Web application security test tools

1,382 views

Published on

Web application security test tools

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,382
On SlideShare
0
From Embeds
0
Number of Embeds
66
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • {}
  • Web application security test tools

    1. 1. Web Security Testing Tools  Nguyen Huu Phuoc, MEng. 11/2013
    2. 2. Agenda ● Security in ISO 25010. ● What is web application security? ● Top Web application security risks. ● Web application security test tools.
    3. 3. ISO 25010
    4. 4. ISO 25010 ● ISO 25010: Software Qulity Requirements – 3 models ● ● Data quality. ● – System/Software product quality. Quality in use. System/Software product quality ● ● – 8 characteristics. 31 sub-characteristics. Security: ● 1/8 characteristic. ● 5 sub-scharacteristics.
    5. 5. Web Application Security ● Web Application Security → System/Software Quality.
    6. 6. Top Web Security Risks ● OWASP: – The Open Web Application Security Project. – Website: https://www.owasp.org – The OWASP Top Ten Project: https://www.owasp.org/index.php/Top_10
    7. 7. Top Web Security Risks A1.Injection A2.Broken Authentication And Session Management A3.Cross-site Scripting (XSS) A4.Insecure Direct Object References A5. Security Misconfiguration A6.Sensitive Data Exposure A7.Missing Function Level Access Control A8.Cross site Request Forgery (CSRF) A9.Using known vulnerable Components A10.Unvalidated Redirects And Forwards
    8. 8. Web App Security Test Tools ● ● ● ● ● A1.Injection → WA3F A2.Broken Authentication And Session Management → HackBar A3.Cross-site scripting → ZAP A4.Insecure Direct Object References → Burp Suite A5.Security Misconfiguration → Watobo
    9. 9. Web App Security Test Tools ● A6.Sensitive Data Exposure → Calomel Addon ● A7.Missing Fuction Level Access Control → Wikto ● A8.Cross Site Request Forgery →Tamper Data ● ● A9.Using known vulnerable components → Dependency Check A10.Unvalidated Redirects And Forwards → Watcher
    10. 10. Web App Security Test Tools ● A6.Sensitive Data Exposure → Calomel Addon ● A7.Missing Fuction Level Access Control → Wikto ● A8.Cross Site Request Forgery →Tamper Data ● ● A9.Using known vulnerable components → Dependency Check A10.Unvalidated Redirects And Forwards → Watcher

    ×