January 18, 2009

Explain the methods and techniques used for Security Testing.

Security testing can be performed in many ways like,
· Black Box Level
· White Box Level
· Database Level

Black Box Level
· Session Hijacking
Session Hijacking commonly called as “IP Spoofing” where a user session will be attacked on a protected network.
· Session Prediction
Session Prediction is a method of obtaining data or a session ID of an authorized user and gets access to the application. In a web application the session ID can be retrieved from cookies or URL.
The Session Prediction happening can be predicted when a website is not responding normally or stops responding for an unknown reason.
· Email Spoofing
Email Spoofing is duplicating the email header (“From” address) to look like originated from actual source and if the email is replied it will land in the spammers inbox. By inserting commands in the header the message information can be altered. It is possible to send a spoofed email with information you didn’t write.
· Content Spoofing
Content spoofing is a technique to develop a fake website and make the user believe that the information and website is genuine. When the user enters his Credit Card Number, Password, SSN and other important details the hacker can get the data and use if for fraud purposes.
· Phishing
Phishing is similar to Email Spoofing where the hacker sends a genuine look like mail attempting to get the personal and financial information of the user. The emails will appear to have come from well known websites.
· Password Cracking
Password Cracking is used to identify an unknown password or to identify a forgotten password
Password cracking can be done through two ways,
1. Brute Force – The hacker tries with a combination of characters within a length and tries until it is getting accepted.
2. Password Dictionary – The hacker uses the Password dictionary where it is available on various topics.

White Box Level
· Malicious Code Injection
SQL Injection is most popular in Code Injection Attack, the hacker attach the malicious code into the good code by inserting the field in the application. The motive behind the injection is to steal the secured information which was intended to be used by a set of users.
Apart from SQL Injection, the other types of Malicious code injection are XPath Injection, LDAP Injection, and Command Execution Injection. Similar to SQL Injection the XPath Injection deals with XML document.
· Penetration Testing
Penetration Testing is used to check the security of a computer or a network. The test process explores all the security aspects of the system and tries to penetrate the system.
· Input Validation
Input validation is used to defend the applications from hackers. If the input is not validated mostly in web applications it could lead to system crashes, database manipulation and corruption.
· Variable Manipulation
Variable manipulation is used as a method for specifying or editing the variables in a program. It is mostly used to alter the data sent to web server.

Database Level
· SQL Injection
SQL Injection is used to hack the websites by changing the backend SQL statements, using this technique the hacker can steal the data from database and also delete and modify it.

Bookmark this Blog to your Favorites

14 Comments:

Anonymous Anonymous said...

Hey there I am so grateful I found your website, I really
found you by error, while I was looking on Digg for something else, Anyhow
I am here now and would just like to say thanks for a remarkable post and a all round exciting blog
(I also love the theme/design), I don't have time to go through it all at the minute but I have book-marked it and also included your RSS feeds, so when I have time I will be back to read a lot more, Please do keep up the superb job.

my weblog :: corporate gifts Kwazulu Natal

7:22 AM  
Anonymous Anonymous said...

Hey there! Would you mind if I share your blog
with my twitter group? There's a lot of people that I think would really appreciate your content. Please let me know. Many thanks

Also visit my website - accountant

7:57 PM  
Anonymous Anonymous said...

Wonderful, what a weblog it is! This weblog gives helpful facts to
us, keep it up.

Stop by my website; fridge repairs

8:54 PM  
Anonymous Anonymous said...

Touche. Outstanding arguments. Keep up the good effort.


Feel free to visit my blog ... germany

9:02 PM  
Anonymous Anonymous said...

It's in fact very complicated in this busy life to listen news on TV, so I just use world wide web for that reason, and take the hottest information.

Feel free to visit my blog - vakantiehuis

10:06 PM  
Anonymous Anonymous said...

Woah! I'm really digging the template/theme of this site. It's simple,
yet effective. A lot of times it's hard to get that "perfect balance" between usability and visual appeal. I must say that you've done a awesome job with this.
Additionally, the blog loads super fast for me on Firefox.
Excellent Blog!

My blog ... vakantiehuisjesfrankrijk.wordpress.com

8:53 AM  
Anonymous Anonymous said...

Fantastic beat ! I wish to apprentice while you amend your website, how could i
subscribe for a blog site? The account aided me a acceptable deal.

I had been a little bit acquainted of this your
broadcast provided bright clear idea

my weblog ... vakantiehuisjes frankrijk huren

9:40 AM  
Blogger TestWithUs said...

SWIFT Interview questions on

http://testwithus.blogspot.in/p/swift.html

For selenium solution visit
http://testwithus.blogspot.in/p/blog-page.html


For QTP interview questions

http://testwithus.blogspot.in/p/qtp-questions.html


www.searchyourpolicy.com



10:42 AM  
Anonymous Anonymous said...

Hey would you mind sharing which blog platform you're using? I'm looking to
start my own blog in the near future but I'm having a hard time deciding between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your layout seems different then most blogs and I'm looking for something completely unique.

P.S My apologies for being off-topic but I had to ask!

Also visit my blog post; vakantiehuis

12:05 AM  
Anonymous Anonymous said...

Wonderful blog! I found it while searching on Yahoo News.
Do you have any tips on how to get listed in Yahoo News?
I've been trying for a while but I never seem to get there! Appreciate it

Visit my page vacature arnhem

11:04 AM  
Anonymous Anonymous said...

Great delivery. Sound arguments. Keep up the good effort.


Review my web site :: http://grotevakantiehuizen.wordpress.com

9:32 AM  
Anonymous Anonymous said...

Nice blog! Is your theme custom made or did you download
it from somewhere? A design like yours with a few simple adjustements
would really make my blog shine. Please let me
know where you got your theme. Thank you

Here is my webpage: huis huren frankrijk ()

10:06 AM  
Anonymous Anonymous said...

Inspiring story there. What happened after? Good luck!


Here is my web page; vakantiehuisje frankrijk []

3:13 AM  
Anonymous Anonymous said...

My brother recommended I might like this website.
He was entirely right. This post truly made my day. You cann't imagine simply how much time I had spent for this info! Thanks!

my blog post - vakantiehuisjes frankrijk

1:59 AM  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home