In broad perspective, security testing can be divided into six basic concepts: Here is a brief introduction of them but I would suggest exploring more onto each of them individually.

• Availability: Assuring that for any information system which is there to serve its purpose, should be available when needed and these information & communications services are available and maintained for authorized persons when needed.
• Authentication: Assuring the transaction or communication is happening between two or more authentic parties. Assuring the validity of any type of originator, transmission or message.  This also gives confidence that information is received by a known and validated source.
• Authorization: Assuring that an intended individual can allow/deny access to a system/service/operation (e.g. Access control).
• Confidentiality: Ensuring authorized person or parties only have access to the information and prevent information disclosure to any party other than the intended recipients. Often ensured by encoding information using algorithms (cryptography is one of the common example of that).
• Integrity: Ensuring received information is preserved successfully with no alteration.
• Non-repudiation: Ensuring communication or action cannot later be denied

Security Testing Methods:

Basically there are three types of testing methods which involve various sets of attacks:

1) Information/system gathering,

2) Logical attack

3) Injection attacks.

Each are used for specific testing results, however various attacks share the same security concepts, and are therefore quite similar to one another.

Information gathering (i.e. system-related) attacks

• Client-side source code analysis
• Application reconnaissance
• Error messages analysis
• Directory traversal

These methods include various types of information gathering from a web application/server by means of source code and error message analysis, exposure of directory structure or other attacks which results in information exposure. Here they are in no particular order:

Logical Attacks

• Cookie poisoning
• Parameter tampering
• Flow bypassing
• Direct access of components files
• Session hijacking
• Penetration testing
• Buffer overflow

These methods may be executed both manually and via specific tools/scripts and are mainly related to various logical attacks. Logical attacks are more sophisticated, and thus, more interesting & challenging to the tester, who needs to have a good understanding of information technology and specific knowledge of cookies, POST/GET requests & parameters like that, etc.

Injection Attacks

• SQL injection
• Cross Site Scripting (XSS)
• Scripts injection

These methods relate to various scripts & SQL commands injections into web application forms. These are the most common attacks, yet they are both serious and dangerous. Detecting such vulnerabilities in the early stages of development can prevent unnecessary flaws.

More on this will come in my next post.

Thanks,

Sachin Srivastava.

Quality Analyst

Dec 17, 2009 Copyright Notice

This document may be copied in it entirety, or extracts made, if the source is acknowledged.To download a copy of this document, please click here