Security Testing

Please download to get full document.

View again

of 17
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Similar Documents
Information Report
Category:

Technology

Published:

Views: 0 | Pages: 17

Extension: PDF | Download: 0

Share
Description
1. Security Testing Name-Akshay.Mohan Student Id-6216754 2. Agenda What is Security Testing The Use of Security Testing Different Types of Security Testing 3. What Is…
Transcript
  • 1. Security Testing Name-Akshay.Mohan Student Id-6216754
  • 2. Agenda What is Security Testing The Use of Security Testing Different Types of Security Testing
  • 3. What Is Security Testing Security testing helps to protect the data as well as the system functionality. It protects the privacy of the system. Unauthorized access to the system is prevented. Loopholes and weakness in the system can be found.
  • 4. The Use of Security Testing Pinpoint any vulnerabilities and repair them. Improving system efficiency and system performance.
  • 5. Focus Areas Network security System software security Client-side application security Server-side application security
  • 6. Types of Security Testing
  • 7. Vulnerability Scanning Detects and classifies system weaknesses in computers. Attack surface to a database of information about known. Errors and reboots, reducing productivity. Two approaches authenticated and unauthenticated scans.
  • 8. Penetration Testing
  • 9. Risk Assessment • It is the likelihood of financial loss to the organization.
  • 10. Cross Site Scripting • It is an attack which is normally performed on web applications. • In this attack, malicious client side script is injected into the application side.
  • 11. Session Management and Broken Authentication The attacker tries to take advantage of the following- Session Id are exposed. In the url session Id are exposed. User authentication details are not stored safely.
  • 12. Example • Example-A travel reservations application supports URL rewriting, putting session IDs in the URL. http://example.com/sale/saleitems;jsessionid =2P0OC2JSNDLPSKHCJUN2JV?dest=Haw aii • Risk Session Id is being compromised here.
  • 13. Piggy Backed • The attacks injects additional queries into the original queries. • This helps the attacker modify or access the data. • So there would be multiple queries. normal SQL statement + ";" + INSERT (or UPDATE, DELETE, DROP) <rest of injected query>
  • 14. Inference Attack It’s a type of SQL injection attack, where a conditional construct is used. This attack relies on program errors or time delays. MALICIOUS PARAMETER (INFERENCE ATTACK ON SQL SERVER). 1; IF SYSTEM_USER='sa' SELECT 1/0 ELSE SELECT 5 QUERY GENERATED (TWO POSSIBLE OUTCOMES FOR THE INJECTED IF). SELECT name, email FROM members WHERE id=1; IF SYSTEM_USER='sa' SELECT 1/0 ELSE SELECT 5
  • 15. Code Verification Before Code Implementation The security of the code must be considered. During the programming phase • The code must be reviewed. • Code Security audits • Pair programming After the Coding phase • Penetration Testing • Security Audits
  • 16. Security audits This is a process in which series of security checks Are carried out. Penetration testing- testing the system for Vulnerability by ethical hackers. Risk analysis- Finding out the possible outcomes in case of system getting compromised.
  • 17. References Al-Ahmad, O. B. A.-K. a. M. A. (2015). "Survey of Web Application Vulnerability Attacks." 4th International Conference on Advanced Computer Science Applications and Technologies: 154-158. D. Huluka and O. Popov (2012). "Root cause analysis of session management and broken authentication vulnerabilities." World Congress on Internet Security 82-86. Ding, J. Y. a. S. (2011). "A method for detecting buffer overflow vulnerabilities." IEEE 3rd International Conference on Communication Software and Networks: 188-192. G. Raj, M. M. a. D. S. (2018). "Security Testing for Monitoring Web Service using Cloud." International Conference on Advances in Computing and Communication Engineering.
  • We Need Your Support
    Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

    Thanks to everyone for your continued support.

    No, Thanks
    SAVE OUR EARTH

    We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

    More details...

    Sign Now!

    We are very appreciated for your Prompt Action!

    x