renolation/english
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
english/.opencode/skills/web-testing/references/security-testing-overview.md
renolation 10d660cbcb init
2026-04-12 01:06:31 +07:00

2.8 KiB
Raw Permalink Blame History

Security Testing Overview

OWASP Top 10 (2024)

Rank Vulnerability Testing Method
A01 Broken Access Control Test unauthorized actions across roles
A02 Cryptographic Failures Check HTTPS, encryption algorithms
A03 Injection (SQL/NoSQL/Cmd) Test with payloads (see vulnerability-payloads.md)
A04 Insecure Design Threat modeling, abuse case testing
A05 Security Misconfiguration Default creds, open ports, headers
A06 Vulnerable Components npm audit, Snyk scanning
A07 Auth Failures Brute force, session hijacking
A08 Integrity Failures Deserialization, CI/CD security
A09 Logging Failures Verify security event logging
A10 SSRF Test internal URL access

Security Testing Types

SAST (Static Analysis)

  • When: Early development, pre-commit
  • Tools: SonarQube, CodeQL, Semgrep
  • Focus: Code flaws without execution
  • Limitation: High false positives

DAST (Dynamic Analysis)

  • When: QA/staging, running application
  • Tools: OWASP ZAP, Burp Suite, Nuclei
  • Focus: Runtime vulnerabilities
  • Limitation: Requires running app

SCA (Dependency Scanning)

  • Tools: npm audit, Snyk, Dependabot
  • Focus: Known CVEs in dependencies
  • Automation: CI/CD integration

Secret Detection

  • Tools: detect-secrets, GitGuardian
  • Focus: API keys, passwords in code
  • Implementation: Pre-commit hooks

Quick Security Scan

# Dependency vulnerabilities
npm audit
npx snyk test

# OWASP ZAP baseline scan
docker run -t ghcr.io/zaproxy/zaproxy:stable \
  zap-baseline.py -t https://example.com

# Nuclei template scan
nuclei -u https://example.com -t cves/

# Check security headers
curl -I https://example.com | grep -i "security\|content-security\|x-"

Penetration Testing Phases

  1. Reconnaissance: DNS, WHOIS, tech fingerprinting
  2. Scanning: Port scan, service enumeration
  3. Vulnerability Assessment: Automated + manual testing
  4. Exploitation: Verify findings, demonstrate impact
  5. Reporting: CVSS scores, remediation guidance

Tools Comparison

Tool Type Cost Best For
OWASP ZAP DAST Free CI/CD, learning
Burp Suite DAST Paid Enterprise, detailed
Nuclei DAST Free Custom checks
npm audit SCA Free Node.js deps
Snyk SCA Free/Paid Multi-language

CI/CD Integration

# Security scanning in pipeline
- name: Dependency Scan
  run: npm audit --audit-level=high

- name: SAST Scan
  uses: github/codeql-action/analyze@v3

- name: DAST Scan
  run: |
    docker run -v $(pwd):/zap/wrk:rw ghcr.io/zaproxy/zaproxy:stable \
      zap-api-scan.py -t http://localhost:3000/openapi.json -f openapi