Shulou(Shulou.com)05/31 Report--

This article mainly introduces the relevant knowledge of "what are the knowledge points of Web security testing". The editor shows you the operation process through actual cases, and the operation method is simple, fast and practical. I hope this article "what are the knowledge points of Web security testing" can help you solve the problem.

What is a security test?

The purpose of security testing is to provide evidence that the application can fully meet its needs in the face of hostility and malicious input.

a. How to provide evidence? We prove that the web application does not meet the security requirements through a set of failed security test case execution results.

b. How do you view the requirements of security testing? Security testing is more dependent on requirements than functional testing because it has more possible inputs and outputs to filter.

Real software security actually refers to risk management, that is, we can ensure that the security of the software meets the needs of the business.

How to conduct security testing?

Adding security test cases based on common attacks and vulnerabilities combined with reality is how to turn security testing into a simple and common part of daily functional testing.

Select special boundary values with security significance, and special equivalence classes with security significance, and integrate these into our test planning and testing strategy process.

However, if security testing is carried out on the basis of functional testing, a large number of test cases need to be added. This means that two things must be done to make it easy to manage: reduce the focus and test automation.

Which test points are usually considered in Web security testing?

1. Problem: input that is not validated

Test method:

Data types (strings, integers, real numbers, etc.)

Allowed character set

Minimum and maximum length

Whether to allow empty input

Whether the parameter is required

Whether repetition is allowed

Numerical range

Specific value (enumerated)

Specific patterns (regular expressions)

2. Problem: problematic access control

Test method:

It is mainly used for the page that needs to verify the user's identity and permissions. Copy the url address of the page. After closing the page, check whether you can directly enter the copied address.

For example, you can see the URL address from one page link to another. If you enter the address directly, you can see the page information for which you do not have permission.

3. Incorrect authentication and session management

For example, the input boxes of Grid, Label and Tree view are not verified, and the input will be parsed according to html syntax.

4. Buffer overflow

Critical data is not encrypted

Example: view-source:http address can view the source code, enter the password on the page, the page shows *, right, look at the source file, you can see the password you just entered

5. Denial of service

Analysis: an attacker can generate enough traffic from one host to exhaust many applications and eventually paralyze the program, which needs to be dealt with by load balancing.

6. Unsafe configuration management

Analysis: link strings in Config as well as user information, mail, and data storage information need to be protected.

What programmers should do: configure all security mechanisms, turn off all unused services, set role permission accounts, use logs and alerts

Analysis: users use buffer overflows to break the stack of web applications, and by sending specially written code to web programs, attackers can let web applications execute arbitrary code

7. Injection loophole

Example: a page that verifies the login of the user

If the sql statement used is:

Select * from table A where username='' + username+'' and pass word... ..

Sql type'or 1'--you can attack without entering any password

8. Inappropriate exception handling

Analysis: the program gives more detailed internal error information when throwing an exception, exposing execution details that should not be displayed, and there are potential vulnerabilities in the website.

9. Unsafe storage

Analysis: account list, the system should not allow users to browse to all accounts on the site, if a user list is necessary, it is recommended to use some form of pseudonym (screen name) to point to the actual account.

Browser cache: authentication and session data should not be sent as part of GET, POST should be used

10. Question: cross-site scripting (XSS)

Analysis: an attacker uses cross-site scripts to send malicious code to undiscovered users and steal arbitrary data on his machine

Test method:

HTML tag: …

Escape character: & (&); (space)

Scripting language:

... Alert ('')

Special character:''

/

Minimum and maximum length

Whether to allow empty input

This is the end of the content about "what are the knowledge points of Web security testing". Thank you for your reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.