So here are 6 steps that can helps you include Security Tests in your Software Life Cycles. The Steps include the ‘Purpose’, the ‘Methodology’ and the ‘Tools’ needed to achieve them.
Step 1: Information Gathering/Mapping the Application
Purpose:
-Get a thorough view of the target
-Identify Common mis-configurations
Methodology:
-Passive Spidering: explore visible content using a Security Proxy tool
-Map the application using multiple Users(privileged, non-privileged) if applicable
-Check against Public resources. e.g. Google
Tools:
– Burp Proxy or ZAP Proxy
Step 2: Target Analysis/Identify hints for attack vectors/accidental leakage
Purpose:
-Figure out what you’re up against
-Look for anything that unintentionally identifies
-Look for Content that should not be accessible
Methodology:
-Identify the technologies Used
-Identify functionality
-Determine how core functionality works, URL style, etc.
-Review robots.txt
-Identify redirects
-Identify error handling with Information leakage
-Review use of Cookies
Step 3: Enumerate Other Resources
Purpose:
-Look for other network resources- web sites, etc.
Methodology:
-Enumerate DNS hostnames, network blocks of other systems
-Identify other systems related to the target
Tools:
-nmap
-DNSenum
Step 4: Scan the Target for Security Flaws
Purpose:
-Identify Possible Security flaws in the target web Application
Caveats:
-Scanners lack intuition and understanding of requirements
-Scanners cannot improvise
-False Positives and False Negatives are common
Tools:
-Netsparker Community Edition
-Acunetix Web Vulnerability Scanner
Step 5: Test Authentication Mechanisms
Methodology:
-Test Password Quality
-Attempt to enumerate Usernames
-Attempt to brute force passwords
-Test Account recovery function of enumerated Users
-Examine cookies if ‘remember me’ option exists
-Verify Credentials are submitted securely
-If Multi-phase authentication is used, test for logic flaws
Tools:
-Web Browser
-Burp
Step 6: Verify Access Controls
Purpose:
-Verify whether access controls are properly applied to sensitive functionality
Methodology:
-Map the site using different usersThe above steps have helped me and they should surely help You.
