Rookie

漫游指南-1 的世界

流浪在大理的斜杠青年
首页标签归档图文关于

Business Security Testing Points

#业务安全#逻辑漏洞86
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The document outlines key points for business security testing, focusing on various modules such as login authentication, session management, authorization access, input/output validation, and password recovery. It details specific tests for vulnerabilities like brute force attacks, session fixation, SQL injection, XSS, and unauthorized access. Additionally, it covers practical security cases, including account exposure, password recovery flaws, privilege escalation, and OAuth2.0 vulnerabilities. The document emphasizes the importance of thorough testing to identify and mitigate security risks in web applications.

1 Key Points of Business Security Testing#

0.1 Technical Section#

0.1 Login Authentication Module Testing#

Brute Force Testing
Local Encryption Transmission Testing

0.12 Session Testing#

Session Fixation Testing
Session Logout Testing
Session Timeout Testing
Cookie Forgery Testing
Ciphertext Comparison Authentication Testing
Login Failure Message Testing

0.2 Business Processing Module Testing#

Order ID Tampering Testing
Phone Number Tampering Testing
User ID Tampering Testing
Email and User Tampering Testing
Product Number Tampering Testing
Race Condition Testing

0.3 Authorization Access Module Testing#

Unauthorized Access Testing

0.31 Privilege Escalation Testing#

Horizontal Privilege Escalation Testing
Vertical Privilege Escalation Testing

0.4 Input and Output Module Testing#

0.41 SQL Injection Testing#

Numeric Injection
Character Injection
Search Injection

0.42 XSS Testing#

Reflected XSS
Stored XSS
DOM-based XSS
Command Execution Testing

0.5 Fallback Module Testing#

Fallback Testing

0.6 CAPTCHA Mechanism Testing#

CAPTCHA Brute Force Testing
CAPTCHA Reuse Testing
CAPTCHA Client-side Echo Testing
CAPTCHA Bypass Testing
CAPTCHA Automatic Recognition Testing

0.7 Business Data Security Testing#

Product Payment Amount Tampering Testing
Product Order Quantity Tampering Testing
Frontend JS Restriction Bypass Testing
Request Replay Testing
Business Limit Testing

0.8 Business Process Out-of-Order Testing#

Business Process Bypass Testing

0.9 Password Recovery Module Testing#

CAPTCHA Client-side Echo Testing
CAPTCHA Brute Force Testing
Interface Parameter Account Modification Testing
Response Status Value Modification Testing
Session Overwrite Testing
Weak Token Design Flaw Testing
Password Recovery Process Bypass Testing

10 Business Interface Call Module Testing#

Interface Call Replay Testing
Interface Call Enumeration Testing
Interface Call Parameter Tampering Testing
Unauthorized Access/Call Testing
Callback Custom Testing
WebService Testing

Practical Section#

0.1 Account Security Testing#

0.1.2 Account Password Directly Exposed on the Internet#

Database Configuration Information Leakage of a Certain Company
Information Leakage of Thousands of Employees

0.1.3 Unlimited Login to Any Account#

SQL Injection Vulnerability Bypasses Login Restrictions
APP Client Can Hijack Any Account

0.1.4 Email Account Leakage Incident#

Information Leakage Caused by Email Account

0.1.5 Man-in-the-Middle Attack#

SSL Certificate Spoofing Attack
SSL Hijacking

0.1.6 Credential Stuffing Attack#

Subsite Has Credential Stuffing Risk

0.2 Password Recovery Security Cases#

0.2.1 Password Recovery Credentials Can Be Brute Forced#

Arbitrary Password Modification

0.2.2 Password Recovery Credentials Directly Returned to Client#

Password Recovery Credentials Exposed in Links
Encrypted CAPTCHA String Returned to Client
Secret Question Answers Hidden in Web Source Code
SMS CAPTCHA Returned to Client

0.2.3 Password Reset Link Has Weak Token#

Using Timestamp MD5 as Password Reset Token
Using Server Time as Password Reset Token

0.2.4 Password Reset Credentials Not Strictly Associated with User Account#

Using SMS CAPTCHA to Recover Password
Using Email Token to Recover Password

0.2.5 Rebinding User's Phone or Email#

Rebinding User's Phone
Rebinding User's Email

0.2.5 Server-side Verification Logic Flaws#

Deleting Parameters to Bypass Verification
Email Address Can Be Manipulated
Authentication Steps Can Be Bypassed

0.2.7 Locally Verifying Server's Returned Information#

Modifying Return Package to Bypass Verification

0.2.8 Registration Overwrite#

Existing Users Can Be Registered Again

0.2.9 Session Overwrite#

Resetting Others' Passwords via Session Overwrite

0.3 Privilege Escalation Security Cases#

0.3.1 Horizontal Privilege Escalation#

System Users Can View Other Users' Personal Information
Website Users Can View or Modify Other Users' Information
Regular Users Can View Other Users' Information

0.3.2 Vertical Privilege Escalation#

Regular User Privileges Escalated to System Privileges
Backend Can Privilege Escalate to Add Administrator Accounts
Low-Privilege Users Can Modify Super Administrator Configuration Information
Privileges Can Be Escalated by Modifying Corresponding Menu Categories

0.4 OAuth2.0 Security Cases#

CSRF Vulnerability Leading to Binding Hijacking
A Certain Community Hijacking Authorization

0.5 Online Payment Security Case Summary#

Order Amount Tampering on a Certain Fast Food Chain's Official Website
Order Quantity Tampering on a Certain Online Mall
Order Request Replay Testing on a Certain Server Provider's Platform
Interference Testing of Other Parameters in Orders on a Certain Training Institution's Official Website

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.