Security Testing

Security Testing is a software testing, in which it is tested whether the software can defend itself from threat, cyber attack, vulnerabilities, hacking, etc. This testing ensures that the software modules are coupled well and does not contain any loopholes which can leak information.

Security testing is a broader concept and must be explained in an elaborate way.

First, let us see what are the major consequences and compromises that might occur due to the lack of security in the software.

  • Software virus: Software Viruses are the special types of program which gets into the software, combines with the source code, create modification inside it and produce fake requests and results or may make the source code or data accessible to outsiders. Lack of security testing may make the software prone to attack.
  • Threats: There are different threats, like hacking, hijacking, Phishing, Waterhole attacks, Denial-of-Service, Keylogger, etc which may cause permanent damage to the software, by collecting all the confidential software or may create automatic request generator which floods the server and slow down all processes.
  • Loss: Loss means a huge loss in business. A security compromise made the banking software or the server may cause loss of billions of the customer or the bank itself. A simple threat may cause unexpected and unimaginable damage to the business.

There are different reasons for security testing and the list will go long.

Testing vs Debugging

Types of Security Testing

Below are the different types of Security Testing listed which are the major testing types and can remove almost all kinds of threats and assure a healthy software. They are:

Vulnerability Scanning:

Vulnerability Scanning is a security testing technique, in which the weakness in software is checked. This scanning is designed by experts and is made to run in the real system. Vulnerability scanning can also be used by the attackers for gaining access to the user's system.

There are different types of vulnerability scanners. They are:

  • Port Scanner: Check server and hosts for open ports.
  • Network Emulator: Network Emulator is used for retrieving the information from the computers which are interconnected in a network.
  • Network Vulnerability Scanner: A system that works virtually and checks the network vulnerability in the software constantly.
  • Web Application Security Scanner: This is a system which communicates with the web application to figure out potential vulnerabilities inside the architecture of the application.
  • Computer Worm: It is a self replicated computer malware which is used to scan vulnerabilities.

It should be understood that this is a fully automated system which is used to scan vulnerabilities.

Security Scanning:

Security scanning is also carried out for finding out network security issues, and weaknesses and flaws in software or the system. In this kind of testing, the scanning is carried out with softwares which are itself automated.

Penetration testing:

In penetration testing, the testing is carried out by simulating a cyber attack on the target computers or softwares to check whether the system deals with the attack or breaks. This is carried out mainly to check exploitable vulnerabilities.

The steps involved in penetration testing are as follows :

Planning and reconnaissance:

In this phase, the goals of the test are identified. And all the configurations, such as the network, domain, server, etc are checked and all the information are collected.

Scanning:

In this phase, the behavior of the system or the software is analyzed during the test time. This is done in two ways. One is the Static Analysis and the other is the Dynamic Analysis. In the static analysis, the code behavior is calculated without running the code.

On the other hand, dynamic analysis, the code behavior is analyzed while running the code. This is more accurate and practical as this is a real-time process and carried out directly in the runtime.

Unlike the Static phase, which can estimate the entire scenario in a single phase, in a dynamic phase, this cannot be done for the whole bugs of code and is calculated to only the part which is under run.
Gaining Access:

This is done, to break the safety of the software. This is done by implementing some methods like the SQL injection, phishing, cross-site scripting, etc and seen whether the security is breached.

This is a planned process and the test cases, that is the attacking scenario are created from the attackers perspective. This is a practical test and can directly assure the testing team whether the software is safe or not.

Maintaining Access:

This testing is carried out to see whether the attack in the software or system is a persistent one. For example, an attacker may steal session and can gain access, but when a different IP is sensed by the system, the session is destroyed which interrupts the attacker to continue with the in-depth access.

There are cases when it's seen that, it becomes harder to protect the software for micro-second, as it takes some time to deal with the vulnerability and take necessary action. This time of action is checking in this testing.

The main idea behind this test is that when the persistence time of attacked access is very small, then there are no possible chances of causing any practical damage to the software or the entire system.
Analysis:

In this phase, the data gathered is collected and recorded as a part of the testing output. The data is the number of vulnerabilities explored, the time duration for which the attack was persisting, and the data itself was accessed by the attacks.

There are several penetrating methods. They are:

  • Blind Testing: In this test, only the target is defined and the automated system is let to find and attack the required modules and paths.
  • Internal Testing: This is done while remaining in the environment, where there are different accesses such firewalls, etc which are already bypassed and the attack is initiated remaining inside.
  • External Testing: In this test, it is assumed that the attacker does not have any access to the office premises or inside the firewall of the software or the system. Therefore, they can just get the available data on the internet or social links, such as the domain of the official website, the server locations, the emails, etc.
  • Double-Blind Testing: This testing is performed, with a scenario as if the attack carried out suddenly and without any prior knowledge of attack or much time, the team or the software itself has to deal with the attack.
  • Targetted Testing: In this testing, the tester and the security agent for the software work collaboratively and carry out the attack and the defense in a very practical way, as if the attack was done by a real hacker and the security team for the software is solving it.

Risk Assessment:

Risk assessment is carried out to discover risks, identify security flaws, and perform a security audit. There are two components of a security test:

  • Security Review & Gap Analysis: This is an auditorial phase, and a process of audit, assessment of goals and defining of objectives and status.
  • Security Test: The actual security such as the phishing, penetration testing, cross-site scripting is performed.

Ethical Hacking:

It is a process of creating a simulator and performing a hacking to analyze the strength of the software in dealing with the security breach.

This can be performed either in automatic or manual modes. In the manual process, there is a team of hacking experts who perform the hacking and the tester analyze the scenario.

In the automated process, there are simulators which are programmed to perform a hacking on the software or the system.

The below diagram will make the entire idea clear :

security-testing1

As we have seen in the diagram, security testing is a vast term, and there are different types of it, we have seen only the major types.

Test case in Software Testing

Example of small Security Testing

A simple example in security test would be, entering credentials into the software and logging in and then logging out. And going back and trying to tap the forward key and seeing whether the login page appears without asking for the credentials.

If this happens, then the software is not safe at the basic level itself.

Now one might think that it is a very simple issue, but that's not true. The login should create a session for the user having the appropriate credentials and as the logout button is clicked, the user should be logged out, and the session should be destroyed.

Let us take an example of a popular method of attack- The Brute Force Attack

In this method, the attacker will generate all the possible combination of the credentials which are possible. This method looks easier, but no one can say when the valid credential will reach and the attacker will be able to get into the system of the admin page.

Suppose, that the administrator ID is guessed as admin and password is guessed as a two digit number. The diagram is shown below:

bruteforce

As shown in the above diagram, in the Brute-force method, the attacker, trying with all the possible combinations of the credentials of ID and Password. This is a Brute-force attack and the attacker does not have any idea, that after which combination, the credentials will match and it will log in.

This method is so popular for small systems and in case of the system where guessing password may be nearly impossible.

Now, while carrying out a security test, this method is applied with the help of a simulator and the time is measured between the initiation of the attack and the time of login or gaining access.

There are several methods which are used by the attacker and the same are applied by the tester while performing security testing.

Software Testing Techniques

Tools for Security Testing

  • Arachni: This is a web application Security Scanner.
  • Grabber: It is a device which captures data.
  • Iron Wasp: This is an openSource Web Testing platform.
  • Nogotofail: This is a network Testing tool to check weak TLS/SSL connection
  • SonarQube: This is an open source for continuous inspection of the code.
  • SQLMap: This is an open source penetrating tool.
  • W3af: This is a web-application Attack and Audit Framework.
  • Wapiti: This is the Audit framework for Web Application.
  • Wfuzz: This is a python based password cracker or brute forcer.
  • Zed Attack Proxy (ZAP) : This is a Penetration Testing.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions