Penetration Testing Checklist
In the context of software testing, when we come across the term penetration testing, what comes to our mind first!!
'Penetration' implies invading something or simply paving the way into something. So penetration testing means identifying whether a software system is vulnerable to security threats or not.
A penetration test is conducted by forcefully introducing known defects or errors by trusted individuals who act like an intruder or malicious user. This test intends to break security or network protocols by injecting known threat conditions to verify whether the network security is affected by such threat or refutes that error condition.
Like any other checklist, penetration testing checklist is a great way to list all possible tasks that need to be covered in the testing process.
Penetration Test Checklist:
Penetration testing can be done on different aspects related to a software application to test its security vulnerability.
- Check for spam attacks on a contact form that is sometimes used for recording a user's information, on a certain web application.
- Proxy servers - A proxy server is the one that interacts with the client on behalf of the main server. It is not easy for a malicious attacker to invade the main server in the presence of a proxy server.
- Spam email filters - It is to be verified that an incoming and outgoing email must be filtered, that is, inappropriate emails should not reach the addressee.
- Firewalls - Firewalls prevent unauthorised access to a computer or a network of computers. A testing is thus necessary to ensure that a firewall is functioning well to protect a system.
- Attack devices - Try attacking connected devices to a system such as printer, network devices or servers to check their vulnerability to attacks.
- Verification - It is to verify whether the data passed over an HTTP request should not be visible to the public. A secured connection should be made to carry data.
- Cookies - Cookies store user information, and the testers must ensure that they are not in readable format.
- Ports - It is important to check that there aren't any ports open on the network.
- Telephone and Wi-Fi - Check for telephone devices and wifi security.
- HTTP methods - HTTP methods like POST and DELETE methods should be disabled on a browser.
- Usernames and Passwords - A standard protocol in this context is that a username must not include terms like 'admin' or 'administrator' (naming conventions). A password must adhere to the minimum length of characters.
- Login Pages - After failure of a certain number of Login attempts, an error message should be displayed to the end user.
- Error Messages - Error messages should be appropriate as per the actual occurrence of an error condition.
- Special Characters - This is to verify whether the HTML tags and scripts are handled properly as input value.
- Internal System Details - An error message must not carry much information about details of the web application.
- Registry entries - A registry must not contain sensitive information.
- Scanning Files - A file should be scanned before uploading it to the server.
- Data in URL - When communicating over the web, any sensitive information must not be appended to the URL.
- Input fields - All input fields must adhere to range specifications for an input value from a user.
- SQL injection - Web pages are quite prone to SQL injections. SQL injections are data entered by an untrusted source. This can affect authentic data of authentic users. Thus SQL injection should be carefully analysed and tested.
- XSS - XSS stands for Cross Site Scripting which means a user input is displayed on a web application without filtering HTML tags.
- Validation checks - Validation checks must be done to ensure that every text field adheres to input specifications. There are many types of validation checks, some are - range validation, required field validation, compare validation and so on.
- System resources - Necessary system resources should only be available to authorised users.
- Permissions - Everything should be maintained with proper access permission rights.
- Sessions - A check on the user session is very important as inactivity of an authorised user for a reasonable amount of time could be misused by a malicious user.
- Directory browsing - Directory browsing should be disabled on the server.
- Version updates - All database versions should be updated regularly.
- URL manipulations - It should be verified whether URL is displaying confidential data or not.
- Buffer overflow - Test for any memory leak or buffer overflow. Either is harmful and should be avoided.
- Trojan attacks - Network should be checked if it is vulnerable to Trojan attacks. Steps should be taken to handle such issues.
- Brute force attacks - Brute force can be applied in an effort to fetch sensitive information of users such as passwords, contact details etc.
- Dos - Denial of service attacks is a way of intruding a system by flooding it with a huge number of requests. To counter such attacks the tests must ensure that only legitimate users are given access to the desired source.