🔍Catatan Seekor: Security Testing

"Security testing is not about finding vulnerabilities, it's about preventing them"

📚 Overview

Security Testing adalah proses sistematis untuk mengidentifikasi kerentanan keamanan dalam aplikasi, sistem, atau infrastruktur. Ini mencakup berbagai metode testing untuk memastikan bahwa aplikasi aman dari ancaman cyber.

🎯 Learning Objectives

• Memahami berbagai jenis security testing

• Menerapkan automated dan manual security testing

• Menggunakan tools dan frameworks security testing

• Melakukan penetration testing dan vulnerability assessment

📖 Table of Contents

• Penetration Testing

• Vulnerability Assessment

• Security Code Review

• Automated Security Testing

• Tools & Frameworks

🧪 Types of Security Testing

1. Penetration Testing

• Black Box: No prior knowledge

• White Box: Full knowledge

• Gray Box: Partial knowledge

• External: From internet

• Internal: From internal network

2. Vulnerability Assessment

• Automated Scanning: Tool-based scanning

• Manual Testing: Human expertise

• Configuration Review: Security settings

• Dependency Scanning: Third-party components

3. Security Code Review

• Static Analysis: Code review without execution

• Dynamic Analysis: Runtime analysis

• Manual Review: Human code inspection

• Automated Tools: SAST tools

🚀 Quick Start

Untuk Pemula

1. Mulai dengan Vulnerability Assessment

2. Pelajari Automated Security Testing

3. Pahami Tools & Frameworks

Untuk Security Professionals

1. Implementasi Penetration Testing

2. Pelajari Security Code Review

3. Kuasai advanced testing methodologies

📚 Referensi & Resources

Essential Reading

• OWASP Testing Guide

• NIST Cybersecurity Framework

• PTES (Penetration Testing Execution Standard)

Tools & Frameworks

• OWASP ZAP - Web application security testing

• Burp Suite - Web application security testing

• Nmap - Network security scanner

• Metasploit - Penetration testing framework

🎯 Best Practices

• ✅ Follow testing methodology

• ✅ Document all findings

• ✅ Use multiple tools

• ✅ Validate vulnerabilities

• ✅ Report responsibly

• ✅ Continuous testing

• ✅ Regular assessments

🚨 Security Checklist

• Testing scope defined

• Methodology selected

• Tools configured

• Testing completed

• Vulnerabilities documented

• Report generated

• Remediation planned

• Follow-up scheduled

📊 Implementation Examples

Automated Vulnerability Scan (Python)

import requests
import json
from urllib.parse import urljoin

class SecurityScanner:
    def __init__(self, target_url):
        self.target_url = target_url
        self.vulnerabilities = []
    
    def scan_headers(self):
        """Scan for security headers"""
        try:
            response = requests.get(self.target_url)
            headers = response.headers
            
            security_headers = {
                'X-Frame-Options': 'Missing clickjacking protection',
                'X-Content-Type-Options': 'Missing MIME type protection',
                'X-XSS-Protection': 'Missing XSS protection',
                'Strict-Transport-Security': 'Missing HSTS',
                'Content-Security-Policy': 'Missing CSP'
            }
            
            for header, description in security_headers.items():
                if header not in headers:
                    self.vulnerabilities.append({
                        'type': 'Missing Security Header',
                        'header': header,
                        'description': description,
                        'severity': 'Medium'
                    })
                    
        except Exception as e:
            print(f"Error scanning headers: {e}")
    
    def scan_ssl(self):
        """Check SSL/TLS configuration"""
        try:
            response = requests.get(self.target_url, verify=True)
            if response.status_code == 200:
                print("SSL/TLS is properly configured")
        except requests.exceptions.SSLError:
            self.vulnerabilities.append({
                'type': 'SSL/TLS Issue',
                'description': 'SSL certificate or configuration problem',
                'severity': 'High'
            })
    
    def generate_report(self):
        """Generate security report"""
        report = {
            'target_url': self.target_url,
            'scan_date': str(datetime.now()),
            'vulnerabilities_found': len(self.vulnerabilities),
            'vulnerabilities': self.vulnerabilities
        }
        
        with open('security_report.json', 'w') as f:
            json.dump(report, f, indent=2)
        
        return report

# Usage
scanner = SecurityScanner('https://example.com')
scanner.scan_headers()
scanner.scan_ssl()
report = scanner.generate_report()
print(f"Found {report['vulnerabilities_found']} vulnerabilities")

SQL Injection Tester (Node.js)

const axios = require('axios');

class SQLInjectionTester {
    constructor(targetUrl) {
        this.targetUrl = targetUrl;
        this.payloads = [
            "' OR '1'='1",
            "'; DROP TABLE users; --",
            "' UNION SELECT username,password FROM users --",
            "admin'--",
            "1' OR '1' = '1' #"
        ];
        this.results = [];
    }
    
    async testPayload(payload) {
        try {
            const response = await axios.post(this.targetUrl, {
                username: payload,
                password: 'test'
            });
            
            // Analyze response for SQL injection indicators
            const indicators = [
                'SQL syntax',
                'mysql_fetch',
                'ORA-',
                'PostgreSQL',
                'SQLite',
                'error in your SQL syntax'
            ];
            
            const isVulnerable = indicators.some(indicator => 
                response.data.toString().toLowerCase().includes(indicator.toLowerCase())
            );
            
            if (isVulnerable) {
                this.results.push({
                    payload: payload,
                    vulnerable: true,
                    response: response.data
                });
            }
            
        } catch (error) {
            // Some errors might indicate SQL injection
            if (error.response && error.response.status === 500) {
                this.results.push({
                    payload: payload,
                    vulnerable: true,
                    error: 'Server error (potential SQL injection)'
                });
            }
        }
    }
    
    async runTests() {
        console.log('Starting SQL injection tests...');
        
        for (const payload of this.payloads) {
            await this.testPayload(payload);
            // Add delay to avoid overwhelming the server
            await new Promise(resolve => setTimeout(resolve, 1000));
        }
        
        return this.results;
    }
    
    generateReport() {
        const vulnerableCount = this.results.filter(r => r.vulnerable).length;
        
        console.log(`\n=== SQL Injection Test Report ===`);
        console.log(`Target: ${this.targetUrl}`);
        console.log(`Payloads tested: ${this.payloads.length}`);
        console.log(`Vulnerable payloads: ${vulnerableCount}`);
        
        if (vulnerableCount > 0) {
            console.log('\nVulnerable payloads:');
            this.results
                .filter(r => r.vulnerable)
                .forEach(r => console.log(`- ${r.payload}`));
        }
        
        return this.results;
    }
}

// Usage
const tester = new SQLInjectionTester('https://example.com/login');
tester.runTests().then(() => {
    tester.generateReport();
});

🔍 Testing Methodologies

OWASP Testing Guide

1. Information Gathering

2. Configuration Management

3. Identity Management

4. Authentication Testing

5. Authorization Testing

6. Session Management

7. Input Validation

8. Error Handling

9. Cryptography

10. Business Logic

PTES (Penetration Testing Execution Standard)

1. Pre-engagement Interactions

2. Intelligence Gathering

3. Threat Modeling

4. Vulnerability Analysis

5. Exploitation

6. Post Exploitation

7. Reporting

🛡️ Security Testing Tools

Web Application Testing

• OWASP ZAP: Free web application scanner

• Burp Suite: Professional web security testing

• Nikto: Web server scanner

• Acunetix: Automated web vulnerability scanner

Network Security Testing

• Nmap: Network discovery and security auditing

• Wireshark: Network protocol analyzer

• Metasploit: Penetration testing framework

• Nessus: Vulnerability scanner

Code Analysis

• SonarQube: Code quality and security

• Bandit: Python security linter

• ESLint: JavaScript security rules

• SpotBugs: Java static analysis

🚀 Advanced Topics

Red Team vs Blue Team

• Red Team: Offensive security testing

• Blue Team: Defensive security operations

• Purple Team: Collaboration between teams

• Purple Teaming: Joint exercises

Threat Hunting

• Proactive threat detection

• Behavioral analysis

• Anomaly detection

• Threat intelligence

Security Automation

• CI/CD security integration

• Automated vulnerability scanning

• Security testing in DevOps

• Continuous security monitoring

🤝 Contributing

Kontribusi untuk memperbaiki dan menambahkan konten security testing sangat dihargai! Silakan:

1. Fork repository ini

2. Buat branch untuk fitur baru

3. Commit perubahan Anda

4. Push ke branch

5. Buat Pull Request

📄 License

Konten ini tersedia di bawah MIT License.

🙏 Acknowledgments

• OWASP Foundation untuk testing methodologies

• Security testing community

• Tool developers dan maintainers

• Security researchers dan practitioners

---

⚠️ Disclaimer: Catatan ini dibuat untuk tujuan pembelajaran. Selalu test di environment yang aman dan dapatkan izin sebelum melakukan security testing pada sistem yang bukan milik Anda.

🔍 Remember: Security testing is an ongoing process. Stay updated with the latest threats and testing techniques!