Security Testing of Software Testing Technology

Security Testing is an urgent test. Testers need to attack the software system like hackers and find the security vulnerabilities contained in the software system.
1. Web Security Vulnerability Detection
Some poorly designed website systems may contain many security vulnerabilities that can be exploited. These vulnerabilities are like opening a backdoor for remote attackers, allowing them to easily launch some malicious attacks. For example, CVE (Common Vulnerabilities and Exposures) published a vulnerability item of add_2_basket.asp on the Web page of Element InstantShop, remote attackers can modify the price information by hiding the form variable "price. The form is as follows:
[Table = 95%] [tr] [td] <input type = hidden name = "id" VALUE = "AUTO0034">
<Input type = hidden name = "product" VALUE = "BMW545">
<Input type = hidden name = "name" VALUE = "Expensive Car">
<Input type = HIDDEN [url = URL] NAME [/url] = "price" VALUE = "100"> [/td] [/tr] [/table]
By exploiting this vulnerability, malicious users can set the value of the price field at will and submit it to the backend server of the InstantShop website to obtain a BMW545 at $100.
Tip: the best way to discover similar security vulnerabilities is to review the code. In addition to code review, testers can also use some testing tools, such as Paessler Site Inspector and Web Developer.
2. SQL Injection
SQL injection is another security vulnerability that is often ignored. However, SQL injection is also a very common code vulnerability, which may cause leakage of sensitive data on the database or control the server by hackers. For example, the following code contains the SQL statement injection vulnerability.
SqlConnection sqlcon = sqlconnA;
// Open the connection
Sqlcon. Open ();
// Combine a query statement
SqlCommand cmd = "select count (*) from User where LogonName = '" + this. textBox1.Text + "' and Password = '" + this. textBox2.Text;
SqlDataAdapter adpt = new SqlDataAdapter (cmd, sqlcon );
DataSet ds = new DataSet ();
Adpt. Fill (ds );
// Close the connection
Sqlcon. Close ();
// If the returned data is not empty, the verification passes
If (ds. Tables [0]. Rows. Count> 0)
{
Retuen true;
}
Else
{
Return false;
}

This code obtains the username entered by the user from textBox1, obtains the password entered by the user from textBox2, and then queries the database. If you enter a known user name in the textBox1 input box, and then do some operations, you can log on to the system without entering the password. This string uses SQL Server to process single quotes, as long as it is simply combined into a string similar to the following and entered into the textBox1 input box.
Admin or 1 = 1
In this way, you can use a known Admin account to log on to the system without entering the password. Because the expected SQL statements are injected with additional statements, the statements actually submitted to the SQL Server database are changed to the following statements:
Select count (*) from user where LogonName = Admin or 1 = 1 and Password =

Because 1 = 1 is constant, the returned results must be true, which interferes with the normal verification of user information. As a result, the system can bypass password verification and log on to the system.
Tip: the best way to check whether the SQL statement injection vulnerability exists is code review to check whether the user entered strings are correctly processed in all the places that involve SQL statement submission.
3. Buffer Overflow
Security issues not only occur for software systems connected to the Internet, but also for personal software systems or internal software systems of the company. These security problems will not cause the leakage of credit card passwords, however, it may lead to loss of work results. If the software system is developed in a language that is prone to buffer overflow such as the C language, the tester should pay attention to the security issues that may cause system crashes.
For example, the following two lines of C code may cause buffer overflow:
Char buf [20];
Gets (buf );
If you use the gets function to read data from stdin, the buffer overflow may occur. Another example is as follows:
Char buf [20];
Char prefix [] = "http ://";
Strcpy (buf, prefix );
Strncat (buf, path, sizeof (buf ));

The sizeof parameter should not be the size of the entire buf, but the remaining space of the buf.
TIPS:
The tester needs to try data input of different lengths for the places that each user may enter to verify that the program processes the user input data correctly in various circumstances, without exception or overflow. You can also find these problems through code review. Some tools can also be used to check such problems, such as AppVerifier.