Security Tools

As per my knowledge below security methods needs to be verified in web testing.

·         Cross-site scripting                                                       

·         SQL Injection

·         Buffer overflows

·         Hidden fields

·         CGI parameters

·         Cookies

·         Forceful browsing

·         URL jumping

·         Automatic Form fillers

·         Known Attacks

·         Crawling

And there are so many open source tools to test security vulnerabilities like paros, Acunetix.

It is a type of testing in which one will concentrate on the following areas.

Authentication
Direct URL testing
Firewall leakage testing

Authentication: in this type of testing usually one will enter different combinations of usernames and passwords and check whether it is allowing only authorised users or not.

Direct URL: In this type of testing one will enter the direct URL's and try to access the unauthorised pages and check whether they are been accessed or not.

Firewall Leakage: In this type of testing one level of users try to access other level of user pages to check whether firewalls are working properly or not.

Security Center, Team Viewer Connection, Internet,

For security testing no toolis thereit shouldbe tested manualy but with the help os Load runner we can see howit will be

 “The Security tools suite provides a fully featured web security scanner, crawler, report analysis tool, as well as web security explanations, and an extensive database of security checks for all leading web server platforms. The all-in-one web security software lets the user scan for SANS Top 20 and OWASP Top 10 2004 vulnerabilities. Additionally, the new baseline security scanning feature automatically detects, reports & addresses outdated server software, closing up your web server even more to vulnerabilities and possible attacks.”

SANS: (Client-side Vulnerabilities in, Server-side Vulnerabilities in, Security Policy and Personnel, Application Abuse, Network Devices, Zero Day Attacks)


OWASP: (Input Validation, Access Control, Authentication and Session Management, Input Validation->Cross site scripting, Buffer Overflows, Input Validation->Injection,  Error Handling, Data Protection, Availability, Application Configuration Management
Infrastructure Configuration Management)