Certainly! all types of applications, mobile apps and web-based systems are secure requires more than just good design and rocket science development. For security problems, we need to refer vulnerability scan, pen testing or penetration testing which is the act of reconnaissance and analysing a system to find out all possible holes. Security testing should be considered as an ongoing activity for all projects.
We have to impede following basic holes:
For more details go to OWASP: https://www.owasp.org/index.php/Top_10_2013-Top_10
[Study OWASP is must read for security tester]
Some basic tips on pen testing:
We have to impede following basic holes:
- Inappropriate validation of input and output data.
- Injection flaws (data theft).
- Flaw with authentication.
- Data poisoning.
- Poor Error handling.
- Allow to execute malicious script(s).
- Buffer overflow error.
- Cross site scripting (XSS) attack.
- Brute force cracking.
For more details go to OWASP: https://www.owasp.org/index.php/Top_10_2013-Top_10
[Study OWASP is must read for security tester]
Some basic tips on pen testing:
- Have to collect as much information as possible about the system.
- Have to clear concept about the application infrastructure.
- Have to figure out crucial weak spots.
- Have to make sure the data protection in transit
- Have to try the weaknesses in input validation,
- Have to looking for authentication and information leakage.
- Have to check the cookies and session management.
Vulnerability Scanning Tools: https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools
Note: When you looking for vulnerabilities, manual exploratory testing is always a good choice.
No comments:
Post a Comment