Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security testing operation vijay

218 views

Published on

Understand basics of testing security aspects like passwords, robots.txt. Understand SQL Injection and XSS attacks. Automation of them using ZAP proxy tool.

Published in: Technology
  • Be the first to comment

Security testing operation vijay

  1. 1. Security Testing Operation Vijay
  2. 2. What is hacking?
  3. 3. Hackers
  4. 4. Types of Hackers ● Ethical Hackers ● Crackers
  5. 5. Define Security Testing is a type of testing that intends to uncover vulnerabilities of the system and determine that its data and resources are protected from possible intruders.
  6. 6. Types of Security Testing ● Infrastructure Security Testing ● Application Security Testing
  7. 7. When?
  8. 8. Security Testing Vocabulary ● Reconnaissance/ Information gathering ● Vulnerability ● Exploit
  9. 9. Reconnaissance Demo
  10. 10. Reconnaissance Mission
  11. 11. P@ssw04d
  12. 12. Default / Weak Passwords
  13. 13. Password Vaults Demo
  14. 14. Cross Site Scripting Client side injection attack Types: Reflected XSS Stored XSS DOM based XSS
  15. 15. Reflected XSS Demo
  16. 16. Reflected XSS Mission
  17. 17. Stored XSS Demo
  18. 18. Stored XSS Mission
  19. 19. XSS Prevention Don’t use user input as-is Encoding X-XSS-Protection Response Header HttpOnly flag Response Header
  20. 20. Popular XSS Attacks
  21. 21. SQL Injection Attack where SQL commands are injected in order to affect the execution of predefined SQL commands
  22. 22. SQL Injection Demo
  23. 23. SQL Injection Prevention Don’t use user input directly Use prepared statements Use stored procedures Use frameworks
  24. 24. ZAP
  25. 25. References https://www.owasp.org https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project https://www.google.co.in/about/appsecurity/tools/ https://xkcd.com/327/ http://www.dvwa.co.uk/ https://www.amazon.in/Web-Application-Hackers-Handbook-Exploiting- ebook/dp/B005LVQA9S https://google-gruyere.appspot.com
  26. 26. Thank you Dhaval Doshi (@dhavaldoshi) Lavanya Mohan (@LavanyaMohan210) Shirish Padalkar (@_Garbage_)

×