The prime objective of Security testing is to find out ways to identify a vulnerability in the system and to ensure that data is protected from hackers. As more and more vital data is stored in web applications, proper security testing of web applications is becoming very important. We should do it during test environment. To implement security testing approach in our application we can ensure that our application is free to following vulnerabilities.
Many testers are unaware of how SQL queries can be tampered with and assume that an SQL query is a trusted command.SQL injection is a code injection technique that might destroy your database. A successful SQL injection attack can read sensitive data from the database, modify database data (Insert/update/delete), also execute administration operations on the database. The data we input in our application are moved to database queries. If any malicious data would be typed, it would be moved to a database query, too. In that case, if SQL Injection is possible, any damage could be done to your system’s data.
The Following things can be done from SQL Injection:
1.) The user could log in to the application as another user, even as an administrator.
2.) The user could view private information of users like details of other user’s profiles, their transaction details etc.
3.) The user could change application configuration information and the data of the other users.
4.) The user could modify the database, even delete the database.
5.) The user could take control of the database server.
Since the consequences of allowing the SQL injection technique could be very severe, so we should be tested it during the test environment.
How your website can be checked for any SQL Injection vulnerabilities?
It is very simple to find out that your website is SQL injection protected or not. To check the vulnerable page for sql injection vulnerability add a [ ‘ ] to the URL. To check the vulnerable page for sql injection vulnerability add a [ ‘ ] sign. If the page is vulnerable to SQLI it will throw My SQL error. As we got vulnerable url, we can any tool to check the level of exploitation. So anyone can dump the complete data with available data. Let’s take an example-
// a user name
$name = "John doe";
$query = "SELECT * FROM customers WHERE username = '$name'";
echo "Normal: " . $query . "<br />";
// user input that uses SQL Injection
$name_bad = "' OR 1'";
// our MySQL query builder, however, not a very safe one
$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
// display what the new query will look like, with injection
echo "Injection: " . $query_bad;
It will display like-
Normal: SELECT * FROM customers WHERE username = ‘John doe’
Injection: SELECT * FROM customers WHERE username = ” OR 1″
From Normal query MySQL statement will just select everything from customers that has a username equal to John doe. Whereas, the injection attack will change our query behavior. This OR clause of 1 will always be true and so every single entry in the “customers” table would be selected by this statement. You can learn more from this link- SQL Injection
What can be done to Prevent SQL Injection attacks?
For preventing SQL injection we should validate and sanitize every data. We can validate the data with (int). Using (int) forces the data to be an integer.
PHP has a specially-made function to prevent these attacks. All you need to do is use this function mysqli_real_escape_string.
mysqli_real_escape_string take a string that is going to be used in a MySQL query and return the same string with all SQL Injection attempts safely escaped. Basically, it will replace those troublesome quotes(‘) a user might enter with a MySQL-safe substitute, an escaped quote \’. So please do use the mysqli_real_escape_string() function to help prevent SQL Injection attacks on your websites.
So we can check our application’s code that is it validated/sanitized or not.
Cross Site Scripting:
XSS (Cross-Site Scripting) is a widespread vulnerability that affects many web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. The XSS scripts injected into a site can leak out sensitive data and information.
How does it work?
On a web page, we generally interact with input boxes however, there are text areas that act as the document objects. They take input from the users and these are easily vulnerable.
An XSS attack can execute malicious script anywhere in the web app. Here’s a quick example:
<input type="text" name="firstname" value="<script>alert('Script Injected');</script>" >
We can understand it using different scenarios like-
A script is sent as a request in an input and this is then shown as a response on the web page.
The script is executed when the user runs the application.
How to prevent XSS?
We can overcome from XSS attack using HTML escape/decode before inserting untrusted data into HTML element. Using html_entity_decode() function we can convert all HTML entities in the string to their applicable characters.
We will learn more on Security testing in another blog.