Software Testing Learning Hub

6 basics terms in Security Testing

security testingWhen we talk about software testing of any web application, we can not forgot about security testing. in the cyber world every website or web application has to robust so that no one can hack it. Security testing ensure that website or web application is tested for attacks.

6 basics terms in Security Testing

Penetration Testing:

Penetration testing is a process to establishing weakness in a computer infrastructure or network. in penetration testing, hackers takes control on client computer or network.The purpose of the test is to identify security vulnerabilities and then attempt to successfully exploit them in order to gain some form of access to the network or computer system.

There are two types of Penetration testing, Black box testing and white box testing.  In Black box testing, no prior knowledge of the system is given to the tester. This is often the most preferred test as it is an accurate simulation of how an outsider/hacker would see the network and attempt to break into it.  In white box testing, Tester has given all required information , like IP address, Infrastructure diagram and code and here tester has to find  weaknesses from any of the available information.

Vulnerability

vulnerability is a weakness in a software or system under test due to which it can be easily attacked by the malicious user. Insufficient Security issues, Defects in the software or system, viruses can lead of increased vulnerability.

URL Manipulation

It is one of most common attach on the website where hackers manipulate the website url and take out valuable information. in most of the cases hackers passes different query strings by which he/she gets access of the system. when developed website is based on common system like WordPress, Joomla, Drupal etc. then hackers usually know the table names and basic information about the admin user. so such information hackers passed via string and get access to the system. so while doing security testing string manipulation test cases we need to execute to make sure it does not corrupt database or no valuable information has been sent to unauthorized user

SQL Injection

This is also very common attach on the website where hackers try to get access of system from User interface (UI) of the website. hackers passed sql queries into all input fields and tries to hack the system. while doing security testing its very important to handle such queries in the put fields like textbox, comments etc. so while doing Security testing, use simple and most common sql statement to get access of the website or admin. also try to use sql statement where you can alter or delete the data from the database.

Cross Site Scripting (XSS)

Now a days many websites or forum allow user to post the comment or message by using different html tags and javascripts. due to this features malicious user insert html / client side script to steal information. this is called cross site scripting (XSS). in most of the cases hackers tries to get the cookies information by which hackers can hack account of the users.

Spoofing

Spoofing is used as generic term to describe various types of attacks on the computer network through an act on impersonating as person or organisation. if we consider the website of bank, then hacker creates exact similar website with slightly different name but appears will be the same and due to which user gets confused and provide the valuable information to them.

XML or Xpath injections

most of the website uses database to store the data in that case we can do SQL injection testing but many websites stores data into xml and retrieve the data using xpath which is unique identifier of the that record. for xml data storage we need to test the xml and xpath injections.while doing security testing use JavaScript, html tags to corrupt the database.

i am write common test cases for security testing for website, so stay tuned…