selenium conference 2014 -- bangalore
Post on 23-Dec-2014
162 Views
Preview:
DESCRIPTION
TRANSCRIPT
Automation in SecurityPrasanna K, Ketan Soni
AgendaTypical use of Selenium
Information Security
How To achieve complete coverage
Workflow
Injection Attacks
Conclusion
IntroductionsPrasanna Kanagasabai
Pentester @ ThoughtWorks
Author of IronSAP
Speaker @ various security conferences
Proud OSCP
Ketan Soni
QA @ ThoughtWorks
Typical use of SeleniumUI Automation
Cross Browser Testing
Could We do more …….
Information SecurityExploratory testing
Find Defects
Proactive Harming the system
One of the most Exciting Jobs
How To achieve complete coverage
Applications are ever increasing
Applications Tech stack has become vast
Security attacks have become complex
Security cannot be compromised
Trained resources are finite
Solution : Automation
Workflow
Define a Scenario
Generate Payload
Deliver Payload
Match Results for Success /
Failure
Test Scenario
Identify Test Data
Execution of Test
Scenario’s
Validation
QA Flow
Security Flow
Workflow -- ExampleLogin
without User
Credentials
Password List
Brute force
Script
Login Success /
Failure
How did we arrive @ Selenium
Ajax in Normal “Urllib” Libraries were difficult
Selenium could handle Ajax Requests easily.
Security !!!
SQL Injection
11
admin
adminPass
Username
Password
Submit
SELECT * FROM users WHERE username = ‘admin’ AND password = ‘adminPass’
SQL Injection
12
’OR 1=1--'
BlahBlah
Username
Password
Submit
SELECT * FROM users WHERE username = ‘’
OR 1=1--’’AND password = ‘BlahBlah’
SQL Injection
13
’OR 1=1--'
BlahBlah
Username
Password
Submit
SELECT * FROM users WHERE username = ‘’
OR 1=1
DEMO
14
XSS
15
Search
XSS
16
Hello there friendsSearch
Search results for “Hello there friends”
XSS
17
Hello <script>alert(“Hello World)</script> there friendsSearch
Search results for “Hello
DEMO
18
Command Injection
Ping Host 12.0.0.1
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.044 ms64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.049 ms64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.040 ms
--- 127.0.0.1 ping statistics ---3 packets transmitted, 3 packets received, 0.0% packet lossround-trip min/avg/max/stddev = 0.040/0.044/0.049/0.004 ms
Command Injection
How do we attack ??
Binary ProtocolsBinary Json, Protobuff
Data is travelling in Mostly HEX
Add code to teach tools
Presented this plugin @ C0C0N
DEMO
22
What More …Cookiejar – for Cookie Management
Suds – Web services Automation
Lxml – Similar to BS4
Json – To work with Json
pyAmf – AMF Protocol
SimpleHTTPServer – Simplest Webserver (python –m SimpleHTTPServer 9080)
Twisted
ConclusionHelps in larger code coverage
Saving time
Careful calibration is needed
Cant fully replace manual testing
Questions ??shifu@thoughtworks.com
Ketan.soni@thoughtworks.com
@prasannain
@ketan_soni
Thank You !!
References https://github.com/prasanna-in/Random-Scripts
top related