Step by step guide for web application security testing
-
Upload
avyaan-web-security-company-in-india -
Category
Technology
-
view
202 -
download
4
Transcript of Step by step guide for web application security testing
Due to recent advancements in
information technology, it has become possible for one to gain unauthorized
access to confidential information about web
applications. It has thus become important for
companies to employ web application security
services.
Here is an approach for testing
web applications for security
Cracking Password
Cracking password is the first step implemented by a website application security testing services company. One can log in to the private modules of an application either by guessing user name
and password correctly, or by utilizing a password cracker tool. Along with open source
password cracker tools, you will get a list of common passwords and user names. Cracking
the password normally does not take a long time unless the password involves a complex
combination of alphabets, numbers and special characters. Sometimes cookies store
information about user names and passwords. It is possible to steal these cookies and extract
these pieces of information from them.
Manipulating URL
When an application uses HTTP GET method for the exchange of information between client
and server, some important information is passed to the query string through
parameters. It is the responsibility of a tester to analyze the information in query string. This
can be done by changing a parameter in query string and checking if it is accepted by the server. Server receives user information via HTTP GET request, and authenticates it.
Information can be extracted from GET request by manipulating its variables. An
attacker can observe unusual behavior in the application and exploit it. This risk can be eliminated by employing reliable website
application security services.
Checking For SQL InjectionChecking for SQL injection is an important stage in web
application security testing. Normally an application rejects the entry of a single quote in a text box. However, such queries
sometimes get processed by the application, causing a database error. This indicates the possibility of an SQL injection.
Checking For SQL Injection
SQL injection attacks should never be ignored as one can gain access to confidential information with the help of
these attacks. Entry points of injection can be figured out by analyzing the code base. User inputs given in the form
of MySQL queries are stored in code base
Content Source
http://www.avyaan.com/blog/step-by-step-approach-for-web-application-security-testing/
A-83, 1st Floor, Sector-2, Noida 201301 India