Personal Insights for Web site security testing

The so-called system security refers to the whole network operating system and network hardware platform is reliable and trustworthy. At present, I am afraid that there is no absolute security operating system to choose from, whether it is microsfot Windows NT or any other commercial UNIX operating system, its developers must have its back-door.

Therefore, we can draw the following conclusion: There is no fully secure operating system. Different users should analyze their network in detail and choose the operating system with the highest security. Therefore, not only to choose the most reliable operating system and hardware platform, and the operating system security configuration. Furthermore, the authentication of the login process must be enhanced (especially before reaching the server host) to ensure the legality of the user, followed by a strict restriction on the operator's ability to operate and limit its completion to the smallest possible extent.

I have been working on Web site testing for three years. I personally think a complete web security test can start with deployment and infrastructure, input validation, authentication, authorization, configuration management, sensitive data, session management, encryption, parameter manipulation, exception management, auditing, and logging.

Data encryption: Some data need to be encrypted and filtered to carry out data transmission, such as user credit card information, user login password information. Other actions need to be done, such as storing to the database, decrypting and sending the user's email or client's browser. The current encryption algorithm more and more complex, but the general data encryption process reversible, that is, can be encrypted, and need to be able to decrypt!

Logon: A typical application site uses the login or registration method, so the user name and matching password must be validated to prevent illegal users from logging in. In the landing test, you need to consider whether the password entered is sensitive to case sensitivity, length and condition, maximum number of attempts to log in, which pages or files need to log in to access/download and so on.

Timeout limit: Web application system needs to have a timeout limit, when users do not do anything for a long time, need to log in to use their functions.

SSL: More and more sites are being routed using SSL security protocols. SSL is the acronym for the Security Socket Lauer (Secure Sockets Layer), the Network data Secure transport protocol that Netscape first publishes. SSL is the encryption technology that utilizes public key/private key. (RSA), located between the HTTP layer and the TCP layer, establishes encrypted communication between the user and the server to ensure the security of the information passed. SSL is based on public and private keys, and any user can obtain a public key to encrypt the data, but the decryption data must pass the corresponding private key. After entering an SSL site, you can see a warning message from the browser, and then HTTP in the address bar becomes HTTPS, and when you do SSL testing, you need to confirm these features, as well as a series of related security protections such as time link restrictions.

Server scripting language: scripting language is a common security risk. The details of each language are different. Some scripts allow access to the root directory. Others only allow access to mail servers, but experienced hackers can send their server username and password to themselves. Find out which scripting language the site is using and study the language's flaws. You also need to test the problem of not having the authorization to place and edit the script on the server side. The best way to do this is to subscribe to a newsgroup that discusses the scripting language security used by the site.

Note: Hackers use scripts to allow access to the root directory of this security vulnerability feature attack sites. This site contains scripting code (features that allow access to the root directory) that can potentially be a security risk.