Software Testing Versus Website Vulnerability and Security Assessments

Software Testing Versus Website Vulnerability and Security Assessments

  • Differentiation between software testing and security assessments:

    • Software testing is a broader set of procedures than website security assessments.

    • It includes checks such as:

    • Verification and validation - Ensures the software meets the initial design requirements.

    • Error-free operation - Ensures the software operates as expected without errors.

    • Compatibility - Ensures the software works without issues with other applications.

    • Depending on the software development life cycle methodology, additional steps in the testing process may exist.

Website Components

  • Websites consist of four elements:

    • Web server software:

    • Examples include Microsoft's Internet Information Services or Apache HTTP Server.

    • Hardware server and operating system:

    • The underlying system that the web server runs on.

    • Software application:

    • The application that uses the web server to collect or distribute information.

    • Database:

    • Stores the information used by the application and/or web server.

  • Common implementation:

    • Involves three tiers of hardware and software:

    • Presentation tier - Web server with its hardware.

    • Application or logic tier - Software application with its hardware server.

    • Database tier - Database software and its hardware server.

    • Security can be enhanced by physically separating these tiers onto distinct hardware servers, though they can also be combined on shared servers for budget constraints.

Performing an Initial Discovery on the Targeted Website

  • First step in a website assessment: Identify website components for security testing, known as fingerprinting and enumeration.

    • Discovery tools determine:

    • IP addresses associated with the website.

    • Active services/applications (e.g., HTTP, DNS, FTP, Telnet, SMTP).

    • The operating systems of servers.

    • Known vulnerabilities with services, applications, or operating systems.

  • Commercial vs. Freeware Tools:

    • Commercial tools are more efficient and feature-rich, but freeware tools can also perform sufficient discovery activities.

Ping Sweep

  • Ping utility created in 1983:

    • Sends packets to IP addresses to determine if they are active.

    • Measures round-trip time for packet delivery.

    • Commonly used at the start of security assessments.

  • Ping Sweep:

    • Running the ping utility across a range of IP addresses to determine active addresses.

    • Saves time by narrowing down the number of IP addresses to assess or attack.

    • A ping sweep can complete scans for up to 254 hosts in less than 10 seconds under optimal conditions.

    • Warning: This can trigger intrusion detection systems (IDS), which may block scanning activities. Approvals from security administrators are strongly advised beforehand.

  • Tools for Ping Sweep:

    • Windows:

    • Pinkie, IP Address Tracker by SolarWinds, SuperScan by McAfee, Zenmap.

    • UNIX/Linux:

    • Hping, Nmap.

Nmap

  • Developed in the late 1990s: A tool for network scanning, widely used for identifying active ports and services.

  • Core features:

    • Ping Sweeping - Identifies live hosts.

    • Port Scanning - Identifies open/closed ports, focusing on the 1000 most commonly used TCP ports.

    • Operating System (OS) Detection - Identifies the OS running on a host.

    • Nmap Scripting Engine (NSE): Allows customization of scan aggressiveness and specific probing of ports/services. Includes over 100 scripts for various tasks.

  • Using Nmap:

    • Commonly used from command line on Linux; Zenmap is a Windows GUI version that simplifies scan configuration and execution.

  • Standard Nmap Scan:

    • Performs non-intrusive activities to avoid impacting the server:

    • Basic ping operations to check if the IP is alive.

    • MAC address detection for the scanned IP.

Operating System Fingerprinting

  • Importance: Knowing the OS helps assess which tools and attacks are relevant, as different OSs have unique vulnerabilities.

  • Tools for OS Fingerprinting: Nmap and Nessus, among others.

  • Using Nmap for OS Detection:

    • Execute the following command for results:

    • nmap -O IP_ADDRESS

    • Result example: OS details: Linux 2.6.19 2.6.31

Nessus Vulnerability and Port Scan

  • Origin: Began as an open-source application; now a commercial tool used widely for detecting vulnerabilities.

  • Modules: Thousands of plugins that relate vulnerabilities to OSs, services, applications, etc.

  • Scanning process: Create a policy, enter the target system information, and assess based on the selected policy.

  • Key Functionality: Can conduct both authenticated and unauthenticated scans, affecting the accuracy of vulnerability detection.