Security Tools

A Web online specialty company has a online website and they want to you test. What sort of security tools or security need is required for a Test Analyst when he does testing?

Questions by yonca   answers by yonca

Showing Answers 1 - 6 of 6 Answers

As per my knowledge below security methods needs to be verified in web testing.

·         Cross-site scripting                                                       

·         SQL Injection

·         Buffer overflows

·         Hidden fields

·         CGI parameters

·         Cookies

·         Forceful browsing

·         URL jumping

·         Automatic Form fillers

·         Known Attacks

·         Crawling

  Was this answer useful?  Yes


  • Sep 13th, 2008

It is a type of testing in which one will concentrate on the following areas.
Direct URL testing
Firewall leakage testing

Authentication: in this type of testing usually one will enter different combinations of usernames and passwords and check whether it is allowing only authorised users or not.

Direct URL: In this type of testing one will enter the direct URL's and try to access the unauthorised pages and check whether they are been accessed or not.

Firewall Leakage: In this type of testing one level of users try to access other level of user pages to check whether firewalls are working properly or not.

  Was this answer useful?  Yes

 “The Security tools suite provides a fully featured web security scanner, crawler, report analysis tool, as well as web security explanations, and an extensive database of security checks for all leading web server platforms. The all-in-one web security software lets the user scan for SANS Top 20 and OWASP Top 10 2004 vulnerabilities. Additionally, the new baseline security scanning feature automatically detects, reports & addresses outdated server software, closing up your web server even more to vulnerabilities and possible attacks.”

SANS: (Client-side Vulnerabilities in, Server-side Vulnerabilities in, Security Policy and Personnel, Application Abuse, Network Devices, Zero Day Attacks)

OWASP: (Input Validation, Access Control, Authentication and Session Management, Input Validation->Cross site scripting, Buffer Overflows, Input Validation->Injection,  Error Handling, Data Protection, Availability, Application Configuration Management
Infrastructure Configuration Management)

Give your answer:

If you think the above answer is not correct, Please select a reason and add your answer below.


Related Answered Questions


Related Open Questions