Working in era of web 2.0 is more challenging for QA/testers. specially when you need to be care of security. Here we wil discuss the importance of security testing tools and their availability. also we will try to find out the "Web vulnerabilities " which affect most.
This post is for them who want to take an overview on security testing of web 2.0 applications.
so lets start with the question 'Can automated tool be used for securing a website from hacking inexpensively and easily and what they are ?' so there are numbers of such tools available in market. many of them are free. one can search in internet. there are so many which are paid but parallel they provide their free version also.
But my concern over here is , we should not overestimated the value of such tools or scanner. The manual activities also important to find out the securities vulnerabilities. so just do not underestimate the manual effort given to your testing activities.
The firefox plugin or extension can help us to find this. Most developer use such extension. firebug is one of them. SQL injection is one of the best method to
lets now try to see the most vulnerabilities discovered. I would like to thanks Kevin Beaver, one of the best author I used to read the article. he also given the below fact which i am going to describe.
here re the few most affective Web vulnerabilities according to the order:
1- Cross site scripting (CSS also known as XSS)
2- Broken session management
3- Improper error handling
4- Unvalidated input
5- Injection flaws
6- Insecure config management
7- Broken access control
and many more.
so from this it is very clear that XSS is very common Web vulnerabilities. I have already posted one article on XSS. you can find this here
I have also manage to write white paper on web testing which may help you to understand the whole process of testing web application. That can be find on clicking here.
Thank you for using my blog. I will really appreciate if you write few comments and suggestion to improve it.
Software Testing, Test Automation, Test Consulting, and Trainings...... Learn from experience
Wednesday, October 21, 2009
Subscribe to:
Post Comments
(
Atom
)
No comments :
Post a Comment