System Shell. Command Injection attack is to inject and execute commands in the vulnerable application.
    •     -------> Learn More - Click Here


  • LDAP Injection ( Light Weight Directory Access Protocol) is an attack used to execute the Web Based Application that construct LDAP Statements based on User input.
    •     ------> Learn More - Click here

  • XPath Injection is an attack technique to exploit websites that construct XPath Queries from the User input. XPath is a language used to address the parts of an XML document.
    •     ------>Learn More - Click here
  • Other Injections like Code InjectionXML injection and more can be identified using similar techniques. We must first identify the Sub Systems being used and proceed to further analyse injection possibilities.
2) Authentication and Authorization Vulnerabilities The Attacks on Authentication and Authorization is to crack the Passwords. Authentication is a mechanism whereby system may identify their Users. Authorization is a mechanism whereby system may determine what level of access a particular authenticated User should have.
  • Brute Force Attack involves progressively testing all combinations of Password characters in order to find the real password for a given User Account. 
        -------> Learn More - Click Here
  • Dictionary Attack uses targeted technique of successfully trying all the words in an exhaustive list called a dictionary.
        -------> Learn More - Click here
  • Missing Credential Attack System Response to missing credentials is observed to find out the original credentials. 

  • Confidentiality of Authentication Exchange The Exchange of credentials between two parties should be a secret and this is typically achieved by encrypting the communication.
3) Cross Site Scripting (XXS) are code injections attacks into the various interpreters in the Browser. XXS attack attempts to insert and  store XXS code with the input data and then obtain valuable data as an unauthorized User. 


    ------->Learn More - Click Here
4) Cross Site Request Forgery (CSRF) is an attach that tricks the victim into loading a page that contains a malicious request. The malicious page inherits the identity and privileges of the victim. 


    -------> Learn More - Click Here
5) Session Management Cookies are used to implement Session Management. Cookies store very important data and therefore they are vital in the overall security of the Application. So cookies can be hijacked and as a result Sessions and store data are affected. 

    ------->Learn More - Click Here

6) Fuzzing or Fuzz Testing is used to find implementation bugs using malformed/semi-malformed data injection in automated fashion.
    -------> Learn More - Click Here

'Software Testing Certifications' topic will be explained in the next post.