Professional Documents
Culture Documents
ASSURANCE
Course Outline
Course Outline (Cont….)
Course Contents
Lecture 11 Cost of Quality
Lecture 12 Software Quality Metrics
Lecture 13 Introduction of Testing Tool (Guest Lecture)
Lecture 14 Course Recap
LECTURE # 14
APPLICATION’S SECURITY
TESTING
Application Security Testing
(AST)
What is AST?
Application security testing (AST) is the process of making
applications more resistant to security threats, by identifying
security weaknesses and vulnerabilities in source code.
It was started as manual process.
The large number of known vulnerabilities and threat vectors
require AST to be conducted using tools.
Broad Categories of AST
Internal Testing
In an internal test, a tester with access to an application behind
its firewall simulates an attack by a malicious insider. This
isn’t necessarily simulating a rogue employee. A common
starting scenario can be an employee whose credentials were
stolen due to a phishing attack.
Penetration Testing Methods
Blind Testing
In a blind test, a tester is only given the name of the enterprise
that’s being targeted. This gives security personnel a real-time
look into how an actual application assault would take place.
Double-blind Testing
In a double blind test, security personnel have no prior
knowledge of the simulated attack. As in the real world, they
won’t have any time to shore up their defenses before an
attempted breach
Penetration Testing Methods
Targeted Testing
In this scenario, both the tester and security personnel work
together and keep each other appraised of their movements.
This is a valuable training exercise that provides a security
team with real-time feedback from a hacker’s point of view.
SQL Injection (SQLi)
SQL injection is a web security
vulnerability that allows an attacker to
interfere with the queries that an
application makes to its database.
It generally allows an attacker to view
data that they are not normally able to
retrieve.
Transform the innocent SQL calls to a
malicious call.
Key Idea:
Input data from the application is
executed as code by the interpreter.
How it works?
Attacker
1. App sends Form to user. Form
2. Attacker submits form with User
SQL exploit data.
Pass ‘ or 1=1--
3. Application builds string
with exploit data.
4. Application sends SQL query
to DB. Firewall
5. DB executes query, including
exploit, sends data back to
application.
6. Application returns data to
user.
Web Server DB Server
SQL Injection Attack #1
Unauthorized Access Attempt:
password = ’ or 1=1 --
SQL statement becomes:
select count(*) from users where username = ‘user’
and password = ‘’ or 1=1 --
Checks if password is empty OR 1=1, which is always true,
permitting access.
SQL Injection Attack #2
Database Modification Attack:
password = foo’; delete from table users
where username like ‘%
DB executes two SQL statements:
select count(*) from users where username = ‘user’ and password
= ‘foo’
delete from table users where username like ‘%’
Injecting into SELECT