Software QA FYI - SQAFYI

Software Testing - Security Testing

By: Anand Ramdeo

Security Testing is very important in today's world, because of the way computer and internet has affected the individual and organization. Today, it is very difficult to imagine world without Internet and latest communication system. All these communication systems increases efficiency of individual and organization by multifold.

Since every one from individual to organization, uses Internet or communication system to pass information, to do business, to transfer money it becomes very critical for the service provider to make sure that information and network are secured from the intruders.

Primary purpose of security testing is to identify the vulnerabilities and subsequently repairing them. Typically, security testing is conducted after the system has been developed, installed and is operational. Unlike other types of testing, network security testing is performed on the system on the periodic basis to make sure that all the vulnerabilities of the system are identified.

Network security testing can be further classified into following types

Network Scanning
Network scanning involves using a port scanner to identify all hosts potentially connected to an organization's network, the network services operating on those hosts, such as the file transfer protocol (FTP) and hypertext transfer protocol (HTTP), and the specific application running the identified service, such as Internet Information Server (IIS) and Apache for the HTTP service. The result of the scan is a comprehensive list of all active hosts and services, printers, switches, and routers operating in the address space scanned by the port-scanning tool, i.e., any device that has a network address or is accessible to any other device. Port scanners, such as nmap, first identify active hosts in the address range specified by the user using Transport Control Protocol/Internet Protocol (TCP/IP) Internet Control Message Protocol (ICMP) ECHO and ICMP ECHO_REPLY packets. Once active hosts have been identified, they are scanned for open TCP and User Datagram Protocol (UDP) ports that will then identify the network services operating on that host.

All basic scanners will identify active hosts and open ports, but some scanners provide additional information on the scanned hosts. The information gathered during this open port scan will often identify the target operating system. This process is called operating system fingerprinting. For example, if a host has TCP port 135 and 139 open, it is most likely a Windows NT or 2000 host.

While port scanners identify active hosts, services, applications and operating systems, they do NOT identify vulnerabilities (beyond some common Trojan ports). Vulnerabilities can only be identified by a human who interprets the mapping and scanning results. From these results, a qualified individual can ascertain what services are vulnerable and the presence of Trojans. Although the scanning process itself is highly automated, the interpretation of scanned data is not.

Purpose of network port scanning is to
* Check for unauthorized hosts connected to the organization’s network
* Identify vulnerable services
* Identify deviations from the allowed services defined in the organization’s security policy
* Prepare for penetration testing
* Assist in the configuration of the intrusion detection system (IDS)
* Collect forensics evidence

Password Cracking
Password cracking programs can be used to identify weak passwords. Password cracking verifies that users are employing sufficiently strong passwords. Passwords are generally stored and transmitted in an encrypted form called a hash. When a user logs on to a computer/system and enters a password, a hash is generated and compared to a stored hash. If the entered and the stored hashes match, the user is authenticated.

An automated password cracker rapidly generates hashes until a match is found. The fastest method for generating hashes is a dictionary attack that uses all words in a dictionary or text file. Another method of cracking is called a hybrid attack, which builds on the dictionary method by adding numeric and symbolic characters to dictionary words. Depending on the password cracker being used, this type of attack will try a number of variations. The attack tries common substitutes of characters and numbers for letters

The most powerful password-cracking method is called the brute force method. Brute force randomly generates passwords and their associated hashes. However since there are so many possibilities it can take months to crack a password. Theoretically all passwords are “crackable” from a brute force attack given enough time and processing power.

Full article...

Other Resource

... to read more articles, visit

Software Testing - Security Testing