Security Testing

Software Security testing:-

Security testing is a process to determine a qualitative information system protects data and maintains functionality as required.

 Software security testing verifies software quality complies with security requirements.  Software security is always relative to the qualitative information and services being protected, the skills and resources of adversaries, and the costs of potential assurance remedies.

In simple words Software Security testing is the process that determines confidential data stays confidential (i.e. it is not exposed to individuals/ entities for which it is not meant) and users can perform only those tasks that they are authorized to perform (e.g. a user should not be able to deny the functionality of the web site to other users, a user should not be able to change the functionality of the web application in an unintended way etc.).

Software Security = breaking stuff + building quality stuff

Software security basically works on two phases

·         Offense and defense

·         Breaking and building quality

Software Security design is based on software quality engineering & security analysis based on attack. Software security testing has two pillars

·         Functional security testing (constructive)

·         Risk-based security testing (destructive)

Importance of Software Security Testing

• Software Security test helps in finding out loopholes in the software that can cause loss of important qualitative information and allow any intruder enters into the systems.
• Software Security Testing helps in improving quality of current software system and also helps in ensuring that the system will work as required.
• Software security if involved right from the first phase of software development life cycle (SDLC), security testing can help in eliminating the flaws into design and implementation of the software quality and in turn help the organization in blocking the potential software security loopholes in the earlier stage which is beneficial to the organization in aspects like financially, security and even efforts point of view.

What actually are we protecting?

• Customer information :-  Most of the customer information like name, SS#, address, etc. is behind the web applications
• Employee information:- Protecting employee information is critical and hackers can get to it easily
• Credit Card information :- Hackers can get to your credit card information by coming through applications
• Patient information: - Most of the patient information can be accessed by hacking through the web applications.

Different types of Software security testing:-

Following are the main types of software security testing:

1.       Software Security Auditing: Software Security Auditing includes direct inspection of quality application developed, Operating Systems & any software system on which it is being developed. This also involves code walk-through. In short : Software Security Auditing involves hands on internal inspection of Operating Systems and Applications, often via line-by-line inspection of the code.

2.       Software Security Scanning: It is all about scanning and verification of the software system and applications. During security scanning, auditors inspect and try to find out the weaknesses in the software security that includes: OS, applications and network(s). It is Vulnerability Scan plus Manual verification. The Security Analyst will then identify network weaknesses and perform a customized professional analysis.

3.       Software Vulnerability Scanning: Software Vulnerability Scanning is weakness in the web application. The cause of such a “weakness” can be bugs in the application, an injection (SQL/ script code) or the presence of viruses. Examples of this software are Nessus, Sara, and ISS.

4.       Software Risk Assessment: Risk assessment is a method of analyzing and deciding the risk that depends upon the type of quality loss and the possibility/probability of quality loss occurrence. Risk assessment is carried out in the form of various ways like, interviews, discussions and analysis. It helps in finding out and preparing possible backup-plan for any type of software potential risk. Risk Assessment involves a security analysis of interviews compiled with research of business, legal, and industry justifications.

5.       Software Penetration Testing: In this type of testing, a tester tries to forcibly access and enter the application under test. In the penetration testing, a tester may try to enter into the application/system with the help of some other application or with the help of combinations of quality loopholes that the application has kept open unknowingly. Penetration test is highly important as it is the most effective way to practically find out potential loopholes in the application.

Penetration Testing takes a snapshot of the security on one machine, the “trophy”. The Tester will attempt to gain access to the trophy and prove his access, usually, by saving a file on the machine. It is a controlled and coordinated test with the client to ensure that no laws are broken during the test

6.       Software Ethical Hacking: It’s a forced intrusion of an external element into the software system & applications quality that are under Security Testing. Ethical hacking involves number of penetration tests over the wide network on the system under test.

Security Testing Methods:-

1.

SQL Injection

This is the process of inserting SQL statements through the web application user interface into some query that is then executed by the server to assure the quality of the software.

Ø  What is it?: Database contents are compromised or disclosed by the use of specially crafted input that manipulates SQL Query Logic.

Ø  Root Cause: Failure to properly scrub, reject, or escape domain-specific SQL characters from an input vector.

Ø  Impact: Data confidentiality, integrity, and availability with the ability to read, modify, delete, or even drop database tables.

Ø  Solution: Define accepted character-sets for input vectors, and enforce these white lists rigorously. Force input to conform to specific patterns when other special characters are needed: dd-mm-yyyy. Also, use SQL Prepared Statements.

2.       Directory Traversal

Ø  Attacker notices the URL

Ø  He modifies it to another directory by adding /.../

Ø  Attacker views other file

Ø  Quality Assurance broken

3.       Tampering

Parameter tampering is a type of Web-based hacking event (called an attack) in which certain parameters are entered in the Uniform Resource Locator (URL) or Web page application which in turn changes user’s information without user's authorization.

Some web applications communicate additional information between the client (browser) and the server in the URL. Changing some information in the URL may sometimes lead to unintended behavior by the server which hampers the quality of software application developed.

4.       JS Injection

JavaScript injection is a process of inserting and using JavaScript code in a URL, either by entering the code into the address bar, or by finding XSS vulnerability in a website. Note that the changes can only be seen by you and are not permanent. This is because JavaScript is a 'client-side' language

5.       XSS(Cross side scripting) Injection Vulnerabilities

Cross-site scripting (XSS) is a type of software security vulnerability typically found in web applications that enables malicious attackers to inject client-side script and hamper quality of the software viewed by users.