When we talk about software testing of any web application, we can not forgot about security testing. in the cyber world every website or web application has to robust so that no one can hack it. Security testing ensure that website or web application is tested for attacks.
6 basics terms in Security Testing
Penetration testing is a process to establishing weakness in a computer infrastructure or network. in penetration testing, hackers takes control on client computer or network.The purpose of the test is to identify security vulnerabilities and then attempt to successfully exploit them in order to gain some form of access to the network or computer system.
There are two types of Penetration testing, Black box testing and white box testing. In Black box testing, no prior knowledge of the system is given to the tester. This is often the most preferred test as it is an accurate simulation of how an outsider/hacker would see the network and attempt to break into it. In white box testing, Tester has given all required information , like IP address, Infrastructure diagram and code and here tester has to find weaknesses from any of the available information.
vulnerability is a weakness in a software or system under test due to which it can be easily attacked by the malicious user. Insufficient Security issues, Defects in the software or system, viruses can lead of increased vulnerability.
It is one of most common attach on the website where hackers manipulate the website url and take out valuable information. in most of the cases hackers passes different query strings by which he/she gets access of the system. when developed website is based on common system like WordPress, Joomla, Drupal etc. then hackers usually know the table names and basic information about the admin user. so such information hackers passed via string and get access to the system. so while doing security testing string manipulation test cases we need to execute to make sure it does not corrupt database or no valuable information has been sent to unauthorized user
This is also very common attach on the website where hackers try to get access of system from User interface (UI) of the website. hackers passed sql queries into all input fields and tries to hack the system. while doing security testing its very important to handle such queries in the put fields like textbox, comments etc. so while doing Security testing, use simple and most common sql statement to get access of the website or admin. also try to use sql statement where you can alter or delete the data from the database.
Cross Site Scripting (XSS)
Spoofing is used as generic term to describe various types of attacks on the computer network through an act on impersonating as person or organisation. if we consider the website of bank, then hacker creates exact similar website with slightly different name but appears will be the same and due to which user gets confused and provide the valuable information to them.
XML or Xpath injections
i am write common test cases for security testing for website, so stay tuned…