testingsql-injectionmicroservicespenetration-testingsecurity-testing

How to do Pen testing / Security testing on Microservices?


Wanted to test microservices for security requirements and did some google and found some good blogs e.g URL: https://www.imbalife.com/sql-injection.

Eg.SQL Injection Vulnerable Dorks. inurl:index.php?id=

How to test if URL don't have any PHP stuff. And check for Vulnerability. I am new in this security testing area. Please help me.
Thank you


Solution

  • It is the same concept even if it is another technology.

    The idea is to test for multiple vulnerabilities in the system. Usually you would want to test and control all the input in the application. The most severe vulnerabilities would be code injection attacks (SQL, Command, Client-Side code etc.), also not excluding many others. You would also want to test for logical security vulnerabilities, like if some application feature is not implemented correctly (e.g. the Authentication/Authorization mechanism, including the user password recovery or account registration etc.)

    I would strongly recommend you to go through the OWASP Top 10 list and check for their guidelines for best security coding practices and how to avoid and prevent such attacks. Considering that you mentioned testing on Microservices, for which I suppose they are some kind of REST API's then focus more on API Security issues.