A Web online specialty company has a online website and they want to you test. What sort of security tools or security need is required for a Test Analyst when he does testing?
It is a type of testing in which one will concentrate on the following areas.
Authentication Direct URL testing Firewall leakage testing
Authentication: in this type of testing usually one will enter different combinations of usernames and passwords and check whether it is allowing only authorised users or not.
Direct URL: In this type of testing one will enter the direct URL's and try to access the unauthorised pages and check whether they are been accessed or not.
Firewall Leakage: In this type of testing one level of users try to access other level of user pages to check whether firewalls are working properly or not.
“The Security tools suite provides a fully featured web security scanner crawler report analysis tool as well as web security explanations and an extensive database of security checks for all leading web server platforms. The all-in-one web security software lets the user scan for SANS Top 20 and OWASP Top 10 2004 vulnerabilities. Additionally the new baseline security scanning feature automatically detects reports & addresses outdated server software closing up your web server even more to vulnerabilities and possible attacks.”
SANS: (Client-side Vulnerabilities in Server-side Vulnerabilities in Security Policy and Personnel Application Abuse Network Devices Zero Day Attacks)
OWASP: (Input Validation Access Control Authentication and Session Management Input Validation->Cross site scripting Buffer Overflows Input Validation->Injection Error Handling Data Protection Availability Application Configuration Management Infrastructure Configuration Management)
