Right now I am manually testing an application which manipulates private and important data. XML/XSLC, AJAX, JS_Files are being used on the client side.
Would like to request u any tips, tricks or scenarios how to breach the security of such application or how to break it down.
Already checked vulnerability to SQL injections while logging in, ran through some input validations that came to my mind.
Any inputs, even these which can seem to you obvious will be appreciated. Thanks a lot.
-=A belief like a guillotine - as heavy, as light=- F. Kafka
I would suggest cross site scripting and Fuzzing as well as parameter manipulation and XPATH Injection also.......
XPATH is somewhat similiar to sQL Injection so you won't have much problem for the other type of testing you might have to do a bit of research but I assure you to carry an ad-hoc level testing you won't face much problem.
It is not technology but the need that should drive your testing efforts.
If the application you talking about is not for National security or a Bank or similar institution you can check it for SQL injections, XSS injections and that should do.
But if the application really houses some sensitive data then like Jake said call in the experts.
Every man is free to rotate his stick until it enters the boundary of someone else's nose