The online community for software testing & quality assurance professionals
 
 
Calendar   Today's Topics
Sponsors:




Lost Password?

Home
BetaSoft
Blogs
Jobs
Training
News
Links
Downloads



Software Testing >> Security Testing

Pages: 1
Crimson_Quality_Assurance
Newbie


Reged: 01/13/12
Posts: 7
Security Testing Newbie
      #698173 - 02/10/12 10:38 AM

Hello All,

Sorry for the rather unprofessional subject but it fits my purposes of what I am seeking. I have been a functional tester for about 4 years and while I have dabbled in various areas most of all of my work has been done from a functional standpoint. I currently work for a very small company in which I am the only QA so it is my job in most cases to bring up areas of weakness and attempt to learn, implement, and test these various areas.

The discussion of security testing came up recently and I jumped at it as a learning experience but feel I may have gone a little over my head. To give more information the product I am working with is a web based app that we give to our clients who then include it in their network with their own security systems. So the focus for security with this product is attacking the product directly as most web based security methods are handled by the clients on their own.

To boil down my long winded last few paragraphs I am trying to figure out what types of testing would be valid to look into, any tools that would be suggested, and possibly any languages I need to learn to properly start security testing this product. I do know from one of our developers that a large portion of our security is built around a java hibernate framework. Unfortunately without the technical knowledge at this point i'm just seeking a direction to get started whether it's learning SQL for SQL injections or if a different path would make more sense.

Thanks.


Post Extras: Print Post   Remind Me!   Notify Moderator  
Crimson_Quality_Assurance
Newbie


Reged: 01/13/12
Posts: 7
Re: Security Testing Newbie [Re: Crimson_Quality_Assurance]
      #698174 - 02/10/12 10:42 AM

Another piece that I forgot to add. We have a basic security app that handles user login's and restrictions as far as what pieces of the app that they can see. That app has and still is pretty regularly tested but it doesn't protect against any form of hacking etc... that may occur.

Post Extras: Print Post   Remind Me!   Notify Moderator  
Joe Strazzere
Moderator


Reged: 05/15/00
Posts: 12344
Loc: Massachusetts, USA
Re: Security Testing Newbie [Re: Crimson_Quality_Assurance]
      #698178 - 02/10/12 11:51 AM

Quote:

Unfortunately without the technical knowledge at this point i'm just seeking a direction to get started whether it's learning SQL for SQL injections or if a different path would make more sense.



If you don't yet know SQL, and your product uses it, you should start there.

After that, read through this forum and you'll find more targets that you likely have time to learn thoroughly.

And, there's a bunch of useful information here:
https://www.owasp.org/index.php/Main_Page

--------------------
- Joe
Visit AllThingsQuality.com to learn more about quality, testing, and QA!

I speak only for me. I do not speak for my employer, nor for anyone else.


Post Extras: Print Post   Remind Me!   Notify Moderator  
Pages: 1



Extra information
0 registered and 4 anonymous users are browsing this forum.

Moderator:  icruiser, AJ, Walen 

Print Topic

Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      UBBCode is enabled

Rating:
Topic views: 1488

Rate this topic

Jump to

Contact Us | Privacy statement SQAForums

Powered by UBB.threads™ 6.5.5