| || |
- 1 Post By amit.cs2
- 1 Post By kingtermite
- 1 Post By dlai
- 2 Post By sumitkumarwatts
About Security Testing
Anybody have any idea about the security testing or any tool or something. I need to explore it by myself. Is there any way to start & exploring?
Thanks in advance
Can you be more specific?
What type of security? I've seen a lot of different things called "security".
Security is a huge field by itself, I suggest reading about the 4 A's of security. Combined with the 4'A's there are different concerns. For example Application Level vs Network Level vs Database Level, Client Side security vs. Serverside security, Web vs. Native applications, vs. thin clients, etc....
Originally Posted by amit.cs2
My experience has been mostly server-side application level security for web. In that area, OWASP ZAP and google skipfish are great tools. Skipfish is great to use as part of an automated process, while OWASP Zap is one of the best free tool out there for exploreing the app while having a program spider and try out attacks in the background. A commercial tool I think is pretty good is IBM's App Scan.
Security testing is performed to find vulnerabilities in the application/website. There are multiple security testing techniques. Below mentioned are the OWASP techniques which most of the companies providing security testing services tested:
- A1-Injection(sql injection and XSS)
- A2-Broken Authentication and Session Management
- A3-Cross-Site Scripting (XSS)
- A4-Insecure Direct Object References
- A5-Security Misconfiguration
- A6-Sensitive Data Exposure
- A7-Missing Function Level Access Control
- A8-Cross-Site Request Forgery (CSRF)
- A9-Using Components with Known Vulnerabilities
- A10-Unvalidated Redirects and Forwards
OWASP ZAP and W3af are the open source commonly used tools.
Security testing is a testing technique to determine if an information system protects data and maintains functionality as intended.
Security Testing Tools :
2)ZED Attack Proxy (ZAP)
5) Iron Wasp
7) BeEF (Browser Exploitation Framework)
Start Exploring this Security Testing Tools .All The Best !!!
Thanks to all....
For your valuable suggestions..........