What we all need at the end of the day? I mean most people want in life is Security. Why is security important in anyone’s life? This is because when you feel secure you are happy, comfortable and focus on things which you really want to achieve in life. So just think about the end user of your website from this point of view. How it will impact on your site audience if they don’t feel secure with your site and what if they know they are not secure enough to do what they supposed to do on the site. This is where security testing comes into account. And Yes, manual testers too can perform security testing to an extent.
I still remember I was exploring something and found an article on security testing. Like every tester what I hit first is with the password cracking. Yes, you are right it gets cracked after spending only 2 hrs. It was getting saved in cookies of end users. So, I started exploring what else I can do with security testing and learned few things which I want to share with you guys.
If your site is dealing with European Union, then you must be aware of GDPR. In that case, security testing is one of the high priority things for you as a tester from now onwards. Make sure your security testing work as an antivirus for all the threats to your web application.
Basic security testing concepts
Authentication: Establishing the Identity of end user
Non–repudiation: Making sure that communication involved parties can’t later deny the transaction (or when the transaction is going on)
Availability: Making sure that services are always available to end users.
Confidentiality: Make information accessible to only those who have authorized access to do so.
Integrity: Making sure that information has not been changed while storing or transferring etc Authorization: As per permission right of user, user can perform actions or receive a service
Authorization: As per permission right of user, user can perform actions or receive a service
If you have a good hold on your application and know what different security threats can be to your application. By taking following easy steps any manual tester can ensure the security to a major extent. I am listing down here few simple methods of security testing.
1. URL manipulation:
As you know to get access to any website we need to hit a link URL. See below example.
Think about yourself as a hacker who simply change the website URL query string and get access to unauthorized information. Normally this happens when applications transfer the data between the client and the server using the HTTP GET method. Information is transferred in parameters in the query string. Now you just need to modify the value of the parameter in the query strings to get access to unauthorized data.
For example:
If I am having access only to a sheet of accounts which is related to my department means testing but I don’t have access to another department account sheet. This account sheet simply containing the basic salary list along with employee name. Now I have access to this sheet by the following URL http://qatesting.com/confluence/pages/viewpage.action?spaceKey=DEV&title=Account+sheet+for+Testing
So, if I simply pass the name of the sheet in the URL title then I am getting the access to the sheet which I am unauthorized to do so. http://qatesting.com/confluence/pages/viewpage.action?spaceKey=DEV&title=Account+sheet+for+HR
So now think about your project, areas of security thread where anything is getting passed in the parameters and try to manipulate them.
A simple way of doing it: Simply add Tamper data add-on in your Mozilla.
2. Cross-site scripting (XSS)
When an application accepts an untrusted data and without validating it sends to the client (Browser) that simply refer to cross-site scripting(XSS). XSS forces victim’s browsers to execute the code (HTML code and javascript) injected by the attacker when victim page gets loaded. This code injected by attacker steal the vital information which is stored in the cookies.
3. SQL injection
When an attacker enters SQL queries to input fields of an application and it gets passed to the backend database. It may result to give access of information which should not be accessible to that user or simply execute the query and display the query result.
SQL injection can do
- Steal your sensitive data
- Get enough information to perform serious attacks
- Delete database or modify database
- Can bypass authentication and pretend to be a particular user
4. Password cracking
One of the ways to crack the password of any site is a brute attack. The brute attack is nothing but a simple way of trial and error method which is used to get the information such as a user password or personal identification number. Now how to do it. There are many automated software’s available using which you can test your website for the brute attack. One of the simplest tools is Mozilla Firefox add-on named as Fireforce.
5. View Source
There are a number of things which restricted from a different group of users (e.g admin, simple user) by simply viewing the view source code if the restricted user can access the data then again it is a security issue. Take an example of a website where the user is not able to see performance ratings for him given by his/her manager. But in the view source, it is visible.
http://www.helpingtesters.com/security-testing-manual-testers/