Security Testing – Threats, Tools & Techniques

security-testing-tools-threats-techniques-blog-image

Security testing is performed to determine the security flaws and vulnerabilities in software. The rise in online transactions and advancing technology makes security testing an inevitable part of software development process. It is the best way to determine the potential threats in software, when performed regularly.

Security testing looks into the following aspects of a software:

  • Authentication
  • Authorization
  • Confidentiality
  • Availability
  • Integrity
  • Non-repudiation
  • Resilience

IMPORTANCE

Why is security testing necessary?

Those who skip the process in order to save time are actually putting their business in trouble. You cannot afford to ignore security testing for the following reasons:

  • Security threats can cause your customers to abandon your services
  • Loss of customers means decrease in revenue generation
  • Undoing the mistakes at a later stage can cost you more than detecting them and rectifying them at the earliest
  • Better security can save you from the extra expenses in future
  • Customers can sue you for their personal information being leaked, which of course, is the result of security flaws existing in the software or application

THREATS

There are various kinds of security threats that the software or application is prone through that may cost your business, if not identified. With advancement in technology attackers are inventing new ways to break into the security mechanisms of a system. Therefore, it’s necessary for the testers to be aware of the various kinds of security threats and find solutions to tackle them. Here are some of the common security threats that testers come across during the testing process:

SQL Injection

This type of security attack happens when the hacker inserts harmful SQL statements into the entry field for execution. The consequences of SQL injection is quite severe that it leads to leakage of classified information from the server database. This type of attack is possible only when there are loopholes in the execution of software or applications. It can be prevented by thoroughly checking he various input fields like text boxes, comments, etc. Also, it’s necessary to rightly handle or never use special characters are either in the input.

Privilege elevation

In this type of attack, the hackers use his/her existing account to raise the privileges to higher levels than what he/she deserves. If the hacker becomes successful in doing so, he/she will use the privilege to run the code and the system will eventually give in.

URL manipulation

It is the process where hackers make changes to the URL query string to access information. Applications that use HTTP GET method to pass information between client and server are usually prone to this kind of attack.  In the HTTP GET method, information is passed in the parameter in the query string. Therefore, the tester must modify the parameters to see if the server accepts it.

Unauthorized data access

This is one of the popular security attacks where the hacker gains access to data by unauthorised means. This includes:

  • Use of data-fetching operations to gain access
  • Gaining access to reusable client authentication information by keeping track of the success of others
  • Gaining access to data by monitoring the access of others

Data manipulation

Data manipulation involves hackers gaining access to website or application data and makes changes to it for their own advantage or to humiliate the owner of the application/website. The hacker does this by accessing the HTML pages of the website.

Identity spoofing

It is a type of security attack where the hackers use the credentials of a valid user or device for attacking the network hosts, for data theft and for gaining advantage over access controls. IT- infrastructure and network-level mitigations are required to prevent such attacks.

Denial of Service

Through denial-of-service attack, the attacker aims at making a system or network resource unavailable to the valid users.  When applications or software are prone to such attacks, the application or the entire system may end up being unusable.

Cross-site scripting (XSS)

It is a major security risk found in web applications. XSS allows attackers to insert client-side script in web pages that are viewed by other users and manipulate them into clicking the URL.  After the user clicks the URL, the code changes the way the website behaves and gives access to the attacker to steal personal data and other critical information.

TECHNIQUES

Now that you have a list of possible security vulnerabilities, what techniques can be used to tackle them? Let’s see:

Cross Site Scripting (XSS)

The testers must check the web applications for cross site scripting.  They must ensure that the application doesn’t accept any HTML (e.g.: <HTML>) or any script (e.g.: <SCRIPT>). If it does, the application will be prone to XSS. This will allow the

attackers to insert harmful scripts into the application or to manipulate the URL of the user’s browser to steal information. Cross site scripting must be performed for apostrophe and greater-than and less-than signs.

Ethical hacking

Ethical hacking is performed by individuals or companies to identify potential vulnerabilities in an application that provides path for the attacker to gain access to its security mechanism. An ethical hacker or white hat, as they are called, tries to break into the application to look for vulnerabilities that the hackers, also known as black hats, can utilize to their advantage.

Password cracking

Hackers use password cracking tools or guess the commonly used username/passwords In order to extort private information. The commonly used usernames/passwords are usually available online along with open source password cracking tools. Therefore, it is important to perform testing for password cracking.

Penetration testing 

Penetration test is an authorized attack on a computer system, network or applications to detect security loopholes that hackers can put to use.

 Security scanning

It is a program meant to detect web application vulnerabilities by communicating with the application through web front-end.

Security auditing

Security audit is a methodical evaluation of the security of a company’s information system to see how well it complies with a particular set of guidelines.

 Risk analysis

This process involves evaluation of potential risks, where each risk is analysed and measured. Detecting defects and rectifying them after the software hits the market is expensive. Therefore, it is important to deeply analyse the various types of risks and identify the areas that are prone to security risks. By understanding the vulnerabilities and acting at the earliest can reduce the risk of security threats after the software or application reaches the users.

SQL injection

SQL injection attacks are very harmful as the attackers try to extort confidential information from the server database. When a tester enters a single quote (‘) in any textbox, it must be rejected by the application. On the contrary, if the application shows a data base error, it means that any input entered in a query has been executed by the application.

This means that the application is prone to security vulnerabilities. But, how do you find the areas of the application that are liable to such threats? Just check for codes from the code data base of your application where direct MySQL queries are executed by accepting any user inputs. SQL injection testing can be performed for apostrophes, brackets, commas and quotation marks.

Posture assessment

Posture assessment is a combination of ethical hacking, security scanning and risk assessment and is used to determine the overall security posture of an organization.

Vulnerability scanning

Vulnerability scanning helps to identify the security threats and to determine he areas in an application or network that are prone to potential vulnerabilities.

Testing for URL manipulation

Attackers find it easy to perform URL manipulation in application that use HTTP GET method for server client communication. This method involves passing of information through parameters in the query string. Therefore, the tester must check if any confidential information is being passed through the query strings. Also, ensure that the server doesn’t accept any invalid parameter values in the query strings.

TOOLS

There are different kinds of security testing tools that help to identify the security flaws in your application, on time.

Application testing tools

The application testing tools help to identify the potential vulnerabilities that exist in your application before it hits the market and gives you ample time to rectify the defects. When you use application testing tools, nothing can stop your business from staying ahead in the competition and earning profits. Selenium,

IBM Rational Robot, Rational Functional Tester (RFT), Apache Jmeter etc. are all examples of application testing tools.

Code review tools

Code review involves assessment of the application source code.  The tools used for code review help to identify mistakes in the development phase itself, thus helping to polish up the developer’s skills while maintaining the overall quality and security of the software. Collaborator by SmartBear, Crucible and Reviewable are some of the best code review tools available.

Penetration testing tools

Sometimes, manual testing won’t be enough to identify all risks existing in an application. Penetration testing tools play an important role in such occasions. They are used to perform penetration test so as to automate some of the tasks, for efficient testing and to detect defects that are not usually visible during manual testing. Some of the most powerful penetration testing tools include metasploit, wireshark, w3af and CORE Impact.

Runtime Application Self Protection (RASP)

It is an inbuilt security technology in an application that helps to identify and tackle real-time application attacks.

Security review software

If not internally developing their own software, businesses tend to outsource their software development or may use third party software at times. However it is, the applications come with their own set of risks. Security review software helps to identify the risks that come with such applications.

Software testing tools

Securing of enterprise network has made attackers shift their focus to application layers. As a result, they are prone to 90% of the vulnerabilities in an application. The only way to protect your application from such vulnerabilities is to perform software testing and code analysis in detail right from the initial stages of software development. Selenium, Coded UI Test, Sahi and Unified Functional Testing (UFT) are examples of some of the best software testing tools.

Vulnerability assessment tools

Vulnerability assessment tools help you to identify the potential risks and get rid of them before they cause any damage to your business and its reputation. Some of the best vulnerability assessment tools available include STAT, Nmap and DB-scan.

Vulnerability assessment and penetration testing tools (VAPT)

Vulnerability assessment and penetration testing are two different kinds of testing, with different strengths. When combined together, they help to achieve overall analysis of an application.

Vulnerability scanning

As mentioned above, sometimes, businesses purchase third party software or may outsource software development which can’t guarantee that they are risk-free. Vulnerability scanning helps to identify loopholes, harmful codes and similar other threats in such software.