Security testing can be done in many ways such as,

o Black box level

o White box level

o Database level

Black box level

Session hijacking

Session hijacking commonly called “IP Spoofing” where a user session will be attacked on a protected network.

o Session prediction

Session prediction is a method of obtaining data or a session ID of an authorized user and accessing the application. In a web application, the session ID can be retrieved from cookies or the URL.

Session prediction can be predicted when a website does not respond normally or stops responding for an unknown reason.

o Email spoofing

Email spoofing is duplicating the email header (“From” address) to make it look like it originated from the actual source, and if the email is replied to, it will reach the spammers’ inbox. By inserting commands in the header, you can modify the information in the message. It is possible to send a fake email with information that you did not enter.

o Content spoofing

Content spoofing is a technique to develop a fake website and make the user believe that the information and the website are genuine. When the user enters their credit card number, password, SSN and other important details, the hacker can obtain the data and use it for fraudulent purposes.

identity fraud

Phishing is similar to email spoofing, in which the hacker sends a genuine appearance like an email trying to obtain the user’s personal and financial information. The emails will appear to come from well-known websites.

o Password cracking

Password cracking is used to identify an unknown password or to identify a forgotten password

Password cracking can be done in two ways:

1. Brute force: the hacker tries with a combination of characters within a length and tries until it is accepted.

2. Password dictionary: The hacker uses the password dictionary where it is available on various topics.

White box level

o Malicious code injection

SQL Injection is most popular in Code Injection Attack, the hacker attaches the malicious code in the good code by inserting the field in the application. The motive behind the injection is to steal the secure information that was intended to be used by a set of users.

In addition to SQL injection, the other types of malicious code injection are XPath injection, LDAP injection, and command execution injection. Similar to SQL injection, XPath injection deals with XML documents.

Penetration tests

Penetration testing is used to verify the security of a computer or a network. The testing process explores all security aspects of the system and attempts to penetrate the system.

o Entry validation

Input validation is used to defend applications from hackers. If the input is not validated primarily in web applications, it could lead to system crashes, database manipulation, and corruption.

o Variable handling

Variable manipulation is used as a method of specifying or editing variables in a program. It is mainly used to alter the data sent to the web server.

Database level

OSQL injection

SQL injection is used to hack the websites by changing the backend SQL statements, using this technique the hacker can steal the database data and also delete and modify it.

Leave a comment

Your email address will not be published. Required fields are marked *