Security testing (Security Testing)

Safety test (Security Testing) It refers to the process of verifying the security level of the application and identifying potential security defects , Its main purpose is to find out the potential safety hazards in the program design of the software itself , And check the application's ability to prevent illegal intrusion , Different safety indicators , The test strategy is also different .

But safety is relative , Security testing does not ultimately prove that the application is secure , It can only verify the effectiveness of the set strategy , These countermeasures are selected based on the assumptions made in the threat analysis stage . for example , Test the operation of the application software to prevent unauthorized internal or external users from accessing or deliberately destroying .

Software security is an important sub field in the software field , The system security test includes the security of application program and operating system . And system security includes two aspects of testing ： One is software vulnerability , Design defects or procedural problems ; The second is the security of the database , This is also the core of system security .

The common methods of safety testing are as follows ：

(1) Static code checking

Static code inspection mainly tests the security of source code by means of code walking , Common code checking methods include data flow 、 control flow 、 Information flow, etc , Match with the security rule base through these test methods , And then discover potential security vulnerabilities . Static code checking methods are mainly tested in the coding phase , Find security problems as early as possible .

(2) Dynamic penetration testing

Dynamic penetration testing method mainly simulates the input of hackers with the help of tools or manual , Test the security of the application , And then find the security problems in the system . Dynamic penetration test is generally carried out in the system test stage , But the coverage rate is low , Because it is difficult to cover all the possibilities in the testing process , Only try to provide more test data to achieve higher coverage .

(3) Data in the scanner

The security of the system emphasizes , Data must be safe during program operation , Cannot be destroyed , Otherwise, it will lead to buffer overflow attacks . Data scanning is mainly to test the memory , Try to find vulnerabilities such as buffer overflow , This is also difficult to test for static code inspection and dynamic penetration testing .

From user authentication 、 The Internet 、 Database and Web Conduct safety test from four angles , We need to pay attention to the following aspects ：

(1) User authentication security test

1. Different user permission settings in the system ;
2. Whether there are conflicts among users in the system ;
3. The system should not be confused by changes in user permissions ;
4. Whether the system user password is encrypted 、 Is it possible to duplicate ;
5. Whether you can log in to the system through an absolute way ;
6. Whether to delete the relevant information when the user logs in after exiting ;
7. Whether you can use the exit key to enter the system without entering the password .
8. Whether the protective measures are correctly assembled , Whether the system patch is correct ;
9. Unauthorized attacks , Check the correctness of the protection strategy ;

（4) Use network vulnerability tools to check system related vulnerabilities ( The two commonly used tools are NBSI and IPhackerIP);

（1) Collect Trojan tools , Check the Trojan horse ;
（2) Use various plug-in prevention tools to check program plug-in vulnerabilities .
（3） Database security test
（1) Whether the database has the function of backup and recovery ;
（2) Whether to encrypt data ;
（3) Is there a security log file ;
（4) irrelevant IP Blocking access ;
（5) The user password uses a strong password ;
（6) Different users are given different permissions ;
（7) Whether to use views and stored procedures ;

(5)Web Safety test

1. Deployment and infrastructure ;
2. Input validation ;
3. Authentication ;
4. to grant authorization ;
5. Configuration Management ;
6. sensitive data ;
7. session management ;
8. encryption ;
9. Parameter operation ;
10. Exception management ;
11. Auditing and logging ;
    juice-shop
    

One : Enter

, As long as there is a pop-up box, there is a loophole Be careful : Use punctuation marks in English !

Two : Use music software for external playback

1： NetEase cloud music Search your favorite songs ！！！

Copy the code , Copy to the search bar

DVWA

DVWA（Damn Vulnerable Web Application） It is used for security vulnerability identification PHP/MySQL Web application , It aims to provide a legal environment for security professionals to test their professional skills and tools , help web Developers have a better understanding of web The process of applying security precautions .

DVWA There are ten attack modules , Namely ：Brute Force（ violence （ Crack ））、Command Injection（ Command line injection ）、CSRF（ Cross-site request forgery ）、- File Inclusion（ File contains ）、File Upload（ Upload files ）、Insecure\CAPTCHA （ Insecure verification code ）、SQL Injection（SQL Inject ）、SQL Injection（Blind）（SQL Blind note ）、XSS（Reflected）（ Reflection Cross Station script ）、XSS（Stored）（ Stored cross site scripts ）. Contains OWASP TOP10 The practice environment of all attack vulnerabilities , One stop solution to all Web Infiltrated learning environment .
　　
　　 in addition ,DVWA You can also manually adjust the security level of the target source code , Respectively Low,Medium,High,Impossible, The higher the level , The stricter the safety protection , The more difficult it is to penetrate . commonly Low Level basically has no protection or is only the simplest protection , It's easy to penetrate success ; and Medium Will use some very rough protection , Users need to know how to bypass protective measures ;High Level of protection will greatly improve the level of protection , commonly High Level of protection requires a lot of experience to successfully penetrate ; Last Impossible It is basically impossible to infiltrate success , therefore Impossible The source code of can generally be referred to as the production environment Web The best means of protection
　　
Be careful : For beginners, this is modified as Low( primary )

One : Use 1’or 0=0 # Code to get all account information

Two : open , Modify level , Open file upload , Starting to break through
Create a new file

Long transmission document

Copy the file path
choice File Inclusion
Add the file path just copied to page= Back
Pictured :