SlideShare a Scribd company logo

Web Application Testing. A Quick Guide to Testing and Security

The Software House, profile picture
The Software House

The document is a quick guide to web application testing, emphasizing the importance of understanding common hacking tools and security measures. It advocates for strong password policies, two-factor authentication, and collaboration in penetration testing. It also highlights various resources and tools for web security testing, including Burp Suite and ModSecurity.

Software
1 of 16
Downloaded 12 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Web Application Testing Quick guide to testing and references
C|EH DevOps I hate PCI Ruby on Rails Developer Pretend to know other things… I like turtles… No I will not hack into your wifes email. James Ruffer
Developers? Ruby? PHP? Python? Java? Android? Cobol? Fortran? Is .NET still around? PenTesters? Who are you?
Who is attacking you? ● Kiddy scripters ● Dumbasses ● Angry Hacker ● Professional Hacker ● Team of Hackers
Who should you protect yourself against? ● Kiddy Scripters ● Dumbasses How and Why?
Web Application Testing. A Quick Guide to Testing and Security
HOW? Know the most common hacking tools: https://www.concise-courses.com/hacking- tools/top-ten/ BackTrack now known as https://www.kali.org/ http://www.metasploit.com/
Resources to stay up to date on OWASP Data Loss DB Verizon Report Hack this site Root this box www.owasp.org www.datalossdb.org www.verizonenterprise. com/DBIR/ www.hackthissite. org/pages/index/index.php
Please for the love of God...force some password rules like uppercase with number and special char...expire 90 days. Simple Two Factor solutions Google Two Factor Password Rules
Web Application Testing. A Quick Guide to Testing and Security
Copy / Paste will save time BUT... Using other plugins or others code to save time is commonly done BUT have you actually looked at the code? Tested the code? Open Source code is the worst for exploits. OAuth plugin https://github.com/intridea/omniauth
How old is the github project?
Intro to burp suite for app testing Burp Suite is a great way to test MANY things but information gathering is first step.
DevOps can help ModSec Naxsi TinFoil NetSparker https://www.modsecurity.org/ https://code.google. com/p/naxsi/wiki/LearningMode https://www.tinfoilsecurity.com/ www.netsparker.com/web- vulnerability- scanner/vulnerabilities/
Have a shared pentesting box with team. Read logs and update often. Comment in Git push after tests. Dedicated testing Box
Web Application Testing. A Quick Guide to Testing and Security

More Related Content

PDF
Around the PHP Community
Ben Ramsey
 
ODP
<?php>Hello Worl...Ooo Shiny!
Sean Prunka
 
ODP
Profiling PHP & Javascript
Dave Ross
 
PPTX
Raising the bar 2, Using Puppet to install enterprise middleware applications
Bert Hajee
 
PPTX
How To Pass A Ruby Code Test
Robert Postill
 
PDF
All you need is front
Israel Gutiérrez
 
PDF
Mosby's Review Questions & Answers For Veterinary Boards: Ancillary Topics k...
muxitoy454
 
PDF
2021laravelconftwslides4
LiviaLiaoFontech
 
Around the PHP Community
Ben Ramsey
 
<?php>Hello Worl...Ooo Shiny!
Sean Prunka
 
Profiling PHP & Javascript
Dave Ross
 
Raising the bar 2, Using Puppet to install enterprise middleware applications
Bert Hajee
 
How To Pass A Ruby Code Test
Robert Postill
 
All you need is front
Israel Gutiérrez
 
Mosby's Review Questions & Answers For Veterinary Boards: Ancillary Topics k...
muxitoy454
 
2021laravelconftwslides4
LiviaLiaoFontech
 

What's hot (8)

KEY
Finding the Middle Way of Testing
Rabble .
 
KEY
Hacking Frequent Flyer Programs
Rabble .
 
ODP
<?php>m doing! (shh, yes you do.)
Sean Prunka
 
PPTX
How to: Reporting Issues
John Havlik
 
ODP
10 things you are doing wrong in Joomla
Ashwin Date
 
PDF
State Of The Art Image Recognition In 7 Lines Of Python
Nejc Zupan
 
PDF
Developing apps for humans & robots
Nagaraju Sangam
 
PDF
PhpStorm for WordPress
East Bay WordPress Meetup
 
Finding the Middle Way of Testing
Rabble .
 
Hacking Frequent Flyer Programs
Rabble .
 
<?php>m doing! (shh, yes you do.)
Sean Prunka
 
How to: Reporting Issues
John Havlik
 
10 things you are doing wrong in Joomla
Ashwin Date
 
State Of The Art Image Recognition In 7 Lines Of Python
Nejc Zupan
 
Developing apps for humans & robots
Nagaraju Sangam
 
PhpStorm for WordPress
East Bay WordPress Meetup
 
Ad

Similar to Web Application Testing. A Quick Guide to Testing and Security (20)

PDF
Rails is not enough, by Javier Ramirez, at Conferencia Rails 2010 in Madrid, ...
javier ramirez
 
PDF
The Web Application Hackers Toolchain
jasonhaddix
 
PDF
PHP Doesn't Suck
John Hobbs
 
PDF
Open source-secret-sauce-rit-2010
Ted Husted
 
PDF
2012 03 27_philly_jug_rewrite_static
Lincoln III
 
PDF
Legal and efficient web app testing without permission
Abraham Aranguren
 
PDF
How To Be A Better Developer
Ahmed Abu Eldahab
 
PDF
Make your app idea a reality with Ruby On Rails
Nataly Tkachuk
 
PPTX
How To Be A Hacker
Paul Tarjan
 
ODP
Passing The Joel Test In The PHP World
Lorna Mitchell
 
PDF
Secure PHP Coding
Narudom Roongsiriwong, CISSP
 
PDF
Rob "Mubix" Fuller: Attacker Ghost Stories
Area41
 
PDF
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Rob Fuller
 
PPT
DDoS Attacks and Countermeasures
thaidn
 
PDF
c0c0n2010 -
Mauro Risonho de Paula Assumpcao
 
PPTX
How Laravel framework is shaping the future.pptx
ReformedTech
 
PPT
Learning to code
Sara-Jayne Terp
 
PDF
Finding harmony in web development
Christian Heilmann
 
PDF
How to ship web software like pirates!
Sylvain Carle
 
PPT
Introduction to PHP - SDPHP
Eric Johnson
 
Rails is not enough, by Javier Ramirez, at Conferencia Rails 2010 in Madrid, ...
javier ramirez
 
The Web Application Hackers Toolchain
jasonhaddix
 
PHP Doesn't Suck
John Hobbs
 
Open source-secret-sauce-rit-2010
Ted Husted
 
2012 03 27_philly_jug_rewrite_static
Lincoln III
 
Legal and efficient web app testing without permission
Abraham Aranguren
 
How To Be A Better Developer
Ahmed Abu Eldahab
 
Make your app idea a reality with Ruby On Rails
Nataly Tkachuk
 
How To Be A Hacker
Paul Tarjan
 
Passing The Joel Test In The PHP World
Lorna Mitchell
 
Secure PHP Coding
Narudom Roongsiriwong, CISSP
 
Rob "Mubix" Fuller: Attacker Ghost Stories
Area41
 
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Rob Fuller
 
DDoS Attacks and Countermeasures
thaidn
 
c0c0n2010 -
Mauro Risonho de Paula Assumpcao
 
How Laravel framework is shaping the future.pptx
ReformedTech
 
Learning to code
Sara-Jayne Terp
 
Finding harmony in web development
Christian Heilmann
 
How to ship web software like pirates!
Sylvain Carle
 
Introduction to PHP - SDPHP
Eric Johnson
 
Ad

More from The Software House (20)

PDF
Jak kraść miliony, czyli o błędach bezpieczeństwa, które mogą spotkać również...
The Software House
 
PDF
Uszanowanko Podsumowanko
The Software House
 
PDF
Jak efektywnie podejść do certyfikacji w AWS?
The Software House
 
PDF
O co chodzi z tą dostępnością cyfrową?
The Software House
 
PDF
Chat tekstowy z użyciem Amazon Chime
The Software House
 
PDF
Migracje danych serverless
The Software House
 
PDF
Jak nie zwariować z architekturą Serverless?
The Software House
 
PDF
Analiza semantyczna artykułów prasowych w 5 sprintów z użyciem AWS
The Software House
 
PDF
Feature flags na ratunek projektu w JavaScript
The Software House
 
PDF
Typowanie nominalne w TypeScript
The Software House
 
PDF
Automatyzacja tworzenia frontendu z wykorzystaniem GraphQL
The Software House
 
PDF
Serverless Compose vs hurtownia danych
The Software House
 
PDF
Testy API: połączenie z bazą danych czy implementacja w pamięci
The Software House
 
PDF
Jak skutecznie read model. Case study
The Software House
 
PDF
Firestore czyli ognista baza od giganta z Doliny Krzemowej
The Software House
 
PDF
Jak utrzymać stado Lambd w ryzach
The Software House
 
PDF
Jak poskromić AWS?
The Software House
 
PDF
O łączeniu Storyblok i Next.js
The Software House
 
PDF
Amazon Step Functions. Sposób na implementację procesów w chmurze
The Software House
 
PDF
Od Figmy do gotowej aplikacji bez linijki kodu
The Software House
 
Jak kraść miliony, czyli o błędach bezpieczeństwa, które mogą spotkać również...
The Software House
 
Uszanowanko Podsumowanko
The Software House
 
Jak efektywnie podejść do certyfikacji w AWS?
The Software House
 
O co chodzi z tą dostępnością cyfrową?
The Software House
 
Chat tekstowy z użyciem Amazon Chime
The Software House
 
Migracje danych serverless
The Software House
 
Jak nie zwariować z architekturą Serverless?
The Software House
 
Analiza semantyczna artykułów prasowych w 5 sprintów z użyciem AWS
The Software House
 
Feature flags na ratunek projektu w JavaScript
The Software House
 
Typowanie nominalne w TypeScript
The Software House
 
Automatyzacja tworzenia frontendu z wykorzystaniem GraphQL
The Software House
 
Serverless Compose vs hurtownia danych
The Software House
 
Testy API: połączenie z bazą danych czy implementacja w pamięci
The Software House
 
Jak skutecznie read model. Case study
The Software House
 
Firestore czyli ognista baza od giganta z Doliny Krzemowej
The Software House
 
Jak utrzymać stado Lambd w ryzach
The Software House
 
Jak poskromić AWS?
The Software House
 
O łączeniu Storyblok i Next.js
The Software House
 
Amazon Step Functions. Sposób na implementację procesów w chmurze
The Software House
 
Od Figmy do gotowej aplikacji bez linijki kodu
The Software House
 

Recently uploaded (20)

PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PPTX
Mastering-Cybersecurity-The-Crucial-Role-of-Antivirus-Support-Services.pptx
akkie9682
 
PPTX
AIRLINE PRICE API | FLIGHT API COST |
philipnathen82
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PPTX
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PPTX
Materi-Enum-and-Record-Data-Type (1).pptx
RanuFajar1
 
PPT
Introduction Database Management System for Course Database
ReinertYosua
 
PDF
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
DOCX
The Five Best AI Cover Tools in 2025.docx
aivoicelabofficial
 
PDF
The Role of Automation and AI in EHS Management for Data Centers.pdf
TECH EHS Solution
 
PDF
Multi-factor Authentication (MFA) requirement for Microsoft 365 Admin Center_...
Q-Advise
 
PPTX
Presentation of Computer CLASS 2 .pptx
darshilchaudhary558
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PPTX
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
Mastering-Cybersecurity-The-Crucial-Role-of-Antivirus-Support-Services.pptx
akkie9682
 
AIRLINE PRICE API | FLIGHT API COST |
philipnathen82
 
Introduction to Artificial Intelligence
lohedi9363
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
System and Network Administraation Chapter 3
jaramharo
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
Materi-Enum-and-Record-Data-Type (1).pptx
RanuFajar1
 
Introduction Database Management System for Course Database
ReinertYosua
 
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
The Five Best AI Cover Tools in 2025.docx
aivoicelabofficial
 
The Role of Automation and AI in EHS Management for Data Centers.pdf
TECH EHS Solution
 
Multi-factor Authentication (MFA) requirement for Microsoft 365 Admin Center_...
Q-Advise
 
Presentation of Computer CLASS 2 .pptx
darshilchaudhary558
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 

Web Application Testing. A Quick Guide to Testing and Security