View
1.166
Download
0
Embed Size (px)
Citation preview
1
Security Testing: What Can
We Do?
Hien Trinh Minh
Harvey Nash Vietnam
Presenter : Hien Trinh Minh
Background & Work experience:
Harvey Nash Vietnam : Testing Solution Architect More than 2 years of experience in Web Application Security Testing, Mobile Application Security Testing,
security analysis.
More than 12 years of experience in software testing for Telecom application and networking.
More than 7 years of experience in software testing for UMTS : Inter-Operability Test, Functional Network
Element Test, Field testing activities at 3G lab with live network.
Contact info:
2
Tech Agenda
• Introduction to Security Testing
• Open Web Application Security Project Top 10
• Security testing on OWASP Web Top 10
• Security Testing Tools
• Demo
3
Introduction to Security Testing
4
Security Testing Network Security Testing
Application Security Testing
Web App Security Testing
Mobile App Security Testing
Introduction to Security Testing (cont.)
5
• High Risks
– Allows an attacker to read or modify confidential data
belonging to other web sites. If exploited would compromise
data security, potentially allowing access to confidential
data, or could compromise processing resources in a user's
computer.
• Medium Risks
– Allows an attacker to obtain limited amounts of information.
That is limited to a significant degree by factors such as
default configuration, auditing, or is difficult to exploit.
• Low Risks
– Allows an attacker temporary control over non-critical
browser features. That has minimal impact and is extremely
difficult to exploit.
• Information
– Just provide information
High
Medium
Low
Information
Severity
OWASP TOP 10
6
A1: Injection
7
A1: Injection (cont.)
8
A2 : Broken Authentication and
Session Management
• Password not hashed/encrypted in
database
• No wrong password limit (Brute
force attack)
• Session id exposed in URL
• No session timeout
• Session id vulnerable to session
fixation.
9
A2 : Broken Authentication and
Session Management (cont.)
10
A3 : Cross Site Scripting (XSS)
11
A3 : Cross Site Scripting- XSS (cont.)
12
A4 : Insecure Direct Object References
• A direct object reference occurs when a developer exposes a reference to an
internal implementation object, such as a file, directory, database record, or
key, as a URL or form parameter.
13
A4 : Insecure Direct Object
References (cont.)
14
A5 : Security Misconfiguration
• Directories are listed and PHPinfo page has been found in this directory
15
A6 : Sensitive Data Exposure
16
Examples:
• Transmitting data in the clear text
e.g. non-SSL, URLs, login forms
over http
• Unencrypted credit card info
• Incorrect encryption
• Logging
A7 : Missing Function Level Access
Control
• Attacker notices the URL indicates his role
/user/Accounts
• He modifies it to another directory (role) /admin/Accounts
or /manager/Accounts
• Attacker views more accounts than just their own
17
A8 : Cross-Site Request Forgery
(CSRF)
18
A9 : Using Components with Known
Vulnerabilities
19
A10 : Unvalidated Redirects and
Forwards
20
Security Testing Tools
21
Demo
22
References
• https://www.owasp.org
• http://projects.webappsec.org
• http://code.google.com/p/owaspbwa
• https://www.hacking-lab.com/
• http://www.acunetix.com/
• https://portswigger.net/burp/
• https://www.mavensecurity.com/resources/web-security-dojo/
• https://sourceforge.net/projects/samurai/files/
• http://www.bonsai-sec.com/en/research/moth.php
• Books:
The_Basics_of_Hacking_and_Penetration_Testing__Ethical_Hacking_and_Penetration_Testing_Made_
Easy
• -the-web-application-hackers-handbook
• -HowtoBreak
• -Hacking attacks and Examples Test
23
Q & A
© 2014 HCMC Software Testing Club
THANK YOU