Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Testing Methodology
Introduction to web application security penetration testing.
Process Breakdown
Stage 1: Enumeration
Stage 2: Assessment
Stage 3: Exploitation
Stage 4: Deliverable
Stage 1: Enumeration
Server and Client Technologies.
Software Versions.
Application Structure.
Common Configuration Practi...
Stage 2: Assessment
Finding vulnerabilities by brute force.
Finding vulnerabilities by fuzzing.
Finding vulnerabilities ma...
Stage 3: Exploitation
Prove that the target is vulnerable.
Measure attack effectiveness.
Ease of Exploitability.
Attack Li...
Stage 4: Deliverable
Document findings.
Discuss mitigations.
Provide examples.
Assessment Methodology
1. Authentication.
2. Session Management.
3. Access Control.
4. Data Transport.
5. Server Tier.
6. ...
Upcoming SlideShare
Loading in …5
×

Web Application Security 101 - 04 Testing Methodology

In part 4 of Web Application Security 101 we will dive deep into the standard testing methodology used by penetration testers and vulnerability researchers when testing web application for security vulnerabilities.

  • Be the first to comment

  • Be the first to like this

Web Application Security 101 - 04 Testing Methodology

  1. 1. Testing Methodology Introduction to web application security penetration testing.
  2. 2. Process Breakdown Stage 1: Enumeration Stage 2: Assessment Stage 3: Exploitation Stage 4: Deliverable
  3. 3. Stage 1: Enumeration Server and Client Technologies. Software Versions. Application Structure. Common Configuration Practices.
  4. 4. Stage 2: Assessment Finding vulnerabilities by brute force. Finding vulnerabilities by fuzzing. Finding vulnerabilities manually. Complex Input Validation Problems. Logic Flaws.
  5. 5. Stage 3: Exploitation Prove that the target is vulnerable. Measure attack effectiveness. Ease of Exploitability. Attack Likelihood. Mitigation Controls.
  6. 6. Stage 4: Deliverable Document findings. Discuss mitigations. Provide examples.
  7. 7. Assessment Methodology 1. Authentication. 2. Session Management. 3. Access Control. 4. Data Transport. 5. Server Tier. 6. Data Storage. 7. Logging. 8. Business Logic. 9. Data Validation.

×