Web sites are essentially
client/server applications they can be divided as web servers and 'browser'
clients. Consideration should be given to the interactions between HTML pages,
protocols, security, applications that run in web pages such as applets,
JavaScript, plug-in applications, and applications that run on the server side
such as CGI scripts, database interfaces, logging applications, dynamic page
generators, etc.
Additionally, there are a
wide variety of servers and browsers, various versions of each. Small but
sometimes significant differences between them, variations in connection
speeds, rapidly changing technologies, and multiple standards and protocols.
The end result is that testing for web sites can become a major ongoing effort.
Things to be considered for web
testing
a) What are the expected
loads on the server and does it meets the expected performance And the stress
b) What are the different browser(s)
capabilities of the application?
c) How is the connection speed internal &
external (real time)
d) What are the security
threats and how it is secured (firewalls, encryptions Etc)
e) How is the server recovery from down time or
an crash
f) What are the different injections or vulnerabilities
(SQL injection, cross site scripting?
Etc) that might occur and how it is handled
g)
How is the master slave severs performance, that is when one server is down how
effectually
the slave or the other server will come up (if configured)
h)
How is the web page layout, fonts, colors, text, graphics and user Interface?
Etc.
i) Cookie handling
Security vulnerability: -
Security vulnerability can
be said as threat to the application from unauthorized access
And corruption of the
application data. Following are the few security vulnerabilities.
Injection attacks
Cross
site scripting
Session
hacking
Form
tampering
Port
Scanning / Foot Printing
Injection Attacks:-
Following
are the different types of injections
SQL
injection
Ldap
injection
Command
Injection ETC
SQL Injection:-
Try
the following steps
a)
Open the Web site in a browser
b)
Find a script which has common scripting-language file extensions
Like .asp or .cfm
c)
The “search” filed of an application is the field most vulnerable The Uniform
Resource Locator (URL) on the
results page will likely contain a script. Also try hovering your cursor over
links while watching the Bottom status bar. If the status bar doesn't display
URLs click on links and watch the address bar until you find a URL that has
parameters.
Once
you are on a page whose URL contains parameters, you are ready to test for SQL
Injection vulnerability. There are two methods. Be sure to test each parameter
value, one at a time, with each method
Method 1:-
In
the address bar URL, highlight a parameter value. Replace it with a single
quote.
Method 2:-
Instead
of highlighting the entire parameter value, click inside the value and type a
single quote.
Ex: - http://www.exampl.com/abced/default.asp?rollnumID
= 12’23
And
click on send/enter/submit. Look for database error message
(Note) Sometimes the error message does not display
on screen. To find it, you may have to search the HTML source of the page.
(View | Source in Microsoft Internet Explorer or View | Page Source in Netscape.)
A document will open. Use that program's search tool to look for either of
these phrases:
Microsoft OLE DB
Or
[ODBC]
Other way to test for SQL Injection
If you are using the normal
string concatenation method of writing the code then you have to just enter the
following in this manner in the text box.
‘Or 1=1 ---
This will allow u to breach
into sql and if u know how to create a windows acc then follow it up with the
command, u well be able to create an account.
Cross Site Scripting:
Cross site scripting (also
known as XSS) occurs when a web application gathers malicious data from a user.
The data is usually gathered in the form of a hyperlink which contains
malicious content within it. The user will most likely click on this link from
another website
Try
out by dong this
Look for an URL like (http://webserver.com/...../Search?box=java),
See the value here which is
java and this value have been assigned to “box”. So now u needs to change this
URL to
And enter this new URL in
browser and say Enter, which would display the current session cookie which is
a serious security bug.
*** You need to learn some
stuff in URL syntax or manipulation or programming to give this script there.
You can’t just blindly give this anywhere in your URL.
Session ID hacking: -
A session is piece of code
that is encrypted or encoded into a randomly organized string. This is used by
the web server and browser for Authenticity /access to the authorized resource.
To hack a session ID we need to have a sniffer. For example in domain where
We have three systems. A,
B, C, system A has a web application, System B
Has a sniffer installed in
it and C has a web server installed on it
a)
Configure the sniffer and make it ready
b)
Do an authentication from the system which has the web application installed on
it
c) When it is successfully
authenticated and session is alive get the information from the
Sinffer –system B
d)
Since the captured information mostly in the machine language you need to Write
a small program to convert it to get
the clear information Get the session id , append this ID with in the URL and
access the Protected resources
*
NEED MORE R&D
