A Comprehensive Guide To Web based Application Security
Posted By : Smita Gupta | 12-Apr-2018
As we are testing the functionality and performance of a web-based application, it is also important to perform security testing before that particular application becomes live.
Security testing is performed to detect vulnerabilities in an application while ensuring that its data and other confidential information are protected and that particular application works according to its functionality and expectations.
Among the different kind of applications available in the market, web-based applications demand more security as they involve large amounts of important data and online transactions. The web apps must be tested to ensure that they are not vulnerable to any cyber-attacks.
In order to perform security testing for web applications, the tester must have good knowledge about HTTP protocol. He/she should have a clear understanding of how the client (browser) and server communicate using HTTP. The tester should also know basics of SQL injection and XSS. The security defects in web application is comparitively low, the tester must take note of each defect detected, in detail.
Approaches to do Security Testing of Web-based Applications
When we get an application to check if it is secure from the security point of view we always start with Reconnaissance process. In this, we gather information about the target.
This process is also known as foot-printing/fingerprinting. There is a very thin line difference between foot-printing and fingerprinting.
Foot-printing- Foot-printing is an information gathering process where we collect information about number of open ports, protocols which are being used at victim end and IDS and IPS related information.
Fingerprinting- This is also an information gathering technique. Following this technique we gather information about the servers/OS/server version related information.
There are two types of Recon which we perform-
- Active Reconnaissance
- Passive Reconnaissance
Active Recon-:
Active recon is something where an attacker collects information about the target directly and no mediator exists between target and attacker.
This information could be anything like open ports, running services, the database in use, IP addresses etc
For active recon we use below tools-
1. NMAP- NMAP is a scanning tool which works on Layer 3 of OSI model. It provides the information about the target. Using NMAP we can collect information about Open ports, running services, OS versions, server versions, database information, open methods which have been used. From the security point of view, only GET and POST methods should be allowed and rest should not be allowed. Only 80 and 443 ports should be allowed but rest ports should be closed.
We can run below commands-
Command 1- --sV—script –vuln –Pn www.abc.com ( We use this command to gather information if an application is vulnerable at Network layer of OSI model
Command 2- -O www.abc.com (We use this to gather information about running OS and relevant versions information which is being used at target end)
2. HTTRACK- It is a website copier tool and it downloads all HTML files which have been used in that particular application. After then we analyze the downloaded files to check if any sensitive info is available.
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Smita Gupta
Smita is a QA Engineer having experience in Manual and Automation testing and willing to take more experience and learning in new and different domains.