Starting with security testing

QA 2 Minutes

Security test is a group of measures to secure an application against unforeseen actions that can cause the application to stop or to expose data. These actions can be intentional (caused by hackers) or unintentional. So apart from the obvious reasons why you should be sure your application is not vulnerable, you have at organization level:

  • Responsibility
  • Corporate responsibility
  • Regulatory bodies
  • Compliance
  • Legal
  • Financial

And at the technical point of view:

  • Integrity
  • Authorisation
  • Confidentiality
  • No repudiation
  • Availability
  • Authentication

 

So, what should you do when creating some security tests ?

You need to seek permission before you start, then try to learn on sandbox applications or virtual machine, not real environments. Keep focused when doing the tests and prepare in advance threat modelling/survey sessions.

The web security vulnerabilities are prioritized depending on exploitability, detectability and impact on software.

  • What is needed to exploit the security vulnerability?Β 

Highest exploitability when the attack needs only web browser and lowest being advanced programming and tools.

  • How easy is it to detect the threat?Β 

Highest being the information displayed on URL, Cookies, Form or Error message and lowest being source code.

  • How much damage will be done if the security vulnerability is exposed or attacked?

Highest being complete system crash and lowest being nothing at all

 

Threat modelling

A range of techniques for analyzing the security of an application, examples:

  • Data flow diagrams
  • Threat categorization
  • Trust levels

 

You need to understand how the data is manipulated in all levels:

  • Entered
  • Stored
  • Transported
  • Presented

 

What are the assets you want to protect, which can be physical or abstract:

  • Reputation
  • Customer data/client
  • Corporate data

 

Threat Modelling – STRIDE

  • Spoofing
  • Tampering
  • Repudiation
  • Information Disclosure
  • Denial of service
  • Elevation of privilege

 

There are so many ways to check if your application is vulnerable, like:

  • User Inputs
  • Error messages
  • URLs
  • Files and attachments
  • Request/Response headers
  • Insecure User Credentials
  • APIs
  • Cookies

 

If you want to test injection flaws for example, you can exploit by submitting untrusted data, also it is very common and easy to exploit causing extremely damaging problems if not fixed. This type of issue can affect UI elements, URLs, parameters in requests and cookies. Examples of Injection are SQL Injection and Cross Site Scripting,

 

Broken Authentication and Session Management

The causes of a insecure session management may lead to session hijacking, spoofing or fixation and to escalation of privilege. Fairly common, simple to exploit, but can have wide ranging and damaging impact. It can affect session tokens, user credentials, request parameters.

 

Tools

 

Resources:

https://google-gruyere.appspot.com/

https://www.pluralsight.com/courses/hack-yourself-first

https://www.owasp.org/index.php/Main_Page

https://www.ministryoftesting.com/

https://www.guru99.com/web-security-vulnerabilities.html

Published by Rafaela Azevedo

Full Stack SDET with +16 years Experience in QA, +14 years Experience in Test Automation and +8 years in Leadership, Delivering and Releasing Softwares in different platforms (Mobile, Desktop, Web) Became a STEM Ambassador and a STEM Women Member in 2020 making an impact and bringing more people to the STEM area. Contribute to TestProject and instructor of Test Automation University.

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.