Web Application Security Testing
Web application security testing is a hard task because it requires expert human investigation and cannot be performed automatically. In the current article we will describe it independently and without emphasizing on a specific tool.
First, please note that no tool / application can provide complete and correct estimation of the web application security. This is because all available tools such as Wapiti, Acunetix and others use known patterns and try to execute general or known exploits. Also, these applications often follow the links on the site or search for specific URLs. However, the vulnerable script might not be always linked and thus they will never test it.
Also, there are always unknown and / or 0 day vulnerabilities. Thus when you perform web application security testing you must follow the idea that everything is vulnerable and try to secure it.
Thus when you perform web application security testing follow this checklist:
1. What is the mainframe of the site and how it is built:
A. If it is a popular web application ensure it is the latest version. Of course, ensure that this application is still developed and supported. It may sound absurd but popular applications such as OsCommerce are no longer developed and even if you have the latest version your site is still vulnerable.
B. If it is a framework, ensure that it is the latest version for the corresponding branch. Maintaining a web site built on top of a framework (Zend framework, CakePHP, Codeigniter and so on) is a little bit harder and the trade-off is that you get more programming freedom and power but not always security.
C. Custom code is hardest to maintain, especially if you are not the one who initially started the project. In this case it might be easier to recreate the site anew with a popular web application / framework than to secure the custom code someone else wrote years ago.
2. Once you make sure the website base / framework is secure, check the extensions. Almost any site includes external code such as foreign extensions, components, modules, plugins and so on. <em>Vulnerable extensions are the most frequent source of security problems.</em> As before, ensure that all extensions are still maintained and up to the latest version.
3. Ensure the admin / user privileges are safe and as restricted as possible. Try to limit admin access in more than one way and implement IP based restrictions wherever possible. Most of the sophisticated attacks are executed through a compromised user login which gives the necessary privileges to run a local exploit.
Web application security testing is a very serious task and requires advanced programming skills. If you have doubts that you can complete it try to find a security expert.
blog comments powered by Disqus