Part II : Security Testing Layer based best practice model

Our security testing engineers are expert in identifying ALL possible vulnerabilities in these staid categories



–          Importance and approach of security testing [Reconnaissance phase, Exploration phase and Exploitation phase]

–          Systematic security testing technique to find problem fast

–          Prioritizing and focusing on the most important security aspects of web application

–          Effective web application security strategy

–          Discovering common vulnerabilities and exploits

–          Web 2.0  Good and bad specific to security

–          Tips on Firefox Add on security tools[SQL injection, Access Me etc]

–          Web application Checklist to carry

Here are few complex examples of basic vulnerabilities where you can count on our expert for complete and accurate testing.

Complex Cookie Poisoning: Our testing team takes generic cookie poisoning attacks to a higher level and performs several key attacks on cookies such as SQL Injection in cookies, buffer overflows in cookies, numeric cookie prediction attacks and more. This is where tampering activity is found — not just in basic manipulation of cookies passed from server to browser.

Cookie Poisoning Attack: Cookie poisoning is an attack which alters the value of a cookie on the client side prior to a request to the server. With any response, a web server can send a “Set Cookie:” command and provide a string (that is, a cookie). Also, it is simple to change a cookie as it is just a file on the user’s hard drive in a folder called “cookies”.

Complex Parameter Tampering:  Our expert has pre-defined tests for each parameter to test for parameter tampering, but they stop short of determining the original value and won’t use it in order to modify the tests accordingly. When performing ecommerce site tests (manipulating price values in hidden parameters), team will keep the original currency format attached to new values (i.e. $ [price] USD) when sending new values. in fact, it’s one of our core expertise and complements its ability to increment or decrement numeric values out of observed ranges.

 SQL Injection / Port Listener Attacks: SQL Injection attacks allow a hacker to modify/manipulate the original SQL query that is executed by the web application, and change it to perform unauthorized actions on the back-end SQL server. In some cases, the output of the SQL Injection attack will not appear in the returning web page. Our experts uses add-on scanner to include a port listener mechanism, which accepts connections from the attacked database server (out-of-bound requests), to validate the existence of SQL Injection in 100 percent of such cases.

 Buffer outflow attack: Buffer Overflow is an attack that overruns the memory allocated to interpret a given parameter in an application. For instance, form might be expecting a ten-digit phone number in a certain field. If hundreds of digits are entered, the server application will eat into memory allocated to different tasks, often compromising the entire application and thereby the application servers or databases. Once the application is disabled in this way, user could upload codes that are to be executed by the server

 Cross site Scripting:  Cross site scripting is a kind of hacking technique that attacks client website. It can alter the appearance of the page, insert unwanted or offensive images or sounds, or otherwise interfere with the intended appearance and behavior of the page. It can even go to the extent of hacking user’s cookie. This is achieved by adding scripts in the form inputs.

 Broken Access Control or Forceful Browsing: In the web environment, there are many scripts and pages available on the web that can be accessed from different entry points. Users can jump directly to parts of the website which they should not be able to access. The popularization of the Google search engine has made this problem acute, since the Google technology can often find (and create public links to) interior pages of web sites which should only be accessed after passing through authentication pages. For instance, there are cases where developers leave few comments in the page that identify a file/path on the Web server that contains secured information.

 Client Variable management: In PEC the user details (first name, last name) are stored in client variables. And these details are stored in the registry as no storage method is specified in the code. This can cause performance degradation in high-traffic sites as the Registry will increase considerably in size, causing Cold Fusion server instability

 Dynamic Parameter Tampering:  In ecommerce site, there are dynamic parameters being sent as a query string with the URL and these parameters are sent to a page that queries the database and brings back the results. In this case, if the dynamic parameter is tampered with different values, for instance a different user id , then the information about the other users are available on the web.

 Hidden Field Manipulation: Different kinds of information like user details, user id, type of user etc are all passed through hidden fields across pages. These hidden variables can be viewed from the browser using ‘view source’. Hence the user can manipulate these values and submit to get undue access to the application.

Leave a Reply

Your email address will not be published. Required fields are marked *