Checklist Testers Should Follow For Application Security Testing

325 views

Embed
Email

From

Username or Email (please add comma after each username or email)

Name	Email

Back

Menu 3

Eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo.

Testingxperts

Uploaded on Aug 2, 2019

Category Technology

This article puts out what, when, why and how of most web application security testing situations, including estimating out what practices you need to test, which tools are best suited for the task, the use of vulnerability scanners and scanner validation, and additional standard tests. https://bit.ly/2Oz8eBK

Category Technology

Comments

Checklist Testers Should Follow For Application Security Testing
Checklist Testers Should Follow For Application
Security Testing
Web application security testing has a lot of elements, but even with its complexities, it doesn’t
have to be that complicated. The art here is to know what you want, what you require and then
take a calculated strategy to focus your efforts on the most significant applications.
The following information puts out the what, when, why and how of most
web application security testing situations, including estimating out what practices you need
to test, which tools are best suited for the task, the use of vulnerability scanners and scanner
validation, and additional standard tests.
1. What needs to be tested?

The scope of your security evaluation is significant. You may have your internal specifications,
or you may have to understand the requirements of a business associate or client. And you
need to get all the best people on board.
It should be clear which apps, network systems and code you require to test; how you will
c h e ck them; and what your particular expectations are for the deliverables. This incorporates
elements for testing any particular user roles.
2. What tools are best suited for the task?
At a minimum, web app security testing needs the use of a web vulnerability scanner, like
Netsparker or Acunetix Web Vulnerability Scanner.
For verified testing, you’ll require to use an HTTP proxy such as Burp Suite, which enables
you to attempt to manage user logins, session management, application workflows, and so
on.
It must be apparent which apps, network systems and code you require to test; how you
will check them; and what your particular expectations are for the deliverables.
Other tools are open if source code analysis is a necessity, but be cautious; you get what
you spend for with source code analysis tools and, unfortunately, most are pricey.
3. Vulnerability scanning
Rather than attempting to build a checklist of every test you want to run for every
vulnerability for web app security testing, it’s more accessible to break it down into the
essential categories.
When running vulnerability scans, make sure your scanners are testing for the significant
things, like SQL injection, cross-site scripting and file inclusion.
4. Scanner validation and additional manual checks
As with vulnerability scanners, I can’t possibly list all the tests you require to perform
because there are so many possible areas for exploitation.
The first thing you need to do is verify all your web vulnerability scanner findings to see
what’s exploitable and what matters in the context of your application and your business.