3. Security testing concepts
Authentication
Determining the act of confirming the truth of an attribute of a datum or entity.
Authorization
Determining that a requester is allowed to receive a service or perform an operation.
Confidentiality
A security measure which protects the disclosure of data or information to parties other than
the intended.
Integrity
Whether the intended receiver receives the information or data which is not altered in
transmission.
Non-repudiation
(session time limitations) Interchange of authentication information with some form of provable
time stamp e.g. with session id .
4. Security Testing Types
Vulnerability Scanning
Method to assess computers, computer systems, networks or applications for weaknesses.
Security Scanning
Security Scanning is a Vulnerability Scan
Penetration Testing
Method of evaluating the security of a computer system or network by simulating an attack
Risk Assessment
Risk Assessment involves a security analysis of interviews compiled with research of
business, legal, and industry justifications.
Security Auditing
Security Auditing involves hands on internal inspection of Operating Systems and
Applications, often via line-by-line inspection of the code.
Ethical Hacking
This is basically a number of Penetration Tests on a number of
systems on a network segment.
5. Why Security testing is needed?
To secure financial data while
transferring between different system
To secure user data
To find security vulnerabilities in an
application
6. Main methods of manual security
testing
URL manipulation
SQL injection
XSS (Cross Site Scripting)
7. URL manipulation through HTTP GET
methods examples
Search for directories making it possible to administer the site:
http://target/admin/
http://target/admin.cgi
Search for a script to reveal information about the remote
system:
http://target/phpinfo.php3
Search for backup copies. The .bak extension is generally used
and is not interpreted by servers by default, which can cause a
script to be displayed:
http://target/.bak
8. SQL Injection examples
SELECT fieldlist
FROM table
WHERE field = ‘username@domain.com'';
SELECT fieldlist
FROM table
WHERE field = 'x' AND email IS NULL; --';
SELECT email, passwd, login_id, full_name FROM table
WHERE email = 'x' AND 1=(SELECT COUNT(*) FROM tabname); --';
16. Host Details
The “Host Details” tab breaks all the information about a single host into a
hierarchical display.
17. The goal of the Nmap
Nmap sends specially crafted packets to the
target host and then analyzes the responses.
Nmap can determine the operating system of
the target, names and versions of the listening
services, estimated uptime, type of device, and
presence of a firewall.