I need some indepth information on web security testing. These are the categories of security testing which I have performed so far:
1) Username / Password Protection: Page expires after a specific period of time; The uname/pwd must not be displayed when the page is refreshed or clicked on BACK button.
2) Roles security testing: Specific roles have access to specific modules / pages of the site.
But both of the above are from application perspective. I need to know the following:
1) What other types of security testing can be performed on a web
2) How do I practically test them.
3) How do I do Firewall security testing
This depends on what you mean by 'web security testing'. This is a very large topic:
If you are testing, say you work for RSA, then your interest may be in the encryption mechanism. This means taking a same information, passing it down, run a tool that will look for similarities, and see how fast you can break the alogrithm. In general, you want to test the ROI of hacker trying to break into it. If it takes them 50 years to break the algorithm, then they'll probably give up. (Remember that pcs are cheap, and you can go with distributed processing to cut the time down a lot)
If you need to make sure that your software is 'using' an security mechanism, then you just need to make sure that these 'methods' are properly exercised. In general you need to 'sniff' the wire to visually inspect that the packets are indeed encrypted. Easiest way is to take something like etherpeek, to start grabbing packets, then invoke the application, and search through the packets for an expected string.
This is just the start of testing, and I can't really say what to do, unless you specify what you are actually testing.