Introduction to web application security testing

1,356 views

Published on

A brief overview of common techniques and tools which can be applied to web application security testing

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,356
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
16
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Introduction to web application security testing

  1. 1. Introduction to web application security testing Alexandr Romanov
  2. 2. What is security testing and why it is neccessary?
  3. 3. Prepare your mind for security testing - Think like a hacker :) - Concentrate on negative testing - Vulnerabilities = bugs
  4. 4. Security testing in action - stage 1 Mapping the application - web spidering - user directed spidering - brute force scanning
  5. 5. Security testing in action - stage 2 Analyze the application - application functionality - data entry points - application technologies
  6. 6. Security testing in action - stage 3 Test/break the application Test: - client-side controls - authentication mechanizm - session management mechanizm - access controls - input-based vulnerabilities .....
  7. 7. Security testing in action - stage 4 Report the results 1. Exclusive summary 2. Detailed report 3. Raw output
  8. 8. Security tester tools Firefox: - Firebug/FirePath - HTTPWatch - FoxyProxy - XSSme/SQLme Chrome: - XSSRays IE: - HTTPWatch/IEWatch
  9. 9. Security tester tools Complex tools: - BurpSuite - WebScarab - Zed Attack Proxy - Fiddler Vulnerability scanners: - Acunetix - Nikto - Nessus

×