The online community for software testing & quality assurance professionals
 
 
Calendar   Today's Topics
Sponsors:




Lost Password?

Home
BetaSoft
Blogs
Jobs
Training
News
Links
Downloads



Software Testing >> Security Testing

Pages: 1
AravindNatarajan
Newbie


Reged: 05/20/08
Posts: 6
Possible Test cases to Check for Security Testing.
      #495387 - 06/27/08 05:34 AM

hi all viewers,

Testing Web site what are Possible Test cases to Check for Security Testing...?



Advance Thanks,
Aravind Natarajan.P


Post Extras: Print Post   Remind Me!   Notify Moderator  
kiranbadi1991
Super Member


Reged: 12/03/06
Posts: 1937
Re: Possible Test cases to Check for Security Testing. [Re: AravindNatarajan]
      #495491 - 06/27/08 10:00 AM

what security you are testing?Let us know your objective.

Post Extras: Print Post   Remind Me!   Notify Moderator  
Inder_P_Singh
Member


Reged: 06/18/08
Posts: 115
Loc: India
Re: Possible Test cases to Check for Security Testing. [Re: AravindNatarajan]
      #495798 - 06/30/08 03:28 AM

Hi,

You could read up on the following likely vulnerabilities (weaknesses) in a web site:
1) Missing input validation
2) XSS flaws
3) SQL injection flaws
4) URL manipulation
5) Directory traversal and indexing

I assume that you are planning to execute the security test in a test environment.

If you plan to perform the security test on an operational web site, firstly you should get appropriate authorization to perform the security test. You should be very careful during the test and keep all concerned teams well-informed about the test; otherwise you run the risk of accidently damaging any vulnerable data and/ or impact any running system/ service.

Thanks,
Inder P Singh

--------------------
Inder P Singh

For more of my thoughts, visit the blog, Software Testing Space @ http://inderpsingh.blogspot.com/


Post Extras: Print Post   Remind Me!   Notify Moderator  
TestingGeek
Member


Reged: 05/03/07
Posts: 391
Re: Possible Test cases to Check for Security Test [Re: Inder_P_Singh]
      #497237 - 07/04/08 11:32 AM

Hi Arvind,

This article might help you.
http://www.testinggeek.com/security.asp

--------------------
Thanks & Regards,
Geek -
www.iCheckWebsite.com
Check & Monitor content for SEO, Accessibility and Quality issues


Post Extras: Print Post   Remind Me!   Notify Moderator  
Ravi_Sankar
Newbie


Reged: 02/13/08
Posts: 1
Re: Possible Test cases to Check for Security Test [Re: TestingGeek]
      #497925 - 07/08/08 04:07 AM

we can classify web testing in to following categories

Authorization
Authentication
URL testing
XSS/SQL injection

You need to look at the application as if you are a hacker.

Thanks,
Ravi Sankar


Post Extras: Print Post   Remind Me!   Notify Moderator  
smgee
Newbie


Reged: 07/13/08
Posts: 3
Re: Possible Test cases to Check for Security Test [Re: Ravi_Sankar]
      #499439 - 07/13/08 05:14 PM

the best way to test is get someone not involved in the project and ask them to perform tasks.

Post Extras: Print Post   Remind Me!   Notify Moderator  
DiptiChaudhary
Member


Reged: 07/07/08
Posts: 42
Re: Possible Test cases to Check for Security Test [Re: smgee]
      #499459 - 07/13/08 09:41 PM

You have to even work on session management....
and for security you can even use many of the tools .........
Like Burp Suit........
You have paros........
etc........
I have worked on both but what i feel paros is more efficient in capturing and replaying the request.....
But it doesn't have vast options as you will get in Burp.....
You can even use a framework W3AF......
These all are freeware and you can donload it without any problem..........


Post Extras: Print Post   Remind Me!   Notify Moderator  
Inder_P_Singh
Member


Reged: 06/18/08
Posts: 115
Loc: India
Re: Possible Test cases to Check for Security Test [Re: Ravi_Sankar]
      #499594 - 07/14/08 05:42 AM

Quote:

we can classify web testing in to following categories

Authorization
Authentication
URL testing
XSS/SQL injection






If you want a rather complete (as of now) list of classes of attacks on a web site, please refer the Web Application Security Consortium's Threat Classification. This document will explain other kinds of attacks e.g. LDAP injection, XPATH injection etc. possible on a web site. One ought to test against all of these possibilities to ensure proper security of a web site.

Thank you,
Inder P Singh

--------------------
Inder P Singh

For more of my thoughts, visit the blog, Software Testing Space @ http://inderpsingh.blogspot.com/


Post Extras: Print Post   Remind Me!   Notify Moderator  
itisha
Newbie


Reged: 02/09/12
Posts: 5
Re: Possible Test cases to Check for Security Test [Re: Inder_P_Singh]
      #704926 - 04/23/12 08:55 AM

good document for security testing. thanks.

Post Extras: Print Post   Remind Me!   Notify Moderator  
dlai
Junior Member


Reged: 05/02/06
Posts: 1041
Loc: CA, USA
Re: Possible Test cases to Check for Security Test [Re: itisha]
      #705048 - 04/24/12 12:17 PM

Cache poisoning is also often over looked. Usually caching is turned off in a test environment so testers will always see the latest deployed content. But a site vulnerable to cache poisoning can have their content hijacked at a caching proxy server before the user even sees the content.

--------------------
David Lai
Sr. QA / Test Lead
LinkedIn profile


Post Extras: Print Post   Remind Me!   Notify Moderator  
Pages: 1



Extra information
0 registered and 2 anonymous users are browsing this forum.

Moderator:  icruiser, AJ, Walen 

Print Topic

Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      UBBCode is enabled

Rating:
Topic views: 7940

Rate this topic

Jump to

Contact Us | Privacy statement SQAForums

Powered by UBB.threads™ 6.5.5