Step by step guide for web application security testing
Download as PPT, PDF6 likes951 views
The document outlines a step-by-step approach for web application security testing. It begins with cracking passwords by guessing usernames and passwords or using password cracking tools. It then discusses manipulating URLs by changing parameters in the query string to test how the server responds. Finally, it describes checking for SQL injection vulnerabilities by entering single quotes or analyzing user inputs given as MySQL queries. The overall approach helps identify security risks so companies can employ reliable website application security services to eliminate vulnerabilities.
Step by step guide for web application security testing
- 2. Due to recent advancements in information technology, it has become possible for one to gain unauthorized access to confidential information about web applications. It has thus become important for companies to employ web application security services. Here is an approach for testing web applications for security
- 3. Cracking Password Cracking password is the first step implemented by a website application security testing services company. One can log in to the private modules of an application either by guessing user name and password correctly, or by utilizing a password cracker tool. Along with open source password cracker tools, you will get a list of common passwords and user names. Cracking the password normally does not take a long time unless the password involves a complex combination of alphabets, numbers and special characters. Sometimes cookies store information about user names and passwords. It is possible to steal these cookies and extract these pieces of information from them.
- 4. Manipulating URL When an application uses HTTP GET method for the exchange of information between client and server, some important information is passed to the query string through parameters. It is the responsibility of a tester to analyze the information in query string. This can be done by changing a parameter in query string and checking if it is accepted by the server. Server receives user information via HTTP GET request, and authenticates it. Information can be extracted from GET request by manipulating its variables. An attacker can observe unusual behavior in the application and exploit it. This risk can be eliminated by employing reliable website application security services.
- 5. Checking For SQL Injection Checking for SQL injection is an important stage in web application security testing. Normally an application rejects the entry of a single quote in a text box. However, such queries sometimes get processed by the application, causing a database error. This indicates the possibility of an SQL injection.
- 6. Checking For SQL Injection SQL injection attacks should never be ignored as one can gain access to confidential information with the help of these attacks. Entry points of injection can be figured out by analyzing the code base. User inputs given in the form of MySQL queries are stored in code base
- 7. Content Source http://www.avyaan.com/blog/step-by-step-approach-for- web-application-security-testing/ A-83, 1st Floor, Sector-2, Noida 201301 India