Security testing for any software is mainly done to ensure that the ‘Confidentiality and Integrity’ of software/application is secured. The purpose of the security test is to discover the vulnerabilities within software, to make sure software or website is safe from any outside malicious attacks. Along with that security testing ensures that users who are authenticated and authorized can only access software or can do certain sensitive transaction in an application.
A typical security requirement for software includes specific elements of “Confidentiality, Integrity, Authentication, Availability, Authorization and Non-repudiation”.
Below are various ‘Security checks/Aspects’ that QA needs to test while performing Security testing:-
Password Cracking /Confidentiality:-
In order to log in to the private areas of the application or to access the sensitive data, one can either guess a username/ password or use some ‘Password cracker’ tool for the same. Lists of common usernames and passwords are available along with open source password crackers. If the web application does not enforce a complex password, it may not take very long to crack the username and password. If username or password is stored in cookies without encrypting, attacker can use different methods to steal the cookies and then information stored in the cookies like username and password.
Bizsense QA check all the possibilities in-terms of authentication and authorization and make sure that Software application is safe and secure in-terms of confidentiality.
The application will have to use industry standard encrypting/decrypting techniques to save/retrieve the username/password or any critical data.
SQL injection is code injection technique through which attackers can corrupt application database or can hack/retrieve sensitive data. SQL injection attacks are very critical as attacker can get vital information from server database. Bizsense QA verify each and every text-field, forms in the application and make sure that it is not allowing any SQL command to be executed from the UI. Similarly Web application should handle or render input data correctly when characters like “1=1” or ‘‘are entered from application UI (through textfields or textarea).
Similarly Bizsense QA test ‘Command Injection’ scenarios malicious user can try to enter input data in an application which can be interpreted as an operating system command. This type of vulnerability can allow an attacker to gain full access over the server and the web application.
HTTP Header Injection/ Manipulation:-
Some web applications communicate additional information between the client (browser) and the server in the URL or between third party websites. Changing or editing some information in the URL may sometimes lead to unintended behavior by the server. Similarly someone can manipulate client/server session and cookies to manipulate the server request. This can cause some serious problems. To avoid this Bizsense QA test HTTP header and URL aspects to make sure that application/software can handle such attacks.
-Use of HTTPS instead of HTTP is highly recommended for websites handling financial data.
Cross Site Scripting (XSS):-
As Bizsense tester we always check the web application for XSS (Cross site scripting). Any HTML tag should not be accepted by the application. If it is, the application can be prone to an attack by Cross Site Scripting.
Following are some of sample testing scenarios for Security Testing:-
- Check for SQL injection attacks.
- Secure pages should use HTTPS protocol.
- Error messages should not reveal any sensitive information.
- All credentials should be transferred over an encrypted channel.
- Test password security and password policy enforcement. Password and other sensitive fields should be masked while typing.
- Cookie information should be stored in encrypted format only. Password should not be stored in cookies.
- Check session cookie duration and session termination after timeout or logout.
- Test unauthorized application access by manipulating variable values in browser address bar.
- Check if access privileges are implemented correctly.
- Test for memory leakage in software.