logo

Web Based System Security: Types of Testing, Methodologies, Results and Solutions

Evaluate the security of a virtual machine provided by Benny Vandergast Inc for WidgetsInc and propose security measures to address any issues found.

14 Pages3944 Words345 Views
   

Added on  2023-06-11

About This Document

Web based applications have become the new inventions driving businesses, health, agriculture and government functions ahead. However, securing the web apps through the web application security becomes a necessity. This article discusses types of testing, methodologies, results and solutions to secure your web applications.

Web Based System Security: Types of Testing, Methodologies, Results and Solutions

Evaluate the security of a virtual machine provided by Benny Vandergast Inc for WidgetsInc and propose security measures to address any issues found.

   Added on 2023-06-11

ShareRelated Documents
WEB BASED SYSTEM SECURITY.
NAME
UNIVERSITY/AFFLIATION
Web Based System Security: Types of Testing, Methodologies, Results and Solutions_1
Introduction.
Web based applications allow the user to access the services provided through the web
browser installed on their mobile phones or personal computers. The web apps have become
the new inventions driving businesses, health, agriculture and government functions ahead.
They include webmail, online shops, online banking and e-services, (Su, Z., & Wassermann,
G.,2016). These web apps eliminate the need for local installation of applications and regular
updates. Integrating cloud computing, web based applications are used to provide interfaces
through the software as a service interface.
Due to the rising functionality of the use of web based applications, this has become a hot
cake for attackers and hackers for malicious reasons such as stealing and data access,
modification and deletion. Therefore, the process of securing the web apps through the web
application security becomes a necessity,( Garrett, J. J.,2015). The processes, practices and
procedures of securing web apps utilizes the same principles and solutions for securing the
internet and web systems such as authentication, encryption, application security, firewall,
intrusion detection and prevention systems, secure gateways and protocols and computer
access control.
To strengthen the security of the web apps, security testing is performed to access the
vulnerabilities, threats and risks in the web system and the internet. The tests are performed
in two categories, static and dynamic analysis,( Wassermann, G., & Su, Z.,2014). These tests
include manual tests and automatic tests using testing tools. Performing tests on a running
web application is called dynamic analysis. Static analysis is performed on the application’s
source code for vulnerabilities.
According to (Hope, P. and Walther, B., 2008),Dynamic analysis is an effective way of
regularly assessing the application’s security when running since the process is quick. This
dynamic process does not check the application’s source code but analyses the internal state
of the application through the requests and responses generated by the web service.
Types of Web application security testing.
To determine the possible way to secure the web applications, they have to be tested in a
virtual attack environment to identify the vulnerabilities, threats and risks within the apps
during running or in the source code. Therefore, several testing procedures, principles and
practices have been designed and deployed to assist the experts,( Livshits, V. B., & Lam, M.
Web Based System Security: Types of Testing, Methodologies, Results and Solutions_2
S.,2015). The testing and exploitation tools are related and certified for corporate use and
meet the requirements for policies, financial auditing, compliance requirements and other
international standards such as HIPAA.
The testing tools generate the vulnerability and evidence of the security flaw and allows the
developers to redesign the application fixing the security loophole. Security testing is a
crucial step in software, networking and computer development, it is regularly performed
within the course of the use of the components over time. The process of security testing
includes the testing for penetration, reviewing the code and analysing the architecture for any
security loopholes,( Allen et al 2009).
As a quality and assurance verification procedure, security testing is mandatory before public
use of any developed web application. The following are the types of security testing:
1. Static application security testing.
Also called white box testing, SAST analyses the source code of the application for security
vulnerabilities, threats and risks. The SAST tools examines the application layer and views
the security of the web app from an inside out perspective. Employed in the software
development steps and phases of the lifecycle, SAST does not require the application to be
running. Several white list testing tools are available on the market with the ability to scan
pre-compiled codes and find vulnerabilities. This ability saves the developer time of
identifying bugs when the application is compiled and executed, (Huang et al 2013).
The white list testing tools provide the developer with the security flaws in the codes during
the initial development phase and thus saves them the time to develop applications prone to
attacks and hackers.
The strengths of the SAST include the high scalability with the ability to be run on multiple
codes within the pre-deployed versions of the web app such as official nightly and produces a
reliable report with the evidence of the security flaws in the source code lines, numbers and
subsections through useful testing tools that find SQL injection loopholes, buffer overflows
and other vulnerabilities, (Tappenden et al 2015).
However, the white list testing tools have several shortcomings in that they cannot find
security vulnerabilities such as configurations that are not embedded in the source code, some
of the tools generate a lot of false positives and request and response issues such as
encryption, authentication, firewall and access control.
Web Based System Security: Types of Testing, Methodologies, Results and Solutions_3
The requirements for the white list testing tool was selected basing on the programming
language of the website, accuracy, ability to run on binary, libraries, code or frameworks,
ease of use and licence costs.
2. Dynamic application security testing.
DAST is the testing of testing the web app for security vulnerability while the application is
running. Its suitable for evolving projects to determine security flaws in the industry
compliance web applications and web systems. This vulnerability scanning tools examines
the web applications from the interface and does not involve the checking of the source code
or application layer, (Apfelbaum et al 2011).
This security testing tools interacts with the web applications through the web pages checking
for security flaws in the way in which the application runs through proper cross examination
of inputs, outputs, requests and responses of the web applications.
The DAST offers a variety of testing protocols such as black box testing, penetration testing
and vulnerability scanning. The penetration testing involves the manual mimicking of an
attacker by a software expert or developer and by use of the knowledge or exploitation tools,
try to access with authorization the contents of the web app and note the possible security
flaws. This penetration testing modality is sourced from registered third party security firms
by the companies or individuals with little know-how.
This offers a variety of advanced advantages such as being very fast offering the ability to
regularly test the application, flexible and scalable with the ability to be integrated into user
security strategies without developer involvement.
The DAST produces a lot of false negatives thus reducing the efficiency of the testing tools
since the deeply embedded security vulnerabilities within the source code are easily not
detected.
3. Interactive application testing.
Combines both the SAST and DAST to reduce the disadvantages and increase the efficiency.
However, the integration of the two testing modalities is not simple and thus has not been
well developed. Meanwhile, the different modalities are run and the security vulnerabilities
assessed and solved, (Tian-yang et al 2011).
Web Based System Security: Types of Testing, Methodologies, Results and Solutions_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
System Management : Discussions
|4
|604
|25

Analyzing Security Options for JKL Company
|12
|841
|51

Instance of Rating The Threats
|12
|2700
|13

Penetration Testing Report And Management
|12
|2862
|10

Network Vulnerability And Penetration Testing Assignment
|6
|1145
|23

ICT287 Computer Security: Planet of the Grapes
|14
|2703
|84