Security Testing Case Study 360logica Software Testing Services.

Slides:

Advertisements

Similar presentations

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.

Advertisements

For further information computersecurity.wlu.ca

Barracuda Web Application Firewall

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Client Solution Secure collaboration with partners on customer initiatives and transactions Internal users push content to site without multiple authentication.

Information Networking Security and Assurance Lab National Chung Cheng University WebGoat.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

Web Programming Language Dr. Ken Cosh Week 1 (Introduction)

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Building Library Web Site Using Drupal

Team - CA CSCI 5234 Web Security.  Collect and document information of ecommerce security mechanisms.  Using: wiki engine for collaboration.

John Hartley Mark Bransby Utilizing Adobe's Publishing Solutions for Distributed Web Publishing.

Content Management Systems Equals Distributed Web Site Maintenance Robert Gulick, EdD DBA / Technology Trainer Carmi Gulick.

Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.

About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.

Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.

Lecture 7 Interaction. Topics Implementing data flows An internet solution Transactions in MySQL 4-tier systems – business rule/presentation separation.

© All rights reserved. Zend Technologies, Inc. PHP Security Kevin Schroeder Zend Technologies.

S.N.A.P. Network Audio Project Team SNAP Radio Ryan Dallaire, Justin Vathje, and Jeremy Lawson.

Software Security Testing Vinay Srinivasan cell:

Online Translation Service Capstone Design Eunyoung Ku Jason Roberts Jennifer Pitts Gregory Woodburn Kim Tran.

University of Illinois at Urbana-Champaign A Unified Platform for Archival Description and Access Christopher J. Prom, Christopher A. Rishel, Scott W.

Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.

Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim

OWASP Top Ten #1 Unvalidated Input. Agenda What is the OWASP Top 10? Where can I find it? What is Unvalidated Input? What environments are effected? How.

All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)

Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.

Input Validation – common associated risks  ______________ user input controls SQL statements ultimately executed by a database server

1 The current lesson plans provided for in Webgoatv2 include Http Basics How to Perform Database Cross Site Scripting (XSS) How to Spoof an Authentication.

GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

1 ECE 4112 Internetwork Security: Web Application Security 28 April 2005 John Owens Shantan Pesaru.

Organisations and Data Management 1 Data Collection: Why organisations & individuals acquire data & supply data via websites 2Techniques used by organisations.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.

Mr. Justin “JET” Turner CSCI 3000 – Fall 2015 CRN Section A – TR 9:30-10:45 CRN – Section B – TR 5:30-6:45.

Module 1: Overview of Microsoft Office SharePoint Server 2007.

CSC 2720 Building Web Applications Basic Frameworks for Building Dynamic Web Sites / Web Applications.

EECS 354: Network Security Group Members: Patrick Wong Eric Chan Shira Schneidman Web Attacks Project: Detecting XSS and SQL Injection Vulnerabilities.

INFO 344 Web Tools And Development CK Wang University of Washington Spring 2014.

Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

EduGeek Logon Tracker Next generation user tracking.

Securely Managing VMS from a Windows Environment 1.

Group 18: Chris Hood Brett Poche

Web Application Vulnerabilities, Detection Mechanisms, and Defenses

TOPIC: Web Security (Part-4)

World Wide Web policy.

CS 371 Web Application Programming

Server Concepts Dr. Charles W. Kann.

E-commerce Application Security

PHP / MySQL Introduction

OWASP WebGoat v5 16 April 2010.

Ways to Secure CMS Websites. The most widely used Content Management Systems are Wordpress, Joomla and Drupal as per statistics. The highest CMS platforms.

Database Driven Websites

Web Systems Development (CSC-215)

ISMS Information Security Management System

SEEM4570 Tutorial 07: Filezilla and PHP

SENIOR PROJECT WEBSITE

Online Translation Service Capstone Design

Lecture 27 Security I April 4, 2018 Open news web sites.

PII Updates Cheng Tang U.S. Department of Education 2012 Software Developers Webinar #3.

Web Application Development Using PHP

Security - Forms Authentication

Presentation transcript:

Security Testing Case Study 360logica Software Testing Services

The Client Our Customer is a Online News Community User can get their personal newspaper and share thoughts and address them to special persons

The requirements Customer wanted to make sure their users privacy and content are secured enough, few of their security test requirements are below: SQL injection vulnerability Cross site scripting Business workflow securities Authentication security Brute force authentication breach testing Firewall security testing Web server files security

The Solution Identification of Application Input e.g. Files, environment variables, parameters in URL, through form submission etc., config files and registry Identification Application Output e.g. Files, Environmental Variables, Network Traffic, The Windows Registry, Console/Form, Database Source and Hidden Logical tests Authentication, login, confirmation, business work flow securities, data encryption etc.

The Technology PHP Linux Apache

Contribution Breach finding using cross site scripting and SQL injection Breach finding using Brute force authentication Link injection, other user’s profile access breach and their content as well Hidden folders and direct files access from web server security and Data encryption security