The philosophy of Responsible Testing is driven by a defined process that provides an additional layer of security for the software product. Read here.
Security Testing ensures that an application is protected from malicious activities and maintains functionality as intended. It helps applications to ensure that their sensitive data/information is not subjected to any breach.
If an application is not secure and a hacker finds a vulnerability in the application, it will be exploited, with predictable outcomes such as:
- Damage to an organization’s brand name
- Negative impact on customer impression with the added risk of relationship loss.
- Added costs related to fixing the vulnerability post-production
Related: Identify and Mitigate Security Risks with Proven Security Testing Strategies
The Six Principles of Security Testing to Secure the Environment:
- Confidentiality: This is equivalent to privacy, and it has a set of rules which limits access to information. It protects against disclosure of information to unintended recipients, and is designed to prevent sensitive information from reaching the wrong people. It ensures that only the designated person gets the information and access will be restricted to those authorized to view the data in question.
- Integrity: It involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle, and allows transferring accurate and desired information from senders to intended receivers. It ensures that data cannot be altered by unauthorized people (for example, in a breach of confidentiality).
- Authentication: This confirms the identity of a user and allows a user to have confidence that the information he receives originated from specific known sources.
- Authorization: It specifies access rights to the users, based on the user role.
- Availability: Ensures the readiness of the information on requirement. To simplify, information must be available to authorized person(s) when they require it. Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed and maintaining a correctly functioning operating system environment that is free of software conflicts. [ref: http://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA]
- Non-repudiation: This ensures there is no denial from the sender or the receiver for sent /received messages. It exchanges authentication information with provable time stamp, for example, `session id’ and so forth.
Confidentiality, Integrity and Availability, also known as the CIA triad, is a model designed to guide policies for information security within a company. The model is also sometimes referred to as the AIC triad (Availability, Integrity and Confidentiality) to avoid being confused with the Central Intelligence Agency. [Ref: http://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA]
There are different techniques which are used in Security Testing:
- SQL Injection: This technique consists of injecting a SQL query using input fields of the application as a hacker can perform a CRUD operation in the application if the DB is not secure.
- Broken Authentication and Session Management: Authentication and session management includes all aspects of handling user authentication and managing active sessions. When authentication is not implemented correctly or it is broken, it empowers hackers to compromise passwords or session ID’s or to exploit other implementation flaws using other users’ credentials.
- Cross-Site Scripting (XSS): This is a type of injection which allows attackers to inject Client side script, malicious scripts or URLs into web applications. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
- Insecure Direct Object References: This occurs when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly, for example database records or files.
- Security Misconfiguration: This is one of the easiest targets for hackers because it is commonplace. Configuration weaknesses are usually found in web applications like weak or default passwords, out-of-date software, unnecessary features that are enabled, and unprotected files or databases.
- Sensitive Data Exposure: This remains a major concern affecting almost every company around the globe that uses web applications. This occurs when an application does not adequately protect sensitive information from being disclosed to attackers. It includes information such as Credit card/Bank Account, health records, personal Information etc.,
- Missing Function Level Access Control: One should verify the functional level access rights for all requested actions by a user. If it is not checked, unauthorized users may be able to penetrate critical areas of web applications without proper authorization.
- Cross-Site Request Forgery (CSRF): A Cross-site Request Forgery, aka CSRF or one-click attack, is a diffused security issue where unauthorized commands are sent from the user’s browser to a web site or a web application. CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address and so on.
- Using Components with Known Vulnerabilities: Vulnerabilities in third-party libraries and software – OS itself, CMSs used, the web server, plugins installed – are extremely common and could be used to compromise the security of systems using the software. Known Security vulnerabilities are gaps in security that have been identified either by the developers/vendor of the product, used by the user/developer or by intruder/hacker.
- Un-validated Redirects and Forwards: This occurs when an attacker is able to redirect or forward a user to an untrusted site when the user visits a link located on a trusted website. Without proper validation, attackers can redirect victims to phishing or malware sites. This vulnerability is also often called Open Redirect.