Security testing is used to assess a network service such as a web application for vulnerabilities or attack vectors. In one approach to security testing, a security testing application (or scanner) identifies the service interface of the network service (e.g., Uniform Resource Identifiers (URIs) such as Uniform Resource Locators (URLs) at which the application accepts input). The service interface of the network service is sometimes referred to as the attack surface of the network service.
The scanner identifies the service interface of the network service by analyzing web pages related to the network service to identify URIs referencing the network service, such as URIs that include a host identifier of the network service. In some implementations the scanner also provides Hypertext Transfer Protocol (HTTP) requests to and evaluates HTTP responses from the network service to determine whether the network service responds to requests at these URIs and characteristics of data returned in response to such requests.
The scanner then executes attacks based on the service interface such as HTTP requests directed to URIs at which the network service accepts input. These requests are particularly crafted to (e.g., have parameters or data payloads to) test for attack vectors such as memory buffer overflows, Structured Query Language (SQL) injection, privilege elevation, and arbitrary code execution, for example. Additionally, the scanner can diagnose the presence or absence of vulnerabilities by evaluating HTTP responses from the network service.