SlideShare ist ein Scribd-Unternehmen logo

Security testing presentation

Confiz
Confiz
1 von 27
Downloaden Sie, um offline zu lesen
Boutique product development company It is amazing what you can accomplish when you have a client-centric team to deliver outstanding products.
Workshop Boutique product development company Sikandar Ahmed | Presenter Arooj Un Nisaamazing what you can accomplish when you have a client-centric team to deliver outstanding products. It is | Co-presenter
If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. — Bruce Schneier Security Testing • What is Security Testing? • Top 10 Security Risks • Security Testing Types • Security Exposures Revealing —Practice • Security Tools Arooj | QA Mentor
Security Testing What is Security Testing? ―Security Testing‖ Tests the ability of the system/software to prevent unauthorized access to the resources and data Arooj | QA Mentor
Security Testing What it Covers? Security Testing needs to cover the six basic security concepts: • Confidentiality • Integrity • Authentication • Authorization • Availability • Non-repudiation Arooj | QA Mentor
Security Testing Top Ten Security Risks • SQL Injections • Cross Site Scripting (XSS) • Broken Authentication and Session Management • Insecure Direct Object References • Security Misconfiguration • Insecure Cryptographic Storage • Failure to Restrict URL Access • Insufficient Transport Layer Protection • Invalidated Redirects and Forwards Arooj | QA Mentor
Security Testing Types: Black Box and White Box Hacking In Black Box Hacking, you try to find security bugs by experimenting with the application and manipulating input fields and URL parameters, trying to cause application errors, and looking at the HTTP requests and While in White-Box Hacking, responses to guess server you have access to the source behavior. code and can use automated or Watcher can be used for the manual analysis to identify bugs. black box hacking. Gruyere in which through the source code you can find the bugs. Arooj | QA Mentor
Security Testing Security Exposure Revealing-Practice Want to beat the hackers at their own game ?? Meet Me: I am Gruyere Reach me: Am here at Google Code Labs Arooj | QA Mentor
Security Testing Gruyere: Practice Learn • How hackers find security vulnerabilities! • How hackers exploit web applications! • How to stop them! How web application vulnerabilities can be exploited and how to defend against these attacks? • How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF)? • How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution? Arooj | QA Mentor
Security Testing Cross Site Scripting XSS • Cross-site scripting (XSS) is a vulnerability that permits an attacker to inject code (typically HTML or JavaScript) into contents of a website not under the attacker's control • When a victim views such a page, the injected code executes in the victim's browser. • Types of XSS: • Reflected • Stored Sikandar Ahmed| QA Mentor
Security Testing XSS Types • In a reflected XSS attack, the attack is in the request itself (frequently the URL) and the vulnerability occurs when the server inserts the attack in the response verbatim or incorrectly escaped or sanitized • The victim triggers the attack by browsing to a malicious URL created by the attacker • In a stored XSS attack, the attacker stores the attack in the application (e.g., in a snippet) and the victim triggers the attack by browsing to a page on the server that renders the attack, by not properly escaping or sanitizing the stored data Sikandar Ahmed| QA Mentor
Security Testing XSS Attack Sikandar Ahmed| QA Mentor
Security Testing SQL Injection • SQL injection vulnerabilities allow attackers to inject arbitrary scripts into SQL queries • When a SQL query is executed it can either read or write data, so it can be used to read your entire database as well as overwrite it, as described in the classic Bobby Tables XKCD comic • If you use SQL, the most important advice is to avoid building queries by string concatenation, use API calls instead Sikandar Ahmed| QA Mentor
Security Testing How To Exploit SQL Injection Attack? The SQL Injection attack allows external users to read details from the database • In a well designed system this will only include data that is available to the public anyway • In a poorly designed system this may allow external users to discover other users' passwords Sikandar Ahmed| QA Mentor
Security Testing Client State Manipulation • When a user interacts with a web application, they do it indirectly through a browser • When the user clicks a button or submits a form, the browser sends a request back to the web server. Because the browser runs on a machine that can be controlled by an attacker, the application must not trust any data sent by the browser • It might seem that not trusting any user data would make it impossible to write a web application but that's not the case • If the user submits a form that says they wish to purchase an item, it's OK to trust that data • But if the submitted form also includes the price of the item, that's something that cannot be trusted Sikandar Ahmed| QA Mentor
Security Testing Cross Site Request Forgery XSRF • Also known as a One-Click Attack or Session Riding or CSRF (Sea-Surf ) • XSRF is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. • Unlike XSS, which exploits the trust a user has fro a particular site, XSRF exploits the trust a site has in a user‘s browser Sikandar Ahmed| QA Mentor
Security Testing Cross Site Script Inclusion (XSSI) • When a browser makes requests to a site, it always sends along any cookies it has for that site, regardless of where the request comes from • Additionally, web servers generally cannot distinguish between a request initiated by a deliberate user action (e.g., user clicking on "Submit" button) versus a request made by the browser without user action (e.g., request for an embedded image in a page) • Therefore, if a site receives a request to perform some action (like deleting a mail, changing contact address), it cannot know whether this action was knowingly initiated by the user — even if the request contains authentication cookies. An attacker can use this fact to fool the server into performing actions the user did not intend to perform Sikandar Ahmed| QA Mentor
Security Testing Path Traversal • Most web applications serve static resources like images and CSS files. Frequently, applications simply serve all the files in a folder • If the application isn't careful, the user can use a path traversal attack to read files from other folders that they shouldn't have access to For example, in both Windows and Linux, .. represents the parent directory, so if you can inject ../ in a path you can "escape" to the parent directory • If an attacker knows the structure of your file system, then they can craft a URL that will traverse out of the installation directory to /etc Sikandar Ahmed| QA Mentor
Security Testing Denial of Service • A denial of service (DoS) attack is an attempt to make a server unable to service ordinary requests • A common form of DoS attack is sending more requests to a server than it can handle. The server spends all its time servicing the attacker's requests that it has very little time to service legitimate requests • Hackers can also prevent a server from servicing requests by taking advantage of server bugs, such as sending requests that crash a server, make it run out of memory, or otherwise cause it fail serving legitimate requests in some way Sikandar Ahmed| QA Mentor
Security Testing DoS Attack Sikandar Ahmed| QA Mentor
Security Testing Configuration Vulnerabilities • Applications are often installed with default settings • A particularly issue with third party software where an attacker has easy access to a copy of the same application or framework you are running • Hackers know the default account names and passwords. Configuration vulnerabilities also include features that increase attack surface • A common example is a feature that is on by default but you are not using, so you didn't configure it and the default configuration is vulnerable • It also includes debug features like status pages or dumping stack traces on failures Sikandar Ahmed| QA Mentor
Security Testing AJAX vulnerabilities • Bad AJAX code allows attackers to modify parts of your application in ways that you might not expect • In traditional client development, there is a clear separation between the application and the data it displays. That's not true in web applications as the next two attacks will make clear Sikandar Ahmed| QA Mentor
Security Testing Security Testing Tools • Havij– http://itsecteam.com/products/havij-advanced-sql-injection Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page • WebSecurify (www.websecurify.com), Websecurify is an integrated web security testing environment, which can be used to identify web vulnerabilities by using advanced browser automation, discovery and fuzzing technologies • Watcher(http://websecuritytool.codeplex.com/), Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments Watcher detects Web-application security issues as well as operational configuration issues Sikandar Ahmed| QA Mentor
Security Testing Security Testing Tools • Wapiti(http://wapiti.sourceforge.net/), File Handling Errors (Local and remote include/require, fopen, readfile...)Wapiti allows you to audit the security of your web applications It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data • FlawFinder (http://www.dwheeler.com/flawfinder/), searches through C/C++ source code looking for potential security flaws. It is designed in Python and produces a list of ‗‗hits‘‘ (potential security flaws), sorted by risk; the riskiest hits are shown first • Honeyd (http://www.honeyd.org/), Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses Sikandar Ahmed| QA Mentor
Security Testing Security Testing Tools • Brakeman(http://brakemanscanner.org/), Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications • It statically analyzes Rails application code to find security issues at any stage of development • If you happen to use the Hudson/Jenkins continuous integration tool, there is a Brakeman plugin for it • Its requirement is Rails 3 Sikandar Ahmed| QA Mentor
Security Testing Server Security--Linux • Set the complex root password • Install Fail2ban • Require public key authentication • Lock Down SSH • Set Up a Firewall • Enable Automatic Security Updates • Install Logwatch To Keep An Eye On Things Sikandar Ahmed| QA Mentor
Security Testing References • http://google-gruyere.appspot.com • https://www.owasp.org/index.php/Top_10_2010-Main • http://www.softwaretestingmentor.com/types-of-testing/security-testing/ • http://vishnuvalentino.com/tips-and-trick/penetration-testing-pros-and-cons/ • http://www.toolsjournal.com/testing-lists/item/217-10-free-and-opensource-tools- for-security-testing • http://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for- linux-servers Sikandar Ahmed| QA Mentor

Empfohlen

Security testing
Security testingSecurity testing
Security testingbaskar p
 
Security testing
Security testingSecurity testing
Security testingKhizra Sammad
 
Security testing fundamentals
Security testing fundamentalsSecurity testing fundamentals
Security testing fundamentalsCygnet Infotech
 
Security Testing
Security TestingSecurity Testing
Security TestingKiran Kumar
 
Security testing
Security testingSecurity testing
Security testingTabăra de Testare
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Security Testing
Security TestingSecurity Testing
Security TestingQualitest
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 

Empfohlen

Security testing
Security testingSecurity testing
Security testingbaskar p
 
Security testing
Security testingSecurity testing
Security testingKhizra Sammad
 
Security testing fundamentals
Security testing fundamentalsSecurity testing fundamentals
Security testing fundamentalsCygnet Infotech
 
Security Testing
Security TestingSecurity Testing
Security TestingKiran Kumar
 
Security testing
Security testingSecurity testing
Security testingTabăra de Testare
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Security Testing
Security TestingSecurity Testing
Security TestingQualitest
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security TestingvodQA
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introductiongbud7
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Security testing
Security testingSecurity testing
Security testingRihab Chebbah
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Continuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityContinuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityStephen de Vries
 
Security testing ?
Security testing ?Security testing ?
Security testing ?Maikel Ninaber
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security TestingvodQA
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introductiongbud7
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 

Was ist angesagt? (20)

Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security Testing
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introduction
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Security testing
Security testingSecurity testing
Security testing
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & Testing
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 

Andere mochten auch

Continuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityContinuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityStephen de Vries
 
Software Project Management: Testing Document
Software Project Management: Testing DocumentSoftware Project Management: Testing Document
Software Project Management: Testing DocumentMinhas Kamal
 
DevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
DevOpsCon 2016 - Continuous Security Testing - Stephan KapsDevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
DevOpsCon 2016 - Continuous Security Testing - Stephan KapsStephan Kaps
 
we45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45
 
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Kyle Lai
 
Audit Checklist for Information Systems
Audit Checklist for Information SystemsAudit Checklist for Information Systems
Audit Checklist for Information SystemsAhmad Tariq Bhatti
 

Andere mochten auch (8)

Continuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityContinuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-Security
 
Security testing ?
Security testing ?Security testing ?
Security testing ?
 
Software Project Management: Testing Document
Software Project Management: Testing DocumentSoftware Project Management: Testing Document
Software Project Management: Testing Document
 
DevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
DevOpsCon 2016 - Continuous Security Testing - Stephan KapsDevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
DevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
 
we45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Study
 
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
 
8 Access Control
8 Access Control8 Access Control
8 Access Control
 
Audit Checklist for Information Systems
Audit Checklist for Information SystemsAudit Checklist for Information Systems
Audit Checklist for Information Systems
 

Ähnlich wie Security testing presentation

Secure Coding BSSN Semarang Material.pdf
Secure Coding BSSN Semarang Material.pdfSecure Coding BSSN Semarang Material.pdf
Secure Coding BSSN Semarang Material.pdfnanangAris1
 
Django (Web Applications that are Secure by Default)
Django �(Web Applications that are Secure by Default�)Django �(Web Applications that are Secure by Default�)
Django (Web Applications that are Secure by Default)Kishor Kumar
 
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultCase Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultMohammed ALDOUB
 
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...nooralmousa
 
Uniface Web Application Security
Uniface Web Application SecurityUniface Web Application Security
Uniface Web Application SecurityUniface
 
Security Testing
Security TestingSecurity Testing
Security TestingISsoft
 
Become a Security Ninja
Become a Security NinjaBecome a Security Ninja
Become a Security NinjaPaul Gilzow
 
Do You Write Secure Code? by Erez Metula
Do You Write Secure Code? by Erez MetulaDo You Write Secure Code? by Erez Metula
Do You Write Secure Code? by Erez MetulaAlphageeks
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityImperva Incapsula
 
Octogence Profile
Octogence ProfileOctogence Profile
Octogence ProfileOctogence
 
Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Shrutirupa Banerjiee
 
How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a DatabaseJohn Ashmead
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 
Top 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajanTop 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajanAkash Mahajan
 
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter Nilesh Sapariya
 
Jonathan Singer - Wheezing The Juice.pdf
Jonathan Singer - Wheezing The Juice.pdfJonathan Singer - Wheezing The Juice.pdf
Jonathan Singer - Wheezing The Juice.pdfJonathan Singer
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityAnne Oikarinen
 
Web Application Security Session for Web Developers
Web Application Security Session for Web DevelopersWeb Application Security Session for Web Developers
Web Application Security Session for Web DevelopersKrishna Srikanth Manda
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITYyashwanthlavu
 

Ähnlich wie Security testing presentation (20)

Secure Coding BSSN Semarang Material.pdf
Secure Coding BSSN Semarang Material.pdfSecure Coding BSSN Semarang Material.pdf
Secure Coding BSSN Semarang Material.pdf
 
Django (Web Applications that are Secure by Default)
Django �(Web Applications that are Secure by Default�)Django �(Web Applications that are Secure by Default�)
Django (Web Applications that are Secure by Default)
 
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultCase Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by Default
 
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
 
Uniface Web Application Security
Uniface Web Application SecurityUniface Web Application Security
Uniface Web Application Security
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Become a Security Ninja
Become a Security NinjaBecome a Security Ninja
Become a Security Ninja
 
Do You Write Secure Code? by Erez Metula
Do You Write Secure Code? by Erez MetulaDo You Write Secure Code? by Erez Metula
Do You Write Secure Code? by Erez Metula
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
 
Octogence Profile
Octogence ProfileOctogence Profile
Octogence Profile
 
Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)
 
How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a Database
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 
Top 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajanTop 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajan
 
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
 
Jonathan Singer - Wheezing The Juice.pdf
Jonathan Singer - Wheezing The Juice.pdfJonathan Singer - Wheezing The Juice.pdf
Jonathan Singer - Wheezing The Juice.pdf
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software Security
 
Web Application Security Session for Web Developers
Web Application Security Session for Web DevelopersWeb Application Security Session for Web Developers
Web Application Security Session for Web Developers
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITY
 

Mehr von Confiz

Agile training workshop
Agile training workshopAgile training workshop
Agile training workshopConfiz
 
Web services with laravel
Web services with laravelWeb services with laravel
Web services with laravelConfiz
 
DMAIC-Six sigma process Improvement Approach
DMAIC-Six sigma process Improvement ApproachDMAIC-Six sigma process Improvement Approach
DMAIC-Six sigma process Improvement ApproachConfiz
 
What is UFT? HP's unified functional testing.
What is UFT? HP's unified functional testing.What is UFT? HP's unified functional testing.
What is UFT? HP's unified functional testing.Confiz
 
Software testing methods, levels and types
Software testing methods, levels and typesSoftware testing methods, levels and types
Software testing methods, levels and typesConfiz
 
Sqa, test scenarios and test cases
Sqa, test scenarios and test casesSqa, test scenarios and test cases
Sqa, test scenarios and test casesConfiz
 
Solid principles of oo design
Solid principles of oo designSolid principles of oo design
Solid principles of oo designConfiz
 
Entity framework code first
Entity framework code firstEntity framework code first
Entity framework code firstConfiz
 
Ts seo t ech session
Ts seo t ech sessionTs seo t ech session
Ts seo t ech sessionConfiz
 
Learning as a creative professional
Learning as a creative professionalLearning as a creative professional
Learning as a creative professionalConfiz
 
Learning as a creative professional
Learning as a creative professionalLearning as a creative professional
Learning as a creative professionalConfiz
 
Ts archiving
Ts archivingTs archiving
Ts archivingConfiz
 
Advance text rendering in i os
Advance text rendering in i osAdvance text rendering in i os
Advance text rendering in i osConfiz
 
Ts threading
Ts threadingTs threading
Ts threadingConfiz
 
Ts android supporting multiple screen
Ts android supporting multiple screenTs android supporting multiple screen
Ts android supporting multiple screenConfiz
 
Ts drupal6 module development v0.2
Ts drupal6 module development v0.2Ts drupal6 module development v0.2
Ts drupal6 module development v0.2Confiz
 
Photoshop manners
Photoshop mannersPhotoshop manners
Photoshop mannersConfiz
 
Monkey talk
Monkey talkMonkey talk
Monkey talkConfiz
 
An insight to microsoft platform
An insight to microsoft platformAn insight to microsoft platform
An insight to microsoft platformConfiz
 
Ts branching over the top
Ts branching over the topTs branching over the top
Ts branching over the topConfiz
 

Mehr von Confiz (20)

Agile training workshop
Agile training workshopAgile training workshop
Agile training workshop
 
Web services with laravel
Web services with laravelWeb services with laravel
Web services with laravel
 
DMAIC-Six sigma process Improvement Approach
DMAIC-Six sigma process Improvement ApproachDMAIC-Six sigma process Improvement Approach
DMAIC-Six sigma process Improvement Approach
 
What is UFT? HP's unified functional testing.
What is UFT? HP's unified functional testing.What is UFT? HP's unified functional testing.
What is UFT? HP's unified functional testing.
 
Software testing methods, levels and types
Software testing methods, levels and typesSoftware testing methods, levels and types
Software testing methods, levels and types
 
Sqa, test scenarios and test cases
Sqa, test scenarios and test casesSqa, test scenarios and test cases
Sqa, test scenarios and test cases
 
Solid principles of oo design
Solid principles of oo designSolid principles of oo design
Solid principles of oo design
 
Entity framework code first
Entity framework code firstEntity framework code first
Entity framework code first
 
Ts seo t ech session
Ts seo t ech sessionTs seo t ech session
Ts seo t ech session
 
Learning as a creative professional
Learning as a creative professionalLearning as a creative professional
Learning as a creative professional
 
Learning as a creative professional
Learning as a creative professionalLearning as a creative professional
Learning as a creative professional
 
Ts archiving
Ts archivingTs archiving
Ts archiving
 
Advance text rendering in i os
Advance text rendering in i osAdvance text rendering in i os
Advance text rendering in i os
 
Ts threading
Ts threadingTs threading
Ts threading
 
Ts android supporting multiple screen
Ts android supporting multiple screenTs android supporting multiple screen
Ts android supporting multiple screen
 
Ts drupal6 module development v0.2
Ts drupal6 module development v0.2Ts drupal6 module development v0.2
Ts drupal6 module development v0.2
 
Photoshop manners
Photoshop mannersPhotoshop manners
Photoshop manners
 
Monkey talk
Monkey talkMonkey talk
Monkey talk
 
An insight to microsoft platform
An insight to microsoft platformAn insight to microsoft platform
An insight to microsoft platform
 
Ts branching over the top
Ts branching over the topTs branching over the top
Ts branching over the top
 

Security testing presentation

  • 1. Boutique product development company It is amazing what you can accomplish when you have a client-centric team to deliver outstanding products.
  • 2. Workshop Boutique product development company Sikandar Ahmed | Presenter Arooj Un Nisaamazing what you can accomplish when you have a client-centric team to deliver outstanding products. It is | Co-presenter
  • 3. If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. — Bruce Schneier Security Testing • What is Security Testing? • Top 10 Security Risks • Security Testing Types • Security Exposures Revealing —Practice • Security Tools Arooj | QA Mentor
  • 4. Security Testing What is Security Testing? ―Security Testing‖ Tests the ability of the system/software to prevent unauthorized access to the resources and data Arooj | QA Mentor
  • 5. Security Testing What it Covers? Security Testing needs to cover the six basic security concepts: • Confidentiality • Integrity • Authentication • Authorization • Availability • Non-repudiation Arooj | QA Mentor
  • 6. Security Testing Top Ten Security Risks • SQL Injections • Cross Site Scripting (XSS) • Broken Authentication and Session Management • Insecure Direct Object References • Security Misconfiguration • Insecure Cryptographic Storage • Failure to Restrict URL Access • Insufficient Transport Layer Protection • Invalidated Redirects and Forwards Arooj | QA Mentor
  • 7. Security Testing Types: Black Box and White Box Hacking In Black Box Hacking, you try to find security bugs by experimenting with the application and manipulating input fields and URL parameters, trying to cause application errors, and looking at the HTTP requests and While in White-Box Hacking, responses to guess server you have access to the source behavior. code and can use automated or Watcher can be used for the manual analysis to identify bugs. black box hacking. Gruyere in which through the source code you can find the bugs. Arooj | QA Mentor
  • 8. Security Testing Security Exposure Revealing-Practice Want to beat the hackers at their own game ?? Meet Me: I am Gruyere Reach me: Am here at Google Code Labs Arooj | QA Mentor
  • 9. Security Testing Gruyere: Practice Learn • How hackers find security vulnerabilities! • How hackers exploit web applications! • How to stop them! How web application vulnerabilities can be exploited and how to defend against these attacks? • How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF)? • How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution? Arooj | QA Mentor
  • 10. Security Testing Cross Site Scripting XSS • Cross-site scripting (XSS) is a vulnerability that permits an attacker to inject code (typically HTML or JavaScript) into contents of a website not under the attacker's control • When a victim views such a page, the injected code executes in the victim's browser. • Types of XSS: • Reflected • Stored Sikandar Ahmed| QA Mentor
  • 11. Security Testing XSS Types • In a reflected XSS attack, the attack is in the request itself (frequently the URL) and the vulnerability occurs when the server inserts the attack in the response verbatim or incorrectly escaped or sanitized • The victim triggers the attack by browsing to a malicious URL created by the attacker • In a stored XSS attack, the attacker stores the attack in the application (e.g., in a snippet) and the victim triggers the attack by browsing to a page on the server that renders the attack, by not properly escaping or sanitizing the stored data Sikandar Ahmed| QA Mentor
  • 12. Security Testing XSS Attack Sikandar Ahmed| QA Mentor
  • 13. Security Testing SQL Injection • SQL injection vulnerabilities allow attackers to inject arbitrary scripts into SQL queries • When a SQL query is executed it can either read or write data, so it can be used to read your entire database as well as overwrite it, as described in the classic Bobby Tables XKCD comic • If you use SQL, the most important advice is to avoid building queries by string concatenation, use API calls instead Sikandar Ahmed| QA Mentor
  • 14. Security Testing How To Exploit SQL Injection Attack? The SQL Injection attack allows external users to read details from the database • In a well designed system this will only include data that is available to the public anyway • In a poorly designed system this may allow external users to discover other users' passwords Sikandar Ahmed| QA Mentor
  • 15. Security Testing Client State Manipulation • When a user interacts with a web application, they do it indirectly through a browser • When the user clicks a button or submits a form, the browser sends a request back to the web server. Because the browser runs on a machine that can be controlled by an attacker, the application must not trust any data sent by the browser • It might seem that not trusting any user data would make it impossible to write a web application but that's not the case • If the user submits a form that says they wish to purchase an item, it's OK to trust that data • But if the submitted form also includes the price of the item, that's something that cannot be trusted Sikandar Ahmed| QA Mentor
  • 16. Security Testing Cross Site Request Forgery XSRF • Also known as a One-Click Attack or Session Riding or CSRF (Sea-Surf ) • XSRF is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. • Unlike XSS, which exploits the trust a user has fro a particular site, XSRF exploits the trust a site has in a user‘s browser Sikandar Ahmed| QA Mentor
  • 17. Security Testing Cross Site Script Inclusion (XSSI) • When a browser makes requests to a site, it always sends along any cookies it has for that site, regardless of where the request comes from • Additionally, web servers generally cannot distinguish between a request initiated by a deliberate user action (e.g., user clicking on "Submit" button) versus a request made by the browser without user action (e.g., request for an embedded image in a page) • Therefore, if a site receives a request to perform some action (like deleting a mail, changing contact address), it cannot know whether this action was knowingly initiated by the user — even if the request contains authentication cookies. An attacker can use this fact to fool the server into performing actions the user did not intend to perform Sikandar Ahmed| QA Mentor
  • 18. Security Testing Path Traversal • Most web applications serve static resources like images and CSS files. Frequently, applications simply serve all the files in a folder • If the application isn't careful, the user can use a path traversal attack to read files from other folders that they shouldn't have access to For example, in both Windows and Linux, .. represents the parent directory, so if you can inject ../ in a path you can "escape" to the parent directory • If an attacker knows the structure of your file system, then they can craft a URL that will traverse out of the installation directory to /etc Sikandar Ahmed| QA Mentor
  • 19. Security Testing Denial of Service • A denial of service (DoS) attack is an attempt to make a server unable to service ordinary requests • A common form of DoS attack is sending more requests to a server than it can handle. The server spends all its time servicing the attacker's requests that it has very little time to service legitimate requests • Hackers can also prevent a server from servicing requests by taking advantage of server bugs, such as sending requests that crash a server, make it run out of memory, or otherwise cause it fail serving legitimate requests in some way Sikandar Ahmed| QA Mentor
  • 20. Security Testing DoS Attack Sikandar Ahmed| QA Mentor
  • 21. Security Testing Configuration Vulnerabilities • Applications are often installed with default settings • A particularly issue with third party software where an attacker has easy access to a copy of the same application or framework you are running • Hackers know the default account names and passwords. Configuration vulnerabilities also include features that increase attack surface • A common example is a feature that is on by default but you are not using, so you didn't configure it and the default configuration is vulnerable • It also includes debug features like status pages or dumping stack traces on failures Sikandar Ahmed| QA Mentor
  • 22. Security Testing AJAX vulnerabilities • Bad AJAX code allows attackers to modify parts of your application in ways that you might not expect • In traditional client development, there is a clear separation between the application and the data it displays. That's not true in web applications as the next two attacks will make clear Sikandar Ahmed| QA Mentor
  • 23. Security Testing Security Testing Tools • Havij– http://itsecteam.com/products/havij-advanced-sql-injection Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page • WebSecurify (www.websecurify.com), Websecurify is an integrated web security testing environment, which can be used to identify web vulnerabilities by using advanced browser automation, discovery and fuzzing technologies • Watcher(http://websecuritytool.codeplex.com/), Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments Watcher detects Web-application security issues as well as operational configuration issues Sikandar Ahmed| QA Mentor
  • 24. Security Testing Security Testing Tools • Wapiti(http://wapiti.sourceforge.net/), File Handling Errors (Local and remote include/require, fopen, readfile...)Wapiti allows you to audit the security of your web applications It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data • FlawFinder (http://www.dwheeler.com/flawfinder/), searches through C/C++ source code looking for potential security flaws. It is designed in Python and produces a list of ‗‗hits‘‘ (potential security flaws), sorted by risk; the riskiest hits are shown first • Honeyd (http://www.honeyd.org/), Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses Sikandar Ahmed| QA Mentor
  • 25. Security Testing Security Testing Tools • Brakeman(http://brakemanscanner.org/), Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications • It statically analyzes Rails application code to find security issues at any stage of development • If you happen to use the Hudson/Jenkins continuous integration tool, there is a Brakeman plugin for it • Its requirement is Rails 3 Sikandar Ahmed| QA Mentor
  • 26. Security Testing Server Security--Linux • Set the complex root password • Install Fail2ban • Require public key authentication • Lock Down SSH • Set Up a Firewall • Enable Automatic Security Updates • Install Logwatch To Keep An Eye On Things Sikandar Ahmed| QA Mentor
  • 27. Security Testing References • http://google-gruyere.appspot.com • https://www.owasp.org/index.php/Top_10_2010-Main • http://www.softwaretestingmentor.com/types-of-testing/security-testing/ • http://vishnuvalentino.com/tips-and-trick/penetration-testing-pros-and-cons/ • http://www.toolsjournal.com/testing-lists/item/217-10-free-and-opensource-tools- for-security-testing • http://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for- linux-servers Sikandar Ahmed| QA Mentor