How does penetration testing tool emphasize on web application security?

In this internet savvy world, web applications have become an important part of web utilization. Web applications provide a means to utilize or exploit the services offered by the web in a more meaningful manner. 

The earlier years saw less use of web applications, but now it is reaching new heights day by day with a great demand for improving the existing ones along with the introduction of new ones. With such a vast number of users, the application needs to maintain its security from the malicious attackers among these users and so adequate security measures have to be taken.

For this purpose, it is required that the security mechanism of the applications to be checked thoroughly for any vulnerabilities and security leaks via the penetration testing. Penetration testing is perhaps the best testing methodology when it comes to the testing the security different software system components like network security, data base security etc. 

There should be some testing methodology that could dig out all the potential vulnerabilities. Is there an answer? Yes there certainly is! The penetration testing! Perhaps many of us are familiar with this testing methodology. In this piece of writing we have discussed how the penetration testing tools emphasize up on the web application security. 

About Penetration Testing and its emphasis on Web Application Security

- Penetration testing is yet another testing methodology that has been adopted for testing the security of the  web applications against the malicious attacks.

- It provides a way to evaluate the security level of the web application by troubling the application with false simulated attacks as malicious attacks from the outside as well as inside attackers. 

- It also deals with the aliens, foreigners or outside attackers who do not have any authorized access to the computer system or network and inside attackers who do have that access.

- An active analysis is required to be carried out for the penetration testing which carries out an assessment of all the potential vulnerabilities of the web application that are merely a consequence of its poor security level as well as configuration level. 

- Apart from this the known and unknown flaws form both the hardware as well as software components of the application contribute to these vulnerabilities rather than only operational weaknesses.

- A proper active analysis is achieved only if it is carried out from the view point of a malicious attacker and involves the active exploitation of the recognized vulnerabilities.

- The web application security depends up on the effectiveness of the testing.

- The testing in turn is largely affected by the effectiveness of the tools that are employed in the testing.

- The tools indeed affect the web application security, since if the tools are reliable and efficient in searching for the vulnerabilities, obviously there will be more stringent checking of the security mechanisms. 

- The identification and recognition of the vulnerabilities is always the first step in penetration testing.

- A required number of penetration tests are then carried out on that particular system with the coupling of information with the active assessment of the risks associated with the computer system or network using the penetration testing tools. 

- A whole lot of effective tools are designed to reduce the affect of the identified potential vulnerabilities. 

- Penetration testing tools have been recognized as important component of the web application security audits. 

Explain the concepts of XSS cross site scripting?

XSS or cross site scripting is a much familiar word in today’s cyber world. Cross site scripting is categorized under the category of computer security vulnerabilities which are common among the web applications.

Purpose of XSS Cross Site Scripting

- This vulnerability makes the web application so vulnerable that the malicious outside attackers are able to inject the malicious client side scripts in to the web pages or applications that are later viewed by the people who visit the page.

- Another purpose may be to incur the access controls like the same origin policy.

- The cross site scripting vulnerability itself accounts for almost 80.5 percent of all the security vulnerabilities identified and documented in the year of 2007 by the Symantec.

- The cross site scripting technique is employed for curbing risk depending on the measure of the sensitivity of the data that is being processed by that particular web site or web page.

- Apart from this factor, another factor that influences this is the security mitigation as implemented by the owner of that web site.

Limitations of XSS Cross Site Scripting

- Cross site scripting can also be employed by some people to create petty nuisance.

- This vulnerability of the security system is often misused by the attackers for bypassing the security mechanisms on the client side which are usually implemented by the web browsers up on the web content on that particular site.

- There are various ways through which the attacker can find the access to the web pages for injecting their malicious scripts in to them.

- Such ways or methods can provide the attacker an unauthorized access to all the sensitive content of the page, information of the user activity as stored by the browser and session cookies etc.

About Cross Site Scripting

- Cross site scripting is a type of code injection attack and is somewhat similar to the SQL injection attacks.

- Earlier the cross site scripting technique was defined as the loading of the third party application that had been attacked at an unrelated attack site while executing java scripts in the context of security of the domain on target as created by the attacker.

- Eventually this cross site scripting refer to the different modes of the code injection, non java script vectors (like VBscript, flash, Java, ActiveX, HTML, SQL and so on).

- The cross site scripting vulnerabilities have been under exploitation since the advent of 20th century.

- So many famous social networking sites like my space, orkut, twitter, Facebook etc have been a victim of the cross site scripting in the past.

- With the sophistication of the cross site scripting techniques, they have now surpassed the vulnerabilities like buffer overflows reporting to be the most common security vulnerability.

- Even now 68 percent of the total web sites have been sorted as vulnerable to the cross site scripting attacks.

Classifications of XSS flaws

As such there are no proper criteria for the classification of the XSS flaws, but according to the experts they are classified in to two categories:

1. Persistent XSS Flaws
It is also known as stored XSS flaws and is the most destructive type. It occurs when the data which has been provided by the attacker is stored by the server.

2. Non persistent XSS flaws
It is also known as reflected XSS flaws and it is the most common type. It occurs when data from a web client is used by server scripts for generating required pages without the sanitization of the queries.

Some other experts classify them as:
1. DOM based XSS flaws: infect client side scripts.
2. Traditional XSS flaws: occur as a result of the flaws in the server side scripts.

What is the difference between re-test and regression testing?

Software re- testing and regression testing are the two concepts which are often misunderstood by the people. These two software testing concepts will be focused up on in this article. These two terms are often mistaken as the same thing but, it is not so. There is a considerable difference between the two.

Concepts of Re-testing

- As we all know, the field of software testing is continually improving, it becomes necessary to modify and re- test the existing software components to make them compatible with the new advanced technology.

- It becomes necessary to retest those old software components to check how much they have been affected by the changes and what all improvements and modifications are needed to make them at par with the new technology.

- So we see that testing a software component for another time is called re- testing.

Concepts of Regression Testing

- Testing these software components again and again for the sake of improvement and modification is what is called regression testing.

- We can formally define the regression testing as the software testing methodology that seeks to dig out new errors and bugs after the all other types of software testing have been carried out on the system and the required changes have been made to root out those bugs and flaws.

- It is mostly emphasized on testing the patches, enhancements and of course configuration changes.

- Regression testing is aimed at determining whether or not the modifications or enhancements have introduced new bugs and errors.

- Another purpose of carrying out regression testing is to ensure that the any changes in one component do not affect the functioning of the other components of the software system or application.

- Executing the already executed tests and observing the behavior as well as the outcome of the program, is the most common approach to the regression testing.

- Regression testing also sees to it that the faults that were fixed previously do not occur again.

- Regression testing like any other testing also consumes so much of time and effort.

- Therefore, in order to cut down the testing time and improve the efficiency of regression testing, the tester can select only few of the required test cases and execute them once again.

- Regression testing is the most costly software testing methodology that is ever employed in a software testing life cycle.

- An aggressive research has been carried out on the regression testing and many issues have been discovered with the regression testing.

Process may be either of deployment or development, because of both of them changes are made in the software system like adaptation to changes, enhancement of functionality and bug fixing etc.

Retesting and regression testing are seen as one of the most expensive software testing processes.

- These two testing processes can take up to 80 percent of the total budget of the software testing and accounts for 50 percent of the total project budget.

- For normal development processes, it is ok if the regression testing is carried after the changes have been made to the software system for every regular builds or before the final release of the software.

- But, for the agile development processes, the regression testing should be carried out after every time the software program is compiled and saved.

- For other types of development, the regression testing can be carried out before the release of the patches like security patches and so on.

- In whatever way or on whatever time the regression testing might be performed, its aim is always the same i.e., giving the assurance that the changes made to the software act as expected and do not affect the other components of the program.

What are Application Testing Methodologies?

First of all, lets be clear with what is application testing actually.
- It is simply the testing of application software. But, it is not so easy to carry out as it sounds like.
- To develop good application software, great efforts and skills are required both of development and testing.
- Testing is needed to check the quality status of application software.
- This is indeed very important for quality assurance and to see that if the application software is meeting the expectations of the consumers or not.

WHY IS TESTING METHODOLOGY IMPORTANT?
- It is obvious that all the aspects of application software cannot be discovered by following just one testing methodology.
- One has to employ many testing methodologies in order to discover most of the hidden bugs and errors.
- Many methodologies have been developed for testing application software.
- Discovery of flaws is the primary aim of any software testing methodology.
- Criticism is yet another aim.

APPLICATION TESTING METHODOLOGIES

1.BOX TESTING TECHNIQUES
- White Box Testing
It includes techniques that are used to test the program or algorithmic structures and working of that particular software application in opposition to its functionalitY or the results of its black box tests.
a) API testing
b) Fault injection
c) Code coverage: Code coverage can be defined as a measure to measure the extent to which the source code of a software system has been tested.
d) Mutation testing
e) Static testing

- Black Box Testing
a) Equivalence partitioning
b) Boundary value analysis
c) Pair wise testing
d) Fuzz testing
e) Exploratory testing
f) Model based testing
g) Specification based testing

- Grey Box Testing
As the grey colour is made from the combination black and white colours, so does grey box testing is made from a combination of both white box testing as well as black box testing.
- Visual Testing
As the name suggests, non destructive testing techniques do not involve vigorous checking of the software structure.
- Unit Testing
- Integration Testing
The units or modules are combined and tested.
- System Testing
- System Integration Testing

- Regression Testing
It basically discovers and unhide the hidden and new errors and flaws.

- Acceptance Testing
There should be some kind of testing that looks in to the contract and verifies whether or not all the requirements have been met. Acceptance testing serves the purpose right. Acceptance is a composition of 3 kinds of tests namely Physical tests, Chemical tests and Performance tests.

- Alpha Testing
The purpose of checking the application software before the release is served by alpha testing on the basis of:
a) Service level agreement or SLA as it is abbreviated.
b)Requirements
c)Specifications
d)Defect rate efficiency (known as DRE in short form).

- Beta Testing
Beta testing is carried out after the successful completion of the alpha testing.
- Performance Testing

- Usability Testing
Usability testing can be defined as a technique which is used in interaction design. This designing is centred around the user and accounts for the evaluation of the software system, application or product by testing it out on the software product users.

- Security Testing
Security testing as its name suggests can be defined as a process to determine that whether or not a software or information system or application is capable of protecting data and keeping it secure.

- Internationalization
Internationalization can be defined as a process of coding and designing a product. This coding is done in such a way that it can perform well almost on any platform after modification for use in different regional standards and languages.
- Localization

What are common programming bugs every tester should know?

A programming bug as we all know is common or “one in all” term for a flaw, error or mistake in a software system or program. A bug is known for producing unexpected result always or results in the abnormal behavior of the software system or program.

CAUSES OF BUGS
- Root causes of the bugs are the faults or mistakes introduced in to the program’s source code or design and structure or its implementation.
- A program or a piece of program too much affected with bugs is commonly termed as a “buggy” program or code.
- They can be introduced unknowingly in the software system or program during the coding, specification, data entry, designing and documentation.
- Bugs can also arise due to complex interactions between the components of a complex computer program or system.
- This happens because the software programmers or developers have to combine a great length of code and therefore, they may not be able to track minor bugs.
- The discovered bugs are also documented and such documents or reports are called bug reports or trouble reports.

HOW BUGS INFECT A PROGRAM ACTUALLY?
- A single bug can trigger a number of faults or errors within the program which can affect the program in many ways.
- The degree of affecting depends on the nature of the bug.
- It can either affect the program very badly causing it to rash or hang or it may have only a subtle affect on the system.
- There are some bugs that are not detected in the entire software testing process.
- Some bug may cause a chain effect which can be described as one bug causing an error and that error causing some other errors and so on.
- Some bugs may even shut down the whole software system or application.
- Bugs can have serious impacts.
- Bugs can destroy a whole machine.
- Bugs are after all mistakes of human programmers.

TYPES OF BUGS
Bugs are of many types. There are certain types of common bugs that every programmer should be introduced with.

First we are listing some security vulnerabilities:
- Improper encoding
- SQL injection
- Improper validation
- Race conditions
- Memory leaks
- Cross site scripting
- Errors in transmission of sensitive data
- Information leak
- Controlling of critical data
- Improper authorization
- Security checks on the client side and
- Improper initialization

SOME COMMON BUGS ARE:

1. Memory leaks
- This bug is catastrophic in nature.
- It is most common in languages like C++ and C i.e., the languages which do not have automatic garbage collection feature.
- Here the rate of consumption of memory is higher as compared to rate of de- allocating memory which is zero.
- In such a situation the executing program comes to a halt because there is no availability of free memory.

2. Freeing the resource which has already been freed
- This bug is quite frequent in occurrence.
- Usually it happens that the resources are freed after allocation but here already freed resource is freed which causes an error.

3. De-referencing of NULL operator
- This bug is caused due to an improper or missing initialization.
- It an also be caused due to incorrect use of reference variables.

4. References
- Sometimes unexpected or unclear references are created during the execution which may lead to the problem of de- allocation.

5. Deadlocks
- These bugs though rare are catastrophic and are caused when two or more threads are mutually locked by each other or those threads get entangled.

6. Race conditions
- These are frequent and occur when the same resource or result is being tried to be accessed by two threads.
- The two threads are said to be racing.

What are different aspects of network penetration testing?

Penetration test is popularly called pen test. Penetration testing can be defined as a methodology to determine the security level of a network or a computer system.

- This is usually done by simulating an attack from malicious outsiders or the people who are aliens to the system i.e., the people who don’t have any authorized means or permission to access that particular organization’s computer systems or network.

- The process of network penetration testing requires having an active analysis of the whole network and computer system for checking any potential flaws and vulnerabilities in the network system or computer system.

- These potential flaws and vulnerabilities could result from the improper or poor configuration of the network or the computer system.

Other reasons for these potential vulnerabilities and flaws are:

- Unknown and known software and hardware flaws and problems.
- The operational weaknesses of the testing process and counter measures of the technology used.

Typically, this analysis of the network and the computer system is carried out keeping in mind the position of a potential attacker and the process may also involve the active exploitation measures for exploiting security vulnerabilities.

- Security vulnerabilities or issues that are discovered during the testing process are reported to the owner of the network or the computer system.

- An effective penetration testing involves coupling of this information and findings with an already assessed accurate assessment of the potential affects or impact and giving it to the particular organization.

- It also includes outlining of a range of procedural and technical counter measures to overcome those potential vulnerabilities and reduce risks.

There are certain reasons that account for the necessity of carrying out penetration testing. They have been listed below:
- Identification of vulnerabilities that pose a higher risk to the network or the computer system from a combination of vulnerabilities that poses a lower risk. These vulnerabilities are exploited in a designed sequence.

- Determination of feasibility of a particular set of a type of vectors.

- Identification of vulnerabilities that may be impossible and difficult to detect otherwise with automated software scanning application.

- Assessment of the magnitude of impacts of the potential operations and business of the attacks that could be successful.

- Testing of the ability of the network defenders to detect and respond to the attacks by the malicious outsiders.

- Providing of evidence in support of the gradually increasing investments in technology of the security measures.

Penetrations tests can be rightly called the components of a full security audit. Best example that can be given is of payment card industry data security standard.

There are several ways for conducting the penetration tests.

- White box testing and black box testing are the methodologies widely used for carrying out performing penetration testing.

- Before carrying put the penetration testing, it is needed that the testers should determine the extent and location of the systems.

- Here, the white box testing provides the complete information of the infrastructure that is to be tested and it includes source code, IP address information and network diagrams.

- Sometimes grey box testing is also done.

- Penetration tests are called “full disclosure tests” since they provide full information about the network or the computer system to the testing party.

- Penetration testing involves a scan of the IP address space of the concerned organization for a full audit of source code of the application.

- Any computer system deployed in a hostile environment can be used for carrying out the penetration test.

- This measure provides an assurance that any malicious attacker won’t be able to affect the network or the computer system.