Abstract image of a woman sitting on books and studying on a laptop

Introduction to security testing raj

Download as PPTX, PDF
R
Rajakrishnan S, MCA,MBA,MA Phil,PMP,CSM,ISTQB-Test Mgr,ITIL

Security testing is the process of identifying vulnerabilities in a system to protect data and ensure intended functionality. It involves testing confidentiality, integrity, authentication, availability, authorization, and non-repudiation. The security testing process includes planning, vulnerability scanning, assessment, penetration testing, and reporting. Types of security testing include static application, dynamic application, and penetration testing. The OWASP Top 10 list identifies the most critical web application security risks.

Software
Related topics:
Security Testing ā€¢ Penetration-Testing
1 of 12
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
Introduction to Security Testing Prepared By Rajakrishnan Sadasivan, MCA MBA PMP CSM ITIL ISTQB(Advanced)
What is Security Testing ā€¢ Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. (Wikipedia). ā€¢ Security Testing is the process of identifying the vulnerabilities and use that vulnerability to penetrate to the application to identify the impact of it.
Elements of Security Testing Confidentiality disclosure of information to parties other than the intended recipient Integrity protecting information from being modified by unauthorized parties Authentication It involves confirming the identity of a person Availability Information must be kept available to authorized persons when they need it. Authorisation The process of determining that a requester is allowed to receive a service or perform an operation Ex: Access Control/Roles Non-reputation Non-repudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.
Security Testing Process Analysis & Planning Vulnerability Scanning Vulnerability Assessment Penetration (Attack) Test Report *Source: Created by Raj
Security Testing Process Process Description Analysis and Planning It is the phase where the security tester/Organisation gather information about the items under test such as application, Infrastructure, company security policy etc. A security test plan will be derived based on the analysis Vulnerability Scanning Vulnerability scanning will be done to identify the vulnerable points both application level and network level Vulnerability Assessment Vulnerability Assessment will be performed based on the vulnerability scanning result to summaries the possible vulnerable areas Penetration (Attack) Security tester tries to penetrate through the vulnerable points to identify the impact of it Test Report Penetration test report will be generated
Types of Security Testing ā€¢ Static Application Security Testing(SAST) ā€¢ SAST includes application security testing to identify the vulnerabilities of the application and test the impact of such vulnerabilities by trying to penetrate through those vulnerabilities in code level ā€¢ It is usually done by developers ā€¢ It is done with Open source Or commercial tools ā€¢ Dynamic Application Security Testing (DAST) ā€¢ DAST includes application security testing to identify the vulnerabilities of the application and test the impact of such vulnerabilities by trying to penetrate through those vulnerabilities ā€¢ It is usually done from inside the network ā€¢ It is done with Open source Or commercial tools ā€¢ Penetration Testing(PEN) ā€¢ Penetration testing typically includes network penetration testing and application security testing as well as controls and processes around the networks and applications ā€¢ It is more comprehensive than DAST ā€¢ It is done both from inside and outside the network ā€¢ It is mostly done with powerful commercial tools ā€¢ Vulnerability Assessment vs PEN Testing ā€¢ A vulnerability assessment simply identifies and reports noted vulnerabilities, whereas a penetration test attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible.
Best Practices ā€¢ Security testing will be conducted in an isolated environment which is similar to production environment setup ā€¢ Testing to be conducted from both internal and external networks ā€¢ Database backups to be taken before PEN TEST starts
OWASP ā€¢ Open Web Application Security Project(OWASP) ā€¢ The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software ā€¢ It is an online community, produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security ā€¢ OWASP Top Ten regularly published every year which list the top 10 vulnerabilities for the web application
OWASP TOP 10- 2018 Top 10 Description Injection Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attackerā€™s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Broken Authentication Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other usersā€™ identities temporarily or permanently. Sensitive Data Exposure Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Insufficient Logging & Monitoring Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data. Broken Access Control Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access other users' accounts, view sensitive files, modify other usersā€™ data, change access rights, etc.
OWASP TOP 10- 2018 Top 10 Description Security Misconfiguration Security misconfiguration is the most commonly seen issue. This is commonly a result of insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information. Not only must all operating systems, frameworks, libraries, and applications be securely configured, but they must be patched and upgraded in a timely fashion. Cross-Site Scripting (XSS) XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript. XSS allows attackers to execute scripts in the victimā€™s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites. Insecure Deserialization Insecure deserialization often leads to remote code execution Using Components with Known Vulnerabilities Components, such as libraries, frameworks, and other software modules, run with the same privileges as the application. Applications and APIs using components with known vulnerabilities may undermine application defenses and enable various attacks and impacts. Insufficient Logging & Monitoring Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data.
Security Testing Tools ā€¢ Open source Tools ā€¢ DAST ā€¢ OWASP ZAP ā€¢ https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ā€¢ SAST ā€¢ SonarQube ā€¢ https://www.owasp.org/index.php/OWASP_SonarQube_Project ā€¢ Reference ā€¢ https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools
References ā€¢ www.Wikipedia.org ā€¢ https://www.veracode.com ā€¢ https://www.owasp.org/index.php/Main_Page ā€¢ https://www.owasp.org/index.php/Category:Vulnerability_Scanning_ Tools ā€¢ https://www.owasp.org/images/7/72/OWASP_Top_10- 2017_%28en%29.pdf.pdf

More Related Content

PDF
The Complete Web Application Security Testing Checklist
Cigital
Ā 
PPT
Security testing
baskar p
Ā 
PDF
Testing Web Application Security
Ted Husted
Ā 
PPTX
Security Testing for Web Application
Precise Testing Solution
Ā 
PPTX
Security testing
Rihab Chebbah
Ā 
PPT
Get Ready for Web Application Security Testing
Alan Kan
Ā 
PPTX
What is security testing and why it is so important?
ONE BCG
Ā 
PDF
Cyber security series Application Security
Jim Kaplan CIA CFE
Ā 
The Complete Web Application Security Testing Checklist
Cigital
Ā 
Security testing
baskar p
Ā 
Testing Web Application Security
Ted Husted
Ā 
Security Testing for Web Application
Precise Testing Solution
Ā 
Security testing
Rihab Chebbah
Ā 
Get Ready for Web Application Security Testing
Alan Kan
Ā 
What is security testing and why it is so important?
ONE BCG
Ā 
Cyber security series Application Security
Jim Kaplan CIA CFE
Ā 

What's hot (20)

PPTX
Security Testing
Qualitest
Ā 
PDF
Soteria Cybersecurity Healthcheck-FB01
Richard Sullivan
Ā 
PPS
Security testing
Tabăra de Testare
Ā 
PDF
Web Application Security 101
Cybersecurity Education and Research Centre
Ā 
PDF
Web Application Security and Awareness
Abdul Rahman Sherzad
Ā 
PPTX
Security testing
Khizra Sammad
Ā 
PPTX
Web Application Security 101
Jannis Kirschner
Ā 
PPTX
Owasp
penetration Tester
Ā 
PDF
Owasp top 10
YasserElsnbary
Ā 
PPTX
OTG - Practical Hands on VAPT
shiriskumar
Ā 
PDF
Security Testing for Test Professionals
TechWell
Ā 
PDF
Security testing presentation
Confiz
Ā 
PDF
we45 - Web Application Security Testing Case Study
we45
Ā 
PPTX
Owasp first5 presentation
Ashwini Paranjpe
Ā 
PPTX
Security Testing Training With Examples
Alwin Thayyil
Ā 
PDF
OWASP Top 10 - 2017
HackerOne
Ā 
PPTX
Owasp top 10 2017
ibrahimumer2
Ā 
PPTX
A new web application vulnerability assessment framework
Mark Jayson Fuentes
Ā 
PPTX
Penetration Testing
RomSoft SRL
Ā 
PPT
Step by step guide for web application security testing
Avyaan, Web Security Company in India
Ā 
Security Testing
Qualitest
Ā 
Soteria Cybersecurity Healthcheck-FB01
Richard Sullivan
Ā 
Security testing
Tabăra de Testare
Ā 
Web Application Security 101
Cybersecurity Education and Research Centre
Ā 
Web Application Security and Awareness
Abdul Rahman Sherzad
Ā 
Security testing
Khizra Sammad
Ā 
Web Application Security 101
Jannis Kirschner
Ā 
Owasp
penetration Tester
Ā 
Owasp top 10
YasserElsnbary
Ā 
OTG - Practical Hands on VAPT
shiriskumar
Ā 
Security Testing for Test Professionals
TechWell
Ā 
Security testing presentation
Confiz
Ā 
we45 - Web Application Security Testing Case Study
we45
Ā 
Owasp first5 presentation
Ashwini Paranjpe
Ā 
Security Testing Training With Examples
Alwin Thayyil
Ā 
OWASP Top 10 - 2017
HackerOne
Ā 
Owasp top 10 2017
ibrahimumer2
Ā 
A new web application vulnerability assessment framework
Mark Jayson Fuentes
Ā 
Penetration Testing
RomSoft SRL
Ā 
Step by step guide for web application security testing
Avyaan, Web Security Company in India
Ā 
Ad

Similar to Introduction to security testing raj (20)

PDF
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Minded Security
Ā 
PDF
Owasp Top 10
Shivam Porwal
Ā 
PPTX
2.1 Web Vulnerabilities.pptx
MiteshVyas16
Ā 
PPTX
OWASP
Pen Testeronyguy
Ā 
PDF
OWASP Top Ten 2013
Alessandro Bonu
Ā 
PPTX
Owasp top 10 web application security risks 2017
Sampath Bhargav Pinnam
Ā 
PPTX
Web_Appication_Security_Training_For_Developers.pptx
xobewe1102
Ā 
KEY
EISA Considerations for Web Application Security
Larry Ball
Ā 
PDF
Application Security - Your Success Depends on it
WSO2
Ā 
PPTX
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Inman News
Ā 
PPTX
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
IBM Security
Ā 
PDF
Web hackingtools 2015
ColdFusionConference
Ā 
PDF
Web hackingtools 2015
devObjective
Ā 
PDF
Security Awareness
Lucas Hendrich
Ā 
PPTX
Allianz Global CISO october-2015-draft
Eoin Keary
Ā 
PDF
OWASP-Web-Security-testing-4.2
ICTperspectives
Ā 
PDF
OWASP Top Ten in Practice
Security Innovation
Ā 
PDF
What You Need to Know About Web App Security Testing in 2018
Ken DeSouza
Ā 
PDF
529 owasp top 10 2013 - rc1[1]
geeksec80
Ā 
PDF
529 owasp top 10 2013 - rc1[1]
geeksec0306
Ā 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Minded Security
Ā 
Owasp Top 10
Shivam Porwal
Ā 
2.1 Web Vulnerabilities.pptx
MiteshVyas16
Ā 
OWASP
Pen Testeronyguy
Ā 
OWASP Top Ten 2013
Alessandro Bonu
Ā 
Owasp top 10 web application security risks 2017
Sampath Bhargav Pinnam
Ā 
Web_Appication_Security_Training_For_Developers.pptx
xobewe1102
Ā 
EISA Considerations for Web Application Security
Larry Ball
Ā 
Application Security - Your Success Depends on it
WSO2
Ā 
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Inman News
Ā 
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
IBM Security
Ā 
Web hackingtools 2015
ColdFusionConference
Ā 
Web hackingtools 2015
devObjective
Ā 
Security Awareness
Lucas Hendrich
Ā 
Allianz Global CISO october-2015-draft
Eoin Keary
Ā 
OWASP-Web-Security-testing-4.2
ICTperspectives
Ā 
OWASP Top Ten in Practice
Security Innovation
Ā 
What You Need to Know About Web App Security Testing in 2018
Ken DeSouza
Ā 
529 owasp top 10 2013 - rc1[1]
geeksec80
Ā 
529 owasp top 10 2013 - rc1[1]
geeksec0306
Ā 
Ad

Recently uploaded (20)

PDF
Sanket Mhaiskar Resume - Senior Software Engineer (Backend, AI)
Sanket Mhaiskar
Ā 
PPTX
Improving Audience Engagement ROI with ERP-Powered Insights
SatishKumar2651
Ā 
PDF
How to Set Realistic Project Milestones and Deadlines
Orangescrum
Ā 
PDF
infoteam HELLAS company profile 2025 presentation
alexispapadimitriou
Ā 
PDF
Streamlining Project Management in Microsoft Project, Planner, and Teams with...
OnePlan Solutions
Ā 
PPTX
AI Tools Revolutionizing Software Development Workflows
amngrg0511
Ā 
PDF
Module 1 - Introduction to Generative AI.pdf
ElmerP1
Ā 
PPTX
DevOpsDays Halifax 2025 - Building 10x Organizations Using Modern Productivit...
Justin Reock
Ā 
PDF
Difference Between Website and Web Application.pdf
Secuodsoft
Ā 
PDF
Mobile App for Guard Tour and Reporting.pdf
ecomme9
Ā 
PPTX
UNIT II: Software design, software .pptx
SriSamyukthaSethuram
Ā 
PPTX
Chapter_05_System Modeling for software engineering
anant5150ca6
Ā 
PPTX
Greedy best-first search algorithm always selects the path which appears best...
abihanaqvi8
Ā 
PPTX
Swiggy API Scraping A Comprehensive Guide on Data Sets and Applications.pptx
FoodData Scrape
Ā 
PDF
Top AI Tools for Project Managers: My 2025 AI Stack
Sahil Aggarwal
Ā 
PPTX
ESDS_SAP Application Cloud Offerings.pptx
AAlam20
Ā 
PPTX
Beige and Black Minimalist Project Deck Presentation (1).pptx
omchoksi99
Ā 
PPTX
SAP Business AI_L1 Overview_EXTERNAL.pptx
AAlam20
Ā 
PPTX
FLIGHT TICKET API | API INTEGRATION PLATFORM
philipnathen82
Ā 
PPTX
StacksandQueuesCLASS 12 COMPUTER SCIENCE.pptx
manivarsh
Ā 
Sanket Mhaiskar Resume - Senior Software Engineer (Backend, AI)
Sanket Mhaiskar
Ā 
Improving Audience Engagement ROI with ERP-Powered Insights
SatishKumar2651
Ā 
How to Set Realistic Project Milestones and Deadlines
Orangescrum
Ā 
infoteam HELLAS company profile 2025 presentation
alexispapadimitriou
Ā 
Streamlining Project Management in Microsoft Project, Planner, and Teams with...
OnePlan Solutions
Ā 
AI Tools Revolutionizing Software Development Workflows
amngrg0511
Ā 
Module 1 - Introduction to Generative AI.pdf
ElmerP1
Ā 
DevOpsDays Halifax 2025 - Building 10x Organizations Using Modern Productivit...
Justin Reock
Ā 
Difference Between Website and Web Application.pdf
Secuodsoft
Ā 
Mobile App for Guard Tour and Reporting.pdf
ecomme9
Ā 
UNIT II: Software design, software .pptx
SriSamyukthaSethuram
Ā 
Chapter_05_System Modeling for software engineering
anant5150ca6
Ā 
Greedy best-first search algorithm always selects the path which appears best...
abihanaqvi8
Ā 
Swiggy API Scraping A Comprehensive Guide on Data Sets and Applications.pptx
FoodData Scrape
Ā 
Top AI Tools for Project Managers: My 2025 AI Stack
Sahil Aggarwal
Ā 
ESDS_SAP Application Cloud Offerings.pptx
AAlam20
Ā 
Beige and Black Minimalist Project Deck Presentation (1).pptx
omchoksi99
Ā 
SAP Business AI_L1 Overview_EXTERNAL.pptx
AAlam20
Ā 
FLIGHT TICKET API | API INTEGRATION PLATFORM
philipnathen82
Ā 
StacksandQueuesCLASS 12 COMPUTER SCIENCE.pptx
manivarsh
Ā 

Introduction to security testing raj

  • 1. Introduction to Security Testing Prepared By Rajakrishnan Sadasivan, MCA MBA PMP CSM ITIL ISTQB(Advanced)
  • 2. What is Security Testing ā€¢ Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. (Wikipedia). ā€¢ Security Testing is the process of identifying the vulnerabilities and use that vulnerability to penetrate to the application to identify the impact of it.
  • 3. Elements of Security Testing Confidentiality disclosure of information to parties other than the intended recipient Integrity protecting information from being modified by unauthorized parties Authentication It involves confirming the identity of a person Availability Information must be kept available to authorized persons when they need it. Authorisation The process of determining that a requester is allowed to receive a service or perform an operation Ex: Access Control/Roles Non-reputation Non-repudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.
  • 4. Security Testing Process Analysis & Planning Vulnerability Scanning Vulnerability Assessment Penetration (Attack) Test Report *Source: Created by Raj
  • 5. Security Testing Process Process Description Analysis and Planning It is the phase where the security tester/Organisation gather information about the items under test such as application, Infrastructure, company security policy etc. A security test plan will be derived based on the analysis Vulnerability Scanning Vulnerability scanning will be done to identify the vulnerable points both application level and network level Vulnerability Assessment Vulnerability Assessment will be performed based on the vulnerability scanning result to summaries the possible vulnerable areas Penetration (Attack) Security tester tries to penetrate through the vulnerable points to identify the impact of it Test Report Penetration test report will be generated
  • 6. Types of Security Testing ā€¢ Static Application Security Testing(SAST) ā€¢ SAST includes application security testing to identify the vulnerabilities of the application and test the impact of such vulnerabilities by trying to penetrate through those vulnerabilities in code level ā€¢ It is usually done by developers ā€¢ It is done with Open source Or commercial tools ā€¢ Dynamic Application Security Testing (DAST) ā€¢ DAST includes application security testing to identify the vulnerabilities of the application and test the impact of such vulnerabilities by trying to penetrate through those vulnerabilities ā€¢ It is usually done from inside the network ā€¢ It is done with Open source Or commercial tools ā€¢ Penetration Testing(PEN) ā€¢ Penetration testing typically includes network penetration testing and application security testing as well as controls and processes around the networks and applications ā€¢ It is more comprehensive than DAST ā€¢ It is done both from inside and outside the network ā€¢ It is mostly done with powerful commercial tools ā€¢ Vulnerability Assessment vs PEN Testing ā€¢ A vulnerability assessment simply identifies and reports noted vulnerabilities, whereas a penetration test attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible.
  • 7. Best Practices ā€¢ Security testing will be conducted in an isolated environment which is similar to production environment setup ā€¢ Testing to be conducted from both internal and external networks ā€¢ Database backups to be taken before PEN TEST starts
  • 8. OWASP ā€¢ Open Web Application Security Project(OWASP) ā€¢ The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software ā€¢ It is an online community, produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security ā€¢ OWASP Top Ten regularly published every year which list the top 10 vulnerabilities for the web application
  • 9. OWASP TOP 10- 2018 Top 10 Description Injection Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attackerā€™s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Broken Authentication Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other usersā€™ identities temporarily or permanently. Sensitive Data Exposure Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Insufficient Logging & Monitoring Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data. Broken Access Control Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access other users' accounts, view sensitive files, modify other usersā€™ data, change access rights, etc.
  • 10. OWASP TOP 10- 2018 Top 10 Description Security Misconfiguration Security misconfiguration is the most commonly seen issue. This is commonly a result of insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information. Not only must all operating systems, frameworks, libraries, and applications be securely configured, but they must be patched and upgraded in a timely fashion. Cross-Site Scripting (XSS) XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript. XSS allows attackers to execute scripts in the victimā€™s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites. Insecure Deserialization Insecure deserialization often leads to remote code execution Using Components with Known Vulnerabilities Components, such as libraries, frameworks, and other software modules, run with the same privileges as the application. Applications and APIs using components with known vulnerabilities may undermine application defenses and enable various attacks and impacts. Insufficient Logging & Monitoring Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data.
  • 11. Security Testing Tools ā€¢ Open source Tools ā€¢ DAST ā€¢ OWASP ZAP ā€¢ https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ā€¢ SAST ā€¢ SonarQube ā€¢ https://www.owasp.org/index.php/OWASP_SonarQube_Project ā€¢ Reference ā€¢ https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools
  • 12. References ā€¢ www.Wikipedia.org ā€¢ https://www.veracode.com ā€¢ https://www.owasp.org/index.php/Main_Page ā€¢ https://www.owasp.org/index.php/Category:Vulnerability_Scanning_ Tools ā€¢ https://www.owasp.org/images/7/72/OWASP_Top_10- 2017_%28en%29.pdf.pdf