What are different kinds of security threats?

Security vulnerabilities and security threats are one of the biggest issues of today in the field of software engineering. As more sophisticated is the today’s software is, the more critical security issues it struggles with.

Any software is bombarded with one compulsory question that how safe and secure it is? Does it have any possibilities of keeping the attackers at bay from interfering with the security of the software system or application? Has any effective strategy been designed for dealing with any possible security issues and keep sensitive data out of the reach of the attackers and strengthen the security programs of the software system or application? 

Today as the technology is advancing; it is being misused in the creation of new methods or strategies for breaking out in to the security system of a system or application. Attackers are being influenced by the chances of financial gain and are always involved with the exploitation of the various software systems and applications over the years. This article gives a glance about all such security threats that our software systems and applications face today.

How are security threats categorized?

The security threats are categorized in to many categories:

1.        Validation of input: It faces threats like:

(a)      cross site scripting

(b)      SQL injection attacks

(c)       buffer overflow

(d)      Ccnonicalization

2.        Authentication:

(a)      Brute force attack

(b)      Network eavesdropping

(c)       Dictionary attacks

(d)      Credential theft

(e)      Cookie repay

3.        Authorization:

(a)      Disclosure of confidential data

(b)      Elevation of privilege

(c)       Luring attacks

(d)      Data tempering

4.        Configuration management: It faces following threats:

(a)     Unauthorized access to interfaces

(b)      Retrieval of configuration data

(c)      Over privileged process

(d)      Lack of individual accountability

5.        Session management:

(a)      Man in the middle

(b)      Session hijacking

(c)      Session replay

6.       Sensitive information:

(a)      Network eavesdropping

(b)      Access of sensitive data in the storage

(c)       Data tempering

7.        Cryptography:

(a)     Weak encryption

(b)      Poor key management

8.        Parameter manipulation:

(a)      Form field manipulation

(b)      Cookie manipulation

(c)      Query string manipulation

(d)      HTTP header manipulation

9.        Exception management:

(a)     Denial of service

(b)     Information disclosure

10.     Auditing and logging:

(a)      User denial for performing an operation

(b)      Exploitation of an application without trace

(c)      Covering of the attacks by the attacker

Usually security is often either thought of as an operational IT issue that is concentrated up on building defending systems or strategies for the softwares to protect them from the malicious security breaches and attackers or as an issue concerned with the protection of the personal, critical and sensitive data.  

Importance of Security

- Lack of security is what makes a software vulnerable to such issues.

- The security needs to be addressed in some more elaborate way since the attackers are far more ingenious and creative people.

- A software security must be aimed at building a defect free software system or application.

- Out of all the defects of the software system, few tend to become the source of security vulnerabilities. 

- Softwares that have been built with more concentration on the system security are found to be more resistive to the security threats and if in case they are struck with some security issue they have the capability of recovering as soon as possible. 

- It is important to incorporate security in to the software systems are from the initial phase to the last and final phase.

- This can start right from implementing secure software coding and testing methodologies. 

- The software developers, programmers and testers can be trained to implement language specific secure coding practices.

- Conducting a risk based security testing yields greater benefits. It adequately highlights the weaknesses of the software system or application.

What are different methods and techniques used for security testing at white box level?

It requires a great deal of efforts to harness a good level of security. To obtain good security statistics one has to follow a proper approach to the testing. Like for any other kind of software testing one need to decide for security system also that who will carry out the testing and what approach has to be followed. Carrying out the security testing at the white box level is not at all easy as it is very complex and detailed.

APPROACHES FOR SECURITY TESTING AT WHITE BOX LEVEL
Basically till now two basic approaches have been identified for the security testing at the white box level and these have been mentioned below:

1. Functional Security Testing
- This approach to testing is usually followed by the standard testing organizations. - It deals with the checking of the features and functionalities of the software system or application for determining that whether or not they are working as stated. - This sounds like a very classic approach to security testing.

2. Risk Based Security Testing
- This is a more traditional approach to security testing and is followed usually by the quality assurance staff.
- This approach is quite difficult as compared to the previous mentioned approach.
- The main problem here is of the expertise of the testers since this approach calls for great skills in testing.
- Firstly to design the security tests which can completely exploit the vulnerabilities are difficult to be designed since for this it is required that the tester thinks like an attacker.
- Secondly, the security tests do not exploit the security of the software system or application directly and this causes a problem to observe the outcomes of a security test.

ABOUT SECURITY TESTING AT WHITE BOX TESTING LEVEL

1. A security test carried out without much precaution and logic can cause the whole security testing go wrong and this in turn can lead the software tester to carry out even more complicated test processes to counteract such a situation.

2. Risk based testing requires more skills than experience.

3. Most of the security testing methodologies or techniques that we use at the white box level are traditional and some of them have become out dated.

4. On the other hand the security exploitation techniques used by the attackers have become sophisticated day by day and the traditional methods used to cope these issues are becoming extinct.

5. Security testing at both the black box level and white box level tend to have a better understanding of the software system or application but different approaches are followed at both the levels.

6. The different approach followed by them is decided on the basis of the access of the source code i.e., whether or not the tester is having access to source code.

7. Security testing at the white box level is concerned with the rigorous analyzation of the source code of the software program as well its design.

8. It basically deals with finding the errors in the security mechanism of the software system.

9. In very rare cases it happens that this approach involves the matching of the patterns and automation of the whole testing process by implementing a static analyzer.

10. One peculiar drawback has been discovered for this kind of testing which is that this kind of testing sometimes may report a bug in some part of the software but actually there exists no such bug.

11. But still security testing at white box level using static analysis methods and techniques proves good for some software systems and applications.

12. Risk based testing calls for a lot of understanding of the whole software system.

13. After all, the product security is very much essential to the reputation of the company.

What are different security testing techniques?

Security testing techniques are needed to defend the vulnerabilities of a software system or application and to protect it from security threats. Every web site and application has some kind of vulnerabilities which weaken the application’s security and exposes it to the exploitation.

The security should be carried out along all other testing phases so that a uniform security is maintained throughout the application and vulnerabilities and threats are discovered and addressed from time to time. But, unfortunately the security testing is usually conducted at the last phase of the development cycle.

PENETRATION & STATIC ANALYSIS TESTING TOOLS
- Penetration testing tools or web application scanners help a great deal in identifying the vulnerabilities of a web site or application.
- The human brain cannot mentally check out the whole source code and aspects for vulnerabilities and weak points.
- Another class of tools that can be used for this purpose is static code analysis tools.
- Both these penetration tools and static code analysis tools are needed for security testing of web sites and web applications.
- These tools work very effectively in digging out the vulnerabilities.
- On the other hand, static code analysis tools belong to the white box testing tools.
- They are used by the security groups to complement the penetration tools and they focus up on finding the specific root vulnerabilities.
- Penetration testing tools are to be used when the tester is having a limited knowledge of the web application under testing.
- These security tools are employed to check out the following security issues:
(a) SQL injection attacks
(b) Cross site scripting attacks
(c) Directory traversal attacks
(d) Issues related to session management
(e) Validation of the supplied input

The penetration testing tools emphasize upon the following security areas of a web site or web application:
- Network security
- Data base security
- Security sub- system
- Web application security

The penetration testing tools though focus up on both the positive and negative requirements; the more emphasis is on the negative ones. On the other hand normal software testing focuses only up on the positive requirements.

TECHNIQUES USED TO CARRY OUT SECURITY TESTING OF WEB APPLICATIONS

1. Fuzz Test Technique
- This type of testing involves injection of various types of generated data at the interface of the web site or application under testing.
- The data is either randomly generated or systematically.

2. Syntax Test Technique
- This type of testing involves generation of both legal and illegal data.
- This data input values are fed to the application and the behavior of the web application is observed i.e., whether it accepts or rejects the input.

3. Data Analysis
- The data generated by the web application is checked and the context of cryptography is employed here.

4. Exploratory Testing
- This testing is carried out without any test plan.
- There are no specific expectations in this type of security testing and the outcomes are also not expected.

5. Scaffolding
- Testers require some support to carry out their own specially designed testing techniques.
- For that they require supportive tools.
- This is termed as scaffolding.

6. Monitoring the behavior of the program
- Automated tools are used to monitor the outcomes of the different security testing techniques applied and also the behavior of the web application is monitored.
- This technique saves a lot of time.

Security testing of the web sites and applications is crucial to the security of the enterprise since the web sites and applications need to be available to the people all time and the threats and vulnerabilities possess a big danger to the cyber world.

What is the approach for Security Testing of Web Applications?

Like our real world, our cyber world also needs security as rate of cyber crime is also increasing day by day. Attackers are misusing the technology to benefit themselves and this has caused the end users to suffer.

The security of the web sites and web applications needs to be very tight so that attackers are not able to break in to the data bases of the sites and applications and use the critical data and information to their heart’s content.

ABOUT SECURITY OF WEB SITES
- Several security measures are being designed these days and many of them have been adopted.
- The security level of the web sites and web applications needs to be tested just like any other aspect of softwares to ensure that it is error proof and meets the standards.
- Security testing of web applications is very necessary as the security of a web site or application is responsible for the safety of our personal information that we use to access the cyber services and other sensitive information.

WHAT APPROACH SHOULD BE USED TO TEST WEBSITES?
Here the question arises that what approach should be followed for security testing of the web sites and applications?
- For security testing of web applications a planned approach should be followed. - The vulnerabilities of the web application should be listed first so that you can draw out your test plan.
- As the number of users is increasing, the need for a proper security system is also increasing.
- The security testing of the web applications needs to very efficient.
- In security testing, the privacy level of the data is tested i.e., whether or not it stays confidential and that it is not leaked to those for whom it is not meant.
- It also makes sure that the end users are able to perform only those tasks which have been authorized for them and that the users are not able to alter the features and functionalities of a web site or application.
- The tester carrying out the security testing should have good knowledge of Hyper Text Transfer Protocols (HTTP).
- It is important to know how exactly the communication takes place between the browser and the server.
- He/ she should also know about the issues mentioned above in the list.

STEPS INCLUDED IN A TEST PLAN

1.Password cracking
- This is done to access the intimate areas of a web application.
- Password cracking can take a very long time if the password is complex.
- Sometimes the user names and passwords are stored in un-encrypted cookies.
- The attacker can very well steal such cookies to get the user name and password.

2. URL manipulation
- In this step, the URL should be tested for any important information in its query.
- Some times information is passed when the HTTP GET method is employed for passing information between the browser and the server by the application.

3. SQL injection
- This is the third issue to be checked.
- Any unauthorized character entered in the text box by the user should be rejected by the application.
- While testing this aspect, if the tester encounters an error or a bug in the data base of the application, then the web application’s security is said to be vulnerable.
- If the application is not checked against the SQL injections, the critical information can be stolen from the application’s data base.

4.XSS cross site scripting
- This is the fourth aspect to be checked.
- The tester should check whether or not the web application accepts any HTML script.
- If the site or application is found to be supporting HTML scripts, then it is prone to the cross site scripting attacks.

During security testing the configurations of the server and the application should not be touched and modified and security test should not be performed on a production system.

What are different characteristics of security testing?

Security testing as its name suggests can be defined as a process to determine that whether a software or information system or application is capable of protecting data and keeping it secure.
It also determines that the software or the information system keeps the functionality of the system intact and as intended.

Security testing needs to cover up six important concepts. They have been discussed below in detail:
1. Confidentiality
- It can be defined as a measure of security which seeks to provide protection against the disclosure information or data to the third parties or any unauthorized parties other than the authorized parties or individuals.
- This is not the only way of ensuring security of the information.

2. Integrity
- This is a security measure intended to inform the information or data receiver about whether the information or data which is being provided is correct and fully legal.
- Most often, same underlying techniques are used for both confidentially and integrity aspects of security.
- There is a basic difference between integrity and confidentiality and that is: for integral security, additional information is also provided.
- This additional information usually forms the basis of not only encoding of the whole communication data but also forms the basis for an algorithmic check.

3. Authentication
- This security measure involves the confirmation of the identity of a particular person.
- It ensures that a packed product contains exactly what its packaging and labeling claims to be.
- The process of authentication is also used to trace the origins of a software system, application or an artifact.
- The process of authentication plays a big role in determining that a computer software system or application is a trusted one or not.

4. Authorization
- The process of authorization is an important security measure.
- It verifies the identity of the receiver of that particular service.
- It can be defined as a process for determining that a person who has requested for some service is allowed and is eligible to receive that service or to carry out some operation.
- The best example of authorization security measure is given by access control.

5. Availability
- Availability security measure assures that that the communication services and information will be always ready for use whenever they are needed.
- This security measure ensures that the required information is always available to the authorized people when they are in need of it.

6. Non- Repudiation
- It basically falls under the category of digital security measures.
- Non- repudiation security measure confirms that the data, information and messages are transferred and received by the people or parties claiming to have sent the data, information or messages.
- The security measure like non- repudiation offers a way to guarantee that the person or the party who had sent the message, later cannot deny sending the message and the recipient also cannot deny having received the message if any issue is raised.

Security testing as a term has a number of different meanings and cannot be explained in just one way. Security taxonomy provides a better way to under stand all these concepts.

- Discovery
- Vulnerability scan
- Vulnerability assessment
- Security assessment
- Penetration test
- Security audit
- Security review

Validation phase - System Testing - Security Testing, Stress Testing, Performance Testing

Security Testing

Security testing attempts to verify that protection mechanisms built into a system will, in fact, protect it from improper penetration. During security testing, password cracking, unauthorized entry into the software, network security are all taken into consideration. The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, availability, authorization and non-repudiation.

Stress Testing

Stress testing executes a system in a manner that demands resources in abnormal quantity, frequency, or volume. The following types of tests may be conducted during stress testing are:
- Special tests may be designed that generate ten interrupts per second, when one or two is the average rate.
- Input data rates may increase by an order of magnitude to determine how input functions will respond.
- Test cases that require maximum memory or other resources.
- Test cases that may cause excessive hunting for disk resident data.
- Test cases that may cause thrashing in a virtual operating system.

Performance Testing

Performance testing of a web site is basically the process of understanding how the web application and its operating environment responds at various user load levels. In general, we want to measure the response time, throughput and utilization of the web site while simulating attempts by virtual users to simultaneously access the site. One of the main objectives of performance testing is to maintain a web site with low response time, high throughput, and low utilization.