Results 1 to 6 of 6
  1. #1

    Security testing--Application security

    Iam working on a realestate manangement project and we have a module named security(providing authentication to users).Now i need to test this application usin these techniques...

    Input Checking and Validation
    SQL Injection Attack
    Penetration Testing

    Pls do tell me how can i do SQL Injection tests and Penetration tests??
    thanks and regards
    roshni [img]/images/graemlins/confused.gif[/img]

  2. #2

    Re: Security testing--Application security

    Hi Roshni,
    What have you been able to find out so far?
    Everywhere's within walking distance if you have enough time.

  3. #3

    Re: Security testing--Application security

    First, you need a big hypodermic needle....

  4. #4

    Re: Security testing--Application security

    SQL injection targets the database, so the first thing you need to figure out is which database (management system) is the application running against. Once this is determined then you can figure out how to target that specific system for sql injection.

  5. #5

    Re: Security testing--Application security

    Hi Roshini,
    Recently i have prepared a secutiy test plan for my project and i have observed intresting things abt Sql Injection and penetration testing.

    SQL Injection: Is the process of adding SQL statements in user input. It is Used by hackers to:
    • Probe databases
    • Bypass authorization
    • Execute multiple SQL statements
    • Call built-in stored procedures

    For this you need to
    Sanitize all input
    Consider all input as harmful until proven otherwise
    Look for valid data and reject everything else
    Consider the use of regular expressions to remove unwanted characters
    Run with least privilege
    Never execute as “sa”
    Restrict access to built-in stored procedures
    Use stored procedures or SQL parameterized queries to access data
    Do not echo ODBC errors.

    Comming to Penetration Testing:
    It will be purely based on the Threat modelling section in your design documents.

    Test Lead

  6. #6

    Re: Security testing--Application security

    thanks for that reply.....

    I have one more doubt...
    They are using Stored Procedures here..
    So how can I check their security??
    Will the SQl injection work on stored procedure also??
    Or else I need to do any other type of testing



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
BetaSoft Inc.
All times are GMT -8. The time now is 05:39 PM.

Copyright BetaSoft Inc.