On the website
TestHow to perform security testing?
Software TestingEvery Monday: With the development of the network, the requirements for website security are getting higher and higher. Many websites have vulnerabilities attacked by hackers. Do you have security tests in website tests? You think
Security TestingWhat aspects should we check? Welcome to discuss and exchange!
Q:
Security testing is a process for verifying the security services of applications and identifying potential security defects.
Note: Security Testing does not ultimately prove that the application is secure, but is used to verify the effectiveness of the policies set up. These measures are selected based on the assumptions made during the threat analysis phase.
The following is the content of the Web Security Test Section in I read> and modifiedNotesI have read from many of my friends before, but it is not very comprehensive. I hope it will help you. I suggest you buy a book.> This book is definitely worth the money. ^_^
WEB Security Testing
A complete WEB security test can be performed from deployment and infrastructure, input authentication, identity authentication, authorization,Configuration Management, Sensitive data, session management, encryption. Parameter operations, exception management, review, andLogsRecord and other aspects.
1. Security System Testing
1) deployment and infrastructure
Whether the network provides Secure Communication
Whether the deployment topology includes an internal firewall
Whether Remote Application Servers are included in the deployment Topology
What are the limits of infrastructure security requirements?
What level of trust does the target environment support?
2) input verification
L how to verify Input
A. Do you know the entry point?
B. Whether the trust boundary is clear
C. Verify webpage Input
D. Whether to verify the parameters passed to the component or Web Service
E. Verify fromDatabaseData retrieved in
F. Set Methods
G. Whether it depends on the client for verification
H. Is the application vulnerable?SQLInjection attacks
I. Is the application vulnerable to XSS attacks?
L how to handle Input
3) Authentication
Distinguish between public access and restricted access
Specify service account requirements
How to verify caller identity
How to verify the database identity
Force trial account management measures?
4) Authorization
How to authorize end users
How to authorize an application in a database
How to restrict access to system-level resources
5) Configuration Management
Remote Management supported?
Whether to ensure the security of configuration and storage
Isolate administrator privileges?
6) Sensitive data
Whether to store confidential information
How to store sensitive data
Whether to transmit sensitive data in the Network
Whether to record sensitive data
7) session management
How to exchange session identifiers
Limit session lifetime?
How to ensure the security of session storage status
8) Encryption
Why use specific algorithms?
How to ensure the security of the encryption key
9) parameter operations
Verify all input parameters
Whether to transmit sensitive data during the parameter Process
Whether HTTP header data is used for security issues
10) exception management
Whether to use structured exception handling
Is too much information exposed to the client?
11) Review and logging
Whether the activity to be reviewed is specified
Whether to consider how to flow the original call to this identity
2. Application and Transmission Security
WEB application system security can be divided into application-level security and transmission-level security from the perspective of use. Security Testing can also begin with these two aspects.
The main purpose of application-level security testing is to find the security risks in the Web system program design. The main test areas are as follows.
Registration and login: The current Web application system basically uses the first registration, and then login method.
A. Valid and invalid usernames and passwords must be tested.
B. Check whether the case sensitivity exists,
C. How many times can I try?
D. Can I directly browse a page without logging on.
Online Timeout: whether the Web application system has a timeout limit. That is to say, if you log on to a Web application system for a certain period of time (for example, 15 minutes) and do not click any page, You need to log on again to use it normally.
Operation trace: log files are critical to ensure the security of Web application systems. You need to test whether the information is written into the log file and traceable.
Backup and recovery: to prevent data loss caused by unexpected system crashes, backup and recovery are essential functions of a Web system. Backup and recovery can be implemented by multiple means according to the security requirements of the Web system, such as incremental database backup, full database backup, and full system backup. For higher security requirements, some real-time systems often adopt dual-host hot standby or multi-level hot standby. In addition to verifying and testing the backup and recovery methods, we also need to assess whether the backup and recovery methods meet the security requirements of the Web system.
Transmission-level security testing is designed to take into account the transmission particularity of the Web system. It focuses on testing the possible security vulnerabilities that may exist when data is transmitted to the server through the client, as well as the server's ability to prevent unauthorized access. The general test items include the following aspects.
HTTPS and SSL tests: by default, secure HTTP (Soure HTTP) uses common HTTP on port 443 through secure Socket SSL (Source Socket Layer) protocol. The encryption length of the public key used by HTTPS determines the HTTPS security level, but in a sense, the security guarantee is at the cost of performance loss. In addition to testing whether the encryption is correct, checking the information integrity and verifying the HTTPS security level, pay attention to whether the performance meets the requirements under this security level.
Server-side script vulnerability check: scripts on the server often constitute security vulnerabilities, which are often exploited by hackers. Therefore, you must test whether the script cannot be placed or edited on the server without authorization.
Firewall testing: Firewall is a type of router mainly used to protect against illegal access. It is a common security system in Web systems. Firewall testing is a very professional topic. All involved here is to test the firewall functions and settings to determine the security requirements of the Web system.
Security is also recommendedTest Tool:
Watchfire AppScan: commercial Web vulnerability scanner (this tool seems to beIBMAcquired, so we recommend the first place)
AppScan performs security testing according to the application development lifecycle, as early as the development stage.Unit TestAnd security assurance. Appscan can scan multiple common vulnerabilities, such as cross-site scripting, HTTP Response cutting, parameter tampering, hidden value tampering, backdoor/debugging options, and buffer overflow.
Acunetix Web Vulnerability: A commercial Vulnerability Scanner (currently used mostly, but N occupies the memory)
Acunetix WVS automatically checks for web page program vulnerabilities, such as SQL injection, cross-site scripting, and weak password cracking for verification pages. Acunetix WVS has a friendly user interface and can also generate personalized website security evaluation reports.