Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Testing The importance of security testing

Published byCandace Meagan Weaver Modified over 5 years ago

Similar presentations

Presentation on theme: "Security Testing The importance of security testing"— Presentation transcript:

1 Security Testing The importance of security testing
Security vulnerabilities Are we secure ?  How much security testing WE DO ? Security testing software tools Starting directions in developing security testing

2 The importance of security testing
System testing is a must to identify and address web application security vulnerabilities to avoid any of the following: A permanent loss in customer confidence Damage company brand Website downtime, devastating productivity Expensive vulnerability remediation costs Cost associated with securing web applications against future attacks Legal sanctions and civil lawsuits, depending on the case in question

3 Secure application checklist:
Confidentiality – only those with authorized access Integrity – information providing is correct Authentication – establishes the identity of the user Authorization – perform an action for which he has permission Availability – ready for use when expected Non-repudiation – information exchange with proof

4 Security vulnerabilities
Cross-Site Scripting (XSS) Buffer Overflow SQL Injection Denial of Service Password cracking Data Manipulation Unauthorized Data Access URL Manipulation through HTTP GET methods

5 Security testing example
SQL Injection Google search for inurl:.php?id=

6 Are we secure ?  How much security testing WE DO ?

7 OWASP

8 Tools for scanning this vulnerabilities:
WEB APPLICATION RISK SECURITY UTILITY A1: Injection SQL Inject Me and Zed Attack Proxy (ZAP) A2: Broken Authentication and Session Management ZAP A3: Cross-Site Scripting (XSS) A4: Insecure Direct Object References HTTP Directory Traversal Scanner, Burp Suite and ZAP A5: Security Misconfiguration OpenVAS and WATOBO A6: Sensitive Data Exposure Qualys SSL Server Test A7: Missing Function Level Access Control OpenVAS A8: Cross-Site Request Forgery (CSRF) Tamper Data (Samurai WTF), WebScarab or ZAP A9: Using Components with Known Vulnerabilities A10: Unvalidated Redirects and Forwards

9 Penetration Testing Simulating Attack from a Malicious Source
Includes Network Scanning and Vulnerability Scanning Simulates Attack from someone Unfamiliar with the System Simulates Attack by having access to Source Code, Network, Passwords

10 Security testing software tools:
OWASP ZAP Metasploit Nessus Vulnerability Scanner Nmap SQLmap W3af Burp Suite CORE Impact

11 ZAP Report

12 My starting directions in developing security testing
What is security testing ? What are the most common security attacks, technologies, tools ? Detect vulnerabilities in your software application Find the right tool that can be used to scan vulnerabilities Write Security testing plan Execute security scan Report the threats and recommendations

13 Starting directions in developing security testing
Study of Security Architecture Analysis of Security Requirements Classifying Security Testing Developing Objectives Threat Modeling Test Planning Execution Reports

14 Thank You

Download ppt "Security Testing The importance of security testing"

Similar presentations

Webgoat.

Webgoat.
Infosec 2012 | 25/4/12 Application Performance Monitoring Ofer MAOR CTO Infosec 2012.

Infosec 2012 | 25/4/12 Application Performance Monitoring Ofer MAOR CTO Infosec 2012.
OWASP Web Vulnerabilities and Auditing

OWASP Web Vulnerabilities and Auditing
PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.

PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
Hands on Demonstration for Testing Security in Web Applications

Hands on Demonstration for Testing Security in Web Applications
A Demo of and Preventing XSS in.NET Applications.

A Demo of and Preventing XSS in.NET Applications.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Barracuda Web Application Firewall

Barracuda Web Application Firewall
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
By Ben Pratt and Clint Forseth.  Ben Pratt ◦ Primary Role: Course Mgmt. Sys. Admin ◦ Secondary Roles: Printer Server Admin, Web Application Firewall.

By Ben Pratt and Clint Forseth.  Ben Pratt ◦ Primary Role: Course Mgmt. Sys. Admin ◦ Secondary Roles: Printer Server Admin, Web Application Firewall.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt.

What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt.
The 10 Most Critical Web Application Security Vulnerabilities

The 10 Most Critical Web Application Security Vulnerabilities
By: Razieh Rezaei Saleh.  Security Evaluation The examination of a system to determine its degree of compliance with a stated security model, security.

By: Razieh Rezaei Saleh.  Security Evaluation The examination of a system to determine its degree of compliance with a stated security model, security.
Introduction to Application Penetration Testing

Introduction to Application Penetration Testing
OWASP Zed Attack Proxy Project Lead

OWASP Zed Attack Proxy Project Lead
Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.

Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.
The OWASP Way Understanding the OWASP Vision and the Top Ten.

The OWASP Way Understanding the OWASP Vision and the Top Ten.
A Framework for Automated Web Application Security Evaluation

A Framework for Automated Web Application Security Evaluation

Similar presentations

Ads by Google