When we talk about software testing of any web application, we can not forget about security testing. in the cyber world, every website or web application has too robust so that no one can hack it. Security testing ensures that website or web application is tested for attacks.
6 basics terms in Security Testing
Penetration testing is a process of establishing weakness in a computer infrastructure or network. in penetration testing, hackers take control of the client computer or network. The purpose of the test is to identify security vulnerabilities and then attempt to successfully exploit them in order to gain some form of access to the network or computer system.
There are two types of Penetration testing, Black box testing and white box testing. In Black box testing, no prior knowledge of the system is given to the tester. This is often the most preferred test as it is an accurate simulation of how an outsider/hacker would see the network and attempt to break into it. In white box testing, Tester has given all required information, like IP address, Infrastructure diagram and code and here tester has to find weaknesses from any of the available information.
the vulnerability is a weakness in a software or system under test due to which it can be easily attacked by the malicious user. Insufficient Security issues, Defects in the software or system, viruses can lead to increased vulnerability.
It is one of most common attack on the website where hackers manipulate the website URL and take out valuable information. in most of the cases, hackers pass different query strings by which he/she gets access to the system. when the developed website is based on a common system like WordPress, Joomla, Drupal etc. then hackers usually know the table names and basic information about the admin user. so much information hackers passed via string and get access to the system. so while doing security testing string manipulation test cases we need to execute to make sure it does not a corrupt database or no valuable information has been sent to an unauthorized user
This is also very common attach on the website where hackers try to get access of system from the User interface (UI) of the website. hackers passed SQL queries into all input fields and try to hack the system. while doing security testing its very important to handle such queries in the put fields like textbox, comments etc. so while doing Security testing, use simple and most common SQL statement to get access of the website or admin. also, try to use SQL statement where you can alter or delete the data from the database.
Cross Site Scripting (XSS)
Spoofing is used as a generic term to describe various types of attacks on the computer network through an act on impersonating a person or organization. if we consider the website of the bank, then hacker creates an exact similar website with a slightly different name but appears will be the same and due to which user gets confused and provide the valuable information to them.
XML or XPath injections
I am writing common test cases for security testing for website, so stay tuned…