What is Security Testing

• Security testing ensures that the system is protected from unauthorized access, vulnerabilities, and data breaches. It aims to identify flaws in the application that attackers could exploit.

Security Testing Concepts (1 - 3)

1 - Authentication

• Ensure only legitimate users can log in.

• Prevent bypassing of login mechanisms.

• Protect credentials during transmission and storage.

• Validate session handling post-authentication.

• Common Tests:

  • Brute Force Protection - Try password-guessing attack. ie: Manual or Automated. Check for account lockout, CAPTCHA, or rate-limiting.

  • Credential Stuffing - Use known leaked credentials to test if reused passwords are accepted.

  • Default or Weak Credentials - Attempt login with common/default usernames & passwords (admin/admin, test/test).

  • Password Policy Validation - Check if the system enforces strong password rules ie: Length and Complexity.

  • Multifactor Authentication (MFA) - Verify if MFA is implemented and cannot be bypassed. Test for OTP reuse or predictability.

  • Session Management Testing - Ensure sessions are invalidated on logout. Test for session fixation or reuse. Ensure session IDs are random and stored securely.

  • Authentication Bypass - Bypass login via path manipulation, parameter tampering, or logic flaws.

  • Forgot Password / Reset Flows - Test for token predictability, expiration, and reuse. Check if email / username enumeration is possible.

  • Transport Security - Ensure credentials are sent over HTTPS only. Check for secure cookie flags: HttpOnly, Secure.

  • Enumeration Prevention - Confirm that login responses are generic for both valid/invalid usernames.

2 - Authorization

• Verify that users can only access permitted features.

• Prevents unauthorized access to sensitive data.

• Stops users from performing restricted actions. ie: Deleting data they shouldn't.

• Critical for avoiding privilege escalation attacks. ie: Normal users gaining admin rights.

• Common Tests:

  • Role-based Access Control (RBAC) - Users can only access actions / data for their role. Check if "user" can't access "admin" panel.

  • Object-Level Access - Users can only access their own data. Check if User A can't see User B’s profile.

  • Function Access - Check if users can perform only allowed functions. Check if a viewer shouldn't be able to "edit" or "delete".

  • URL or API Access - Manually tamper with URLs or API requests to see if hidden / admin pages are exposed.

  • Parameter Tampering - Change IDs or parameters in ie: API or web forms to access other users’ data.

3 - Confidentiality

• Data must be protected from unauthorized access.

• Ensure data is encrypted in transit and at rest.

• Detect information leakage through errors, responses, or misconfigurations.

• Common Tests:

  • Access Control Verification - Test if users can access or view data not meant for them. Use IDOR (Insecure Direct Object Reference) techniques.

  • Transport Layer Security - Ensure data is transmitted over HTTPS. Check for weak TLS configurations or support for deprecated protocols (e.g., SSLv3, TLS 1.0).

  • Data Exposure via APIs - Verify that API responses don’t expose sensitive fields like passwords, tokens, or internal IDs. Use Postman or Burp Suite to inspect responses.

  • Sensitive Data in Logs or Error Messages - Cause errors intentionally and inspect if sensitive data is leaked (e.g., stack traces, DB info, credentials).

  • Data Storage Security - Confirm encryption of stored sensitive data. Check DB dumps, backups, or temp files for plaintext information.

  • Insufficient Authorization - Attempt to access resources with another user’s token or session. Use tools like Burp Suite to swap session cookies or tokens.

  • Information Disclosure via Headers or Metadata - Inspect HTTP headers for server info and debug data. Look for exposed internal IPs, paths, or email addresses.

  • File Upload and Download Access Control - Upload a file and try accessing it without auth. Attempt to access other users' uploaded files via path manipulation.

  • Directory Listing and Path Traversal - Check if sensitive files. ie: .env, config, db.sqlite are accessible. Try ../ traversal attacks to move up the directory structure.

Security Testing Concepts (4 - 5)

4 - Integrity

• Ensure data remains unaltered during transit or storage.

• Prevents tampering or unauthorized modifications.

• Ensures trustworthiness of data ie: Financial, Healthcare, and Legal Systems.

• Protects against insider threats, hacking, and accidents that could corrupt data.

• Common Tests:

  • Data Modification Protection - Unauthorized users can't edit or delete data.

  • Data Transmission Integrity - Data sent over the network is not modified during transmission.

  • Database Integrity - No direct database changes without proper validation and authorization.

  • File Integrity - Files ie: Configuration Files and Log Files are not altered without authorization.

  • Input Validation - Applications properly validate and sanitize input to prevent malicious changes. ie: SQL Injection.

  • Transaction Integrity - Multi-step processes ie: Financial Transactions are fully completed or rolled back safely.

5 - Availability

• Verify the system is resilient to denial-of-service (DoS) attacks.

• Prevents downtime ie: Service Being Unavailable which can cause lost revenue, damaged reputation, and legal issues.

• Ensures critical systems ie: Healthcare, Banking and Government are always operational.

• Common Tests:

  • Denial of Service (DoS) Resilience - Can the system handle or defend against high traffic or malicious traffic?

  • Resource Consumption - Is the system vulnerable to attacks that consume CPU, memory, disk, or network bandwidth?

  • Failover and Redundancy - If a server fails, does the system switch to a backup smoothly?

  • Recovery and Backup - Can the system recover quickly after a failure. ie: Hardware Crash and Cyberattack?

  • Rate Limiting and Throttling - Are there controls to limit abusive users and bots?

  • System Monitoring and Alerting - Are issues detected and alerted early?

Common Vulnerabilities (OWASP Top 10)

• The OWASP (Open Web Application Security Project) provides a list of the most critical web security risks.

• Injection Attacks (SQL Injection, Command Injection) - Occurs when untrusted data is sent to an interpreter, such as SQL.

-- Bypasses authentication

SELECT * FROM users WHERE username = 'admin' OR 1=1;

• ** Cross-Site Scripting (XSS)** - Allows attackers to inject malicious scripts into web pages.

// A user inputs sripts into a text field (see below).
// Which will cause other users to see an alert

<script>alert('Hacked');</script>.

• Broken Authentication - Weak session management or improper credential handling allows attackers to impersonate users.

• Sensitive Data Exposure - Failing to encrypt sensitive data ie: Passwords or using weak cryptographic algorithms.

• Security Misconfiguration - Incorrect settings ie: Leaving default passwords that allow unauthorized access.

• Cross-Site Request Forgery (CSRF): - An attacker tricks a user into performing actions without their consent, such as transferring money from their account.

• Insecure Deserialization - Deserializing untrusted data can lead to remote code execution or data tampering.

• Using Components with Known Vulnerabilities - Libraries or frameworks with security flaws can be exploited.

• Insufficient Logging and Monitoring - Without proper logging, security breaches may go undetected.

• Server-Side Request Forgery (SSRF) - An attacker makes the server initiate requests to internal or external systems, potentially accessing restricted data.

Security Testing Tools

• OWASP ZAP (Zed Attack Proxy) - Open-source tool for scanning web applications for vulnerabilities. Helps identify XSS, SQL Injection, and CSRF issues.

• Burp Suite - A powerful tool for manual and automated security testing. Used for intercepting, modifying, and scanning requests for vulnerabilities.

• Nmap - A network scanner that detects open ports, services, and vulnerabilities on systems.

• SQLMap - An open-source tool for automating SQL Injection attacks.

• Metasploit - A penetration testing framework used to find and exploit vulnerabilities.

Security Testing Strategies

• Threat Modeling - Identify and analyze potential threats to the system.

• Penetration Testing - Simulate attacks to uncover vulnerabilities.

• Code Review - Inspect the source code for security flaws.

• Dynamic Application Security Testing (DAST) - Test the application while it’s running to find vulnerabilities.

• Static Application Security Testing (SAST) - Analyze source code or binaries for vulnerabilities before deployment.

• Vulnerability Scanning - Regularly scan for known vulnerabilities in libraries, dependencies, and configurations.

Performance vs. Security Testing: A Comparison

Aspect	Performance Testing	Security Testing
Objective	Identify bottlenecks and ensure efficiency.	Find and fix vulnerabilities to prevent attacks.
Metrics	Response time, throughput, latency.	Authentication flaws, XSS, SQL Injection
Tools	JMeter, LoadRunner, k6	Burp Suite, OWASP ZAP, SQLMap
Focus Area	Speed, stability, scalability.	Data protection, access control, integrity.
Approach	Simulate workloads and measure response.	Simulate attacks and review security practices.

Module Review

Click to start the definition to term matching quiz

Drag the defintion to the correct term.

Open the defintion to term matching quiz

Click to start the multiple choice quiz

Choose from the listed options below.

Score: : 0 / 20 [0.00 %]

Question 1 of 20: Which testing type evaluates how a system responds to sudden increases in traffic?