Importance and the need for Web App Pen Testing
Penetration Testing thus becomes very important in ensuring we build a secure system which can be used by users without any worries of hacking or data loss.
The methodology is nothing but a set of security industry guidelines on how the testing should be conducted. There are some well established and famous methodologies and standards which can be used for testing, but since each web application demands different types of test to be performed.
Some of the Security Testing Methodologies and standards are :
Listed below are some of the test scenarios which can be tested as part of Web Application Penetration Testing (WAPT)
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute malicious SQLstatements. These statements control a database server behind a web application. ... SQL Injectionattacks are one of the oldest, most prevalent, and most dangerous web application vulnerabilities.
What is Broken authentication and session management? These types of weaknesses can allow an attacker to either capture or bypass the authentication methods that are used by a web application. ... Session IDs are exposed in the URL (e.g., URL rewriting). Session IDs are vulnerable to session fixation attacks
A local file upload vulnerability is a vulnerability where an application allows a user to upload a malicious file directly which is then executed. A remote file upload vulnerability is a vulnerability where an application uses user input to fetch a remote file from a site on the Internet and store it locally.)
A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.Not every system hack will initially provide an unauthorized user with full access to the targeted system. In those circumstances privilege escalation is required. There are two kinds of privilege escalation: vertical and horizontal.
Vertical privilege escalation requires the attacker to grant himself higher privileges. This is typically achieved by performing kernel-level operations that allow the attacker to run unauthorized code. Horizontal privilege escalation requires the attacker to use the same level of privileges he already has been granted, but assume the identity of another user with similar privileges. For example, someone gaining access to another person's online banking account would constitute horizontal privilege escalation.
Security misconfiguration vulnerabilities could occur if a component is susceptible to attack due to an insecure configuration option. ... Security misconfiguration can happen at any level of an application stack, including the platform, web server, application server, database, framework, and custom code.
Password cracking refers to various measures used to discover computer passwords. This is usually accomplished by recovering passwords from data stored in, or transported from, a computer system. Password cracking is done by either repeatedly guessing the password, usually through a computer algorithm in which the computer tries numerous combinations until the password is successfully discovered.
Authentication bypass vulnerability could allow attackers to perform various malicious operations bypassing the device authentication mechanism. ... Organizations failing to enforce strong access policy and authentication controls could allow an attacker to bypass authentication.
Session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system.
Automated vs Manual testing
Manual testing is performed in this scenario
Automated testing is performed in this scenario
Internal & External Testing
As the name suggests, the internal pen testing is done within the organization over the LAN, hence it includes testing web applications hosted on the intranet. Basically, it includes Malicious Employee Attacks by disgruntled employees or contractors who would have resigned but aware of the internal security policies and passwords, Social Engineering Attacks, Simulation of Phishing Attacks, and Attacks using User Privileges or misuse of an unlocked terminal.
These are attacks done externally from outside the organization and include testing web applications hosted on the internet. To simulate such attacks, testers are given the IP of the target system and not provided any other information. They are required to search and scan public web pages and find our information about target hosts and then compromise the found hosts. Basically, it includes testing servers, firewalls, and IDS.
Black box,White box & Grey box testing
Valency Networks is a very agile, friendly and fun loving atmosphere and yet we maintain a cutting edge technical vibrant work environment.