Security Testing - URL/Sql Injection/XSS
Hi guys, Can you tell me when we do security Testing, Then there are some different things to test like -
3.Client-Side Script (XSS)
So while testing these issues during security testing, How we exactly check that our application is vulnerable or not against SQL Injection/URL Manipulation/Client-Side Script (XSS).
These are done manually or we use tools like -
IBM Rational AppScan
OWASP Zed Attack Proxy Project
So , can you please give me some suggestion. How we actually perform Security Testing like for Banking application.
Thanks & Regards,
Re: Security Testing - URL/Sql Injection/XSS
If you have not already, I suggest understanding the methods first. For this, OWASP (Open Web Application Security Project) is a good starting point. The Cheat Sheet lists the methods you describe and more.
RE: (1)URL Manipulation, find that in Session Management and Access Control.
As far as tools: I have used Fiddler and jMeter successfully for the three methods you list, but neither will automatically identify vulnerabilities, quite possible some of the one's you mentioned do.