GeekInterview.com
Series: Subject: Topic:
Question: 10 of 15

Security Tools

A Web online specialty company has a online website and they want to you test. What sort of security tools or security need is required for a Test Analyst when he does testing?
Asked by: yonca | Member Since Jul-2008 | Asked on: Jul 19th, 2008

View all questions by yonca   View all answers by yonca

Showing Answers 1 - 6 of 6 Answers

As per my knowledge below security methods needs to be verified in web testing.

·         Cross-site scripting                                                       

·         SQL Injection

·         Buffer overflows

·         Hidden fields

·         CGI parameters

·         Cookies

·         Forceful browsing

·         URL jumping

·         Automatic Form fillers

·         Known Attacks

·         Crawling


  
Login to rate this answer.

And there are so many open source tools to test security vulnerabilities like paros, Acunetix.

  
Login to rate this answer.
Shilpa0901

Answered On : Sep 13th, 2008

View all answers by Shilpa0901

It is a type of testing in which one will concentrate on the following areas.

Authentication
Direct URL testing
Firewall leakage testing

Authentication: in this type of testing usually one will enter different combinations of usernames and passwords and check whether it is allowing only authorised users or not.


Direct URL: In this type of testing one will enter the direct URL's and try to access the unauthorised pages and check whether they are been accessed or not.


Firewall Leakage: In this type of testing one level of users try to access other level of user pages to check whether firewalls are working properly or not.

  
Login to rate this answer.
saja_mohd

Answered On : Mar 29th, 2009

View all answers by saja_mohd

Security Center, Team Viewer Connection, Internet,

  
Login to rate this answer.
saravanan123

Answered On : Aug 8th, 2009

View all answers by saravanan123

For security testing no toolis thereit shouldbe tested manualy but with the help os Load runner we can see howit will be

  
Login to rate this answer.


 “The Security tools suite provides a fully featured web security scanner, crawler, report analysis tool, as well as web security explanations, and an extensive database of security checks for all leading web server platforms. The all-in-one web security software lets the user scan for SANS Top 20 and OWASP Top 10 2004 vulnerabilities. Additionally, the new baseline security scanning feature automatically detects, reports & addresses outdated server software, closing up your web server even more to vulnerabilities and possible attacks.”

SANS: (Client-side Vulnerabilities in, Server-side Vulnerabilities in, Security Policy and Personnel, Application Abuse, Network Devices, Zero Day Attacks)


OWASP: (Input Validation, Access Control, Authentication and Session Management, Input Validation->Cross site scripting, Buffer Overflows, Input Validation->Injection,  Error Handling, Data Protection, Availability, Application Configuration Management
Infrastructure Configuration Management)

Yes  1 User has rated as useful.
  
Login to rate this answer.

Give your answer:

If you think the above answer is not correct, Please select a reason and add your answer below.

Related Open Questions

Ads

Connect

twitter fb Linkedin GPlus RSS

Ads

Interview Question

 Ask Interview Question?

 

Latest Questions

Ads

Interview & Career Tips

Get invaluable Interview and Career Tips delivered directly to your inbox. Get your news alert set up today, Once you confirm your Email subscription, you will be able to download Job Inteview Questions Ebook . Please contact me if you there is any issue with the download.