Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automatic security testing tools for web-based system

Published byNathan Patterson Modified over 6 years ago

Similar presentations

Presentation on theme: "Automatic security testing tools for web-based system"— Presentation transcript:

1 Automatic security testing tools for web-based system
CS577b Individual Research Shi-Xuan Zeng 04/23/2012

2 Outline Introduce security testing
Web application/system security testing Web application/system security risks Security testing tools comparison Summary

3 What is security testing?
Providing evidence Fulfilling requirements Fundamental processes Boundary values Equivalence classes Security classes * Web Security Testing Cookbook (O’Reilly)

4 Web application security testing
Functional testing V.S. Security testing Use variety tools manually and automatically Simulate and stimulate activities Goal Produce repeatable and consistent tests * Web Security Testing Cookbook (O’Reilly)

5 Web application security risks
* OWASP Top Ten Project (2010)

6 Top 10 Web Application Security Risks
* OWASP Top Ten Project (2010)

7 Security testing tools comparison 1
Ease of use Information provided Item tested Traceability OWASP WebScarab Medium Depends Hard Burp Suite Free Nikto 2 Many Wapiti Excellent Low Skipfish Med Hard Good

8 Security testing tools comparison 2
Ease of use Information provided Item tested Traceability w3af Easy Good Many High N-Stalker Security Scanner Free Edition Very Easy Acunetix WVS‏ Free Edition Medium Very limited Low Websecurify (browser-extension) Few Netsparker Community Edition(free) Excellent

9 Summary Security testing provides evidence and fulfill requirements.
The goal is to produce repeatable and consistent tests. Beware of top 10 web application security risks. Choose free, easy used, and good traceability testing tools. Suggest w3af and N-Stalker Security Scanner Free Edition.

10 Reference Web Security Testing Cookbook OWASP Top Ten Project
Paco Hope, Ben Walther; O’Reilly Media Inc.; Oct OWASP Top Ten Project 10+ Free Web Application Security Testing Tools

11 Questions ?

12 Thank You!!

Download ppt "Automatic security testing tools for web-based system"

Similar presentations

Short introduction to the use of PEARL General properties First tier assessments Higher tier assessments Before looking at first and higher tier assessments,

Short introduction to the use of PEARL General properties First tier assessments Higher tier assessments Before looking at first and higher tier assessments,
Ondřej Kašpar choice of topic solution of problem –paper catalogue –e-catalogue Where Is It? about Where Is It? –what can.

Ondřej Kašpar choice of topic solution of problem –paper catalogue –e-catalogue Where Is It? about Where Is It? –what can.
Hands on Demonstration for Testing Security in Web Applications

Hands on Demonstration for Testing Security in Web Applications
I.T. DIGIT TestCentre Vulnerability assessment service Gabriel BABIANO DIGIT.A.3 29/11/2012.

I.T. DIGIT TestCentre Vulnerability assessment service Gabriel BABIANO DIGIT.A.3 29/11/2012.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall. Microsoft Office 2010 PowerPoint, Workshop 1 Communication with Presentations.

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall. Microsoft Office 2010 PowerPoint, Workshop 1 Communication with Presentations.
1 WebManager: Transforming a Network Management Application Into a Component-Based Framework Sauvé, Coutinho, Almeida, Souza, Duarte 2001.

1 WebManager: Transforming a Network Management Application Into a Component-Based Framework Sauvé, Coutinho, Almeida, Souza, Duarte 2001.
Troy School & Office Products * 421 S. Union Street Troy, Ohio 45373 * Toll Free 1-800-561-7981 * www.troydryerase.com 1 Section 8.

Troy School & Office Products * 421 S. Union Street Troy, Ohio * Toll Free * 1 Section 8.
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
Static Analysis for Dynamic Assessments Greg Patton | September 2014.

Static Analysis for Dynamic Assessments Greg Patton | September 2014.
Microsoft Dynamics. Introducing Al-Futtaim Technologies  One of the region’s leading System Integrators  Strong partnerships with leading global ICT.

Microsoft Dynamics. Introducing Al-Futtaim Technologies  One of the region’s leading System Integrators  Strong partnerships with leading global ICT.
Presentation Overview

Presentation Overview
Exploring the Relationship Between Web Application Development Tools and Security Matthew Finifter and David Wagner University of California, Berkeley.

Exploring the Relationship Between Web Application Development Tools and Security Matthew Finifter and David Wagner University of California, Berkeley.
Security Scanning OWASP Education Nishi Kumar Computer based training

Security Scanning OWASP Education Nishi Kumar Computer based training
By: Razieh Rezaei Saleh.  Security Evaluation The examination of a system to determine its degree of compliance with a stated security model, security.

By: Razieh Rezaei Saleh.  Security Evaluation The examination of a system to determine its degree of compliance with a stated security model, security.
CAP6135 – Malware and Software Vulnerability Analysis By Tara Lingle and Orcun Tagtekin.

CAP6135 – Malware and Software Vulnerability Analysis By Tara Lingle and Orcun Tagtekin.
Open Solutions for a Changing World™ Copyright 2005, Data Access WordwideElectos June 6-9, 2005 Key Biscayne, Florida Data Access Europe BV Eddy Kleinjan,

Open Solutions for a Changing World™ Copyright 2005, Data Access WordwideElectos June 6-9, 2005 Key Biscayne, Florida Data Access Europe BV Eddy Kleinjan,
Www.teacherpage.com Create Your Own Free Website.

Create Your Own Free Website.
TOOLS FOR IMPLEMENTING THE QUALITY FRAMEWORK Dr Peter Jones MSc EBHC (Oxon) FACEM Dr Alana Harper PG Cert Med Sci FACEM MOH Forum, Wellington 23/3/2015.

TOOLS FOR IMPLEMENTING THE QUALITY FRAMEWORK Dr Peter Jones MSc EBHC (Oxon) FACEM Dr Alana Harper PG Cert Med Sci FACEM MOH Forum, Wellington 23/3/2015.

Similar presentations

Ads by Google