• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Web application security test tools
 

Web application security test tools

on

  • 398 views

Web application security test tools

Web application security test tools

Statistics

Views

Total Views
398
Views on SlideShare
346
Embed Views
52

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 52

http://folami.nghelong.com 51
http://webcache.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • {}

Web application security test tools Web application security test tools Presentation Transcript

  • Web Security Testing Tools  Nguyen Huu Phuoc, MEng. 11/2013
  • Agenda ● Security in ISO 25010. ● What is web application security? ● Top Web application security risks. ● Web application security test tools.
  • ISO 25010
  • ISO 25010 ● ISO 25010: Software Qulity Requirements – 3 models ● ● Data quality. ● – System/Software product quality. Quality in use. System/Software product quality ● ● – 8 characteristics. 31 sub-characteristics. Security: ● 1/8 characteristic. ● 5 sub-scharacteristics.
  • Web Application Security ● Web Application Security → System/Software Quality.
  • Top Web Security Risks ● OWASP: – The Open Web Application Security Project. – Website: https://www.owasp.org – The OWASP Top Ten Project: https://www.owasp.org/index.php/Top_10
  • Top Web Security Risks A1.Injection A2.Broken Authentication And Session Management A3.Cross-site Scripting (XSS) A4.Insecure Direct Object References A5. Security Misconfiguration A6.Sensitive Data Exposure A7.Missing Function Level Access Control A8.Cross site Request Forgery (CSRF) A9.Using known vulnerable Components A10.Unvalidated Redirects And Forwards
  • Web App Security Test Tools ● ● ● ● ● A1.Injection → WA3F A2.Broken Authentication And Session Management → HackBar A3.Cross-site scripting → ZAP A4.Insecure Direct Object References → Burp Suite A5.Security Misconfiguration → Watobo
  • Web App Security Test Tools ● A6.Sensitive Data Exposure → Calomel Addon ● A7.Missing Fuction Level Access Control → Wikto ● A8.Cross Site Request Forgery →Tamper Data ● ● A9.Using known vulnerable components → Dependency Check A10.Unvalidated Redirects And Forwards → Watcher
  • Web App Security Test Tools ● A6.Sensitive Data Exposure → Calomel Addon ● A7.Missing Fuction Level Access Control → Wikto ● A8.Cross Site Request Forgery →Tamper Data ● ● A9.Using known vulnerable components → Dependency Check A10.Unvalidated Redirects And Forwards → Watcher