Security Testing - Overview
Security Testing is quite a vast field. I had a different vision before I attended a training on Security, but the entire concept changed after the training. Visioning myself as a cool hacker (Just to note Hackers are people who want to improve Security by pointing flaws in code which have potential loopholes for crackers or hijackers to enter) after watching Die Hard 4, I had different opinion. I assumed it to be a pretty straight forward job for guys who are geeks. Alas hacking is not so simple, but extremely challenging and can be very frustrating at times.

[New] - Security Checklist and Report

Hacking is involved in 4 stages
1) Reconnaissance - To completely understand the application
2) Foot Printing Target - To create a sample application for Cracking
3) Discovering Vulnerabilities
4) hacking, Cracking or attacking.
Thus Security Testing also contains the same 4 steps except the last one. The last step would be replaced with
4) Providing Security Tips to avoid vulnerabilities

Hacking can happen due to these Major Reason
1) Weakness in Custom Application
2) Architectural Flaws
3) Flawed Design Configurations and Code

5 Classes of Code Vulnerability
1) Security Related Information
a) Weak or Non Standard Cryptography
b) Non Secure N/w Communications
c) Application Configuration Vulnerabilities
d) Access Control Vulnerabilities
i) Unprotected Database and File System Use
ii) Dynamic Code Vulnerabilities
iii) Native Code Loading
iv) Data Storage Vulnerabilities
v) Authentication Errors
Access to page through URL where no access is permitted by caching in Local M/C or Server
2) Input / Output Validation and Encoding Errors
a) SQL Injection
b) Cross Site Scripting – Unsuspecting Users to execute or access malicious code
i) Stored Attacks
ii) Reflected Attacks
Stealing Session and disclosure of information
Can be avoided by “HTML Entity Encoded”
c) OS Injection
d) Custom Cookie / Hidden Field Validation
3) Error Handling and logging Vulnerabilities
a) Insecure Error Handling
b) Insecure or Inadequate Logging
4) Insecure Components – Malicious Code
a) Unsafe Native Methods – Accessing System Resources Directly and not through Interfaces which pose threat id unsafe coding standards are followed
b) Unsupported Methods
5) Coding Errors
a) Buffer Overflow Vulnerabilities
b) Format String Vulnerabilities
c) Denial of Service Errors
d) Privilege Escalation Errors
e) Race Conditions
"The Path to a Secure Application: A Source Code Security Review Checklist"
Security in SAAS becomes of critical importance as then all details are now open to anybody over the internet. Thus the traditional methodology of speed, feature set and ease of use are not supplemented with Security and very soon Security will be of Highest importance.

The methodologies of Hacking are
1) Cross Site Scripting - 21% of hacking happens here
2) Injection Flaws - Traditional SQL injection
3) Uploading Malicious File
4) Insecure Direct Object Reference
5) Information Leakage - 73% of hacking happens here
6) Insecure Cryptography
7) Insecure Storage
8) Insecure Communication
9) Failure to restrict URL Access
10)Cross Site Request Forgery
11)Hidden form elements

Some Common Terminologies in the World of Security Testing
1) Phishing
2) Cross Site Scripting
3) SQL injection
4) Profiling
5) Same Origin Policy

Reasons for Hacking
1) For Fame to prove the world that you are the BEST
2) To Steal sensitive Information
3) To Deface a site, company
4) To plant Malicious Software for Gains