Due to the huge amount of data stored in web applications and an increase in the number of transactions on the web, proper Web Application Security Testing is becoming very important day-by-day.
In this tutorial, we will provide you with a detailed understanding of the meaning, tools and key terms used in website security testing along with its testing approach.
Let’s begin!!
Table of Contents:
What is Web Application Security Testing?
Web Application Security Testing, also known as Web AppSec, is a method to test whether web applications are vulnerable to attacks. It involves a series of automated and manual tests and different methodologies to identify and mitigate security risks in any web application.
Security Testing is a process that checks whether the confidential data stays confidential or not (i.e., it is not exposed to individuals/entities for which it is not meant) and the users can perform only those tasks that they are authorized to perform.
For Example, a user should not be able to deny the functionality of the website to other users or a user should not be able to change the functionality of the web application in an unintended way, etc.
Recommended Security Testing Services
#1) Raxis
Raxis Strike offers high-end web application penetration tests performed by Raxis’ elite team of penetration testers. Taking a hacker’s viewpoint, they attempt to exploit business logic vulnerabilities as well as code and configuration issues. The penetration test report gives your development team useful, actionable feedback to give them the tools they need to secure your application.
Their team recommends testing with several roles, from unauthenticated to administrative users and representative roles in-between, allowing your penetration tester to fully test access controls to be sure users cannot access information beyond their role. SaaS customers often provide users in multiple environments so the Raxis team can validate that users cannot access other customer’s data.
Why we recommend this service:
- Manual testing follows the OWASP Top 10 framework, including broken access controls, authentication failures, injection flaws, security misconfigurations, cryptographic failures, and business logic errors.
- Meets or exceeds requirements for various compliance standards, including NIST 800-171/CMMC, PCI, HIPAA, GLBA, ISO 27001, and SOX.
- Detailed reporting includes an analysis of the application, a play-by-play storyboard of the test, screenshots of hacker tool outputs, and a clear remediation plan. Reports are compliant with NIST 800-115, the standard for penetration testing reporting.
- Can include a retest to validate remediation efforts.
- Also offered as a continuous service that can be integrated into a development team’s SDLC process.
#2) Acunetix
Acunetix is an end-to-end web application security scanner. This will give you a 360-degree view of the security of your organization. It is capable of detecting 6500 types of vulnerabilities like SQL injections, XSS, Weak Passwords, etc. It makes use of advanced macro recording technology for scanning complex multi-level forms.
Why do we recommend this tool?
The platform is intuitive and easy to use. You can schedule and prioritize full scans as well as incremental scans. It contains a built-in vulnerability management functionality. With the help of CI tools like Jenkins, new builds can be scanned automatically.
#3) Invicti (formerly Netsparker)
Invicti (formerly Netsparker) is a platform for all web application security testing requirements. This web vulnerability scanning solution has capabilities of vulnerability scanning, vulnerability assessment, and vulnerability management.
Why do we recommend this tool?
Invicti is best for scanning precision and unique asset discovery technology. It can be integrated with popular issue management and CI/CD applications.
Invicti provides proof of exploit on the identification of vulnerability to confirm that it is not a false positive. It has an advanced scanning engine, advanced crawling authentication features, and WAF integration functionality, etc.
With this tool, you will get detailed scanned results with insights on vulnerability.
#4) Intruder
Intruder is a cloud-based vulnerability scanner that performs thorough reviews of your entire tech stack, covering web apps and APIs, single page applications (SPAs), and their underlying infrastructure.
Why do we recommend this tool?
Intruder comes with a number of integrations that speed up issue detection and remediation and you can use its API to add Intruder to your CI/CD pipeline and optimize your security workflow.
Intruder will also perform emerging threat scans when new issues arise, saving your team time by automating manual tasks.
By interpreting the raw data drawn from leading scanning engines, Intruder returns intelligent reports that are easy to interpret, prioritize, and action.
Each vulnerability is prioritized in context for a holistic view of all vulnerabilities, reducing your attack surface.
#5) Blacksight
Blacksight is an online website vulnerability scanner. It allows you to perform both instant and recurring scans of your website. It is quite accurate in detecting issues and presenting you with more clarity regarding the security risks plaguing your website.
Why do we recommend this tool?
Blacksight can be used for free to scan your main website. Its scanner is highly customizable. You can easily incorporate additional subdomains in your targets when scanning a website for vulnerabilities. You can also invite collaborators to help you with detected issues. Blacksight also presents you with comprehensive reports that include tips on how to tackle a detected threat.
Website: https://scanner.blacksight.io/
Recommended Security Testing Services
#1) ScienceSoft – When Automated Tools Aren’t Enough
Even the most sophisticated tools can’t imitate some complex attack scenarios and take into account all threat factors. A cybersecurity team, on the other hand, conducts testing from a real hacker’s perspective in a safe and controlled environment.
ScienceSoft has 20+ years of experience in cybersecurity and tests web applications of any complexity. It is recognized as a Top Penetration Testing Company by Clutch.
Service Highlights:
- Penetration testing of web apps and their infrastructures conducted by Certified Ethical Hackers.
- Defining app- and industry-specific attack vectors.
- Security code review, including SAST, DAST, and manual review.
- Report on all detected issues and remediation guidance.
Why we recommend this vendor:
- In cybersecurity since 2003.
- Testing and reporting according to authoritative guidelines and threat classifications, including PTES, NIST, OWASP, WASC, and CVSS methodologies.
- Clients highlight detailed reports and actionable recommendations ScienceSoft provided.
- Knowledge of regional and domain-specific compliance standards and regulations, including HIPAA, GAMP, PCI DSS, SOC 2, and GDPR.
- ISO 27001 and ISO 9001-certified security and quality management systems.
- Accurate and cost-efficient testing since the vendor combines manual exploration and automated tools.
Web App Security Testing Approach
In order to perform a useful security test of a web application, the security tester should have good knowledge of the HTTP protocol. It is also important to have an understanding of how the client (browser) and the server communicate using HTTP.
Additionally, the tester should at least know the basics of SQL injection and XSS.
Hopefully, the number of security defects present in the web application will not be high. However, being capable of describing all the security defects accurately with all the required details will definitely help.
Web Application Security Testing Methodology and Checklist
Here are the top methods to perform web app security tests.
#1) Password Cracking
The security testing on a Web Application can be kicked off by “Password Cracking”. In order to log in to the private areas of the application, one can either guess a username/ password or use some password cracker tool for the same. A list of common usernames and passwords is available along with open-source password crackers.
If the web application does not enforce a complex password (example, with alphabets, numbers, and special characters or with at least a required number of characters), it may not take very long to crack the username and password.
If a username or password is stored in cookies without being encrypted, then an attacker can use different methods to steal the cookies and the information stored in the cookies like username and password.
For more details, see an article on “Website Cookie Testing”.
#2) URL Manipulation through HTTP GET Methods
A tester should check whether the application passes important information in the query string or not. This happens when the application uses the HTTP GET method to pass information between the client and the server.
The information is passed through the parameters in the query string. The tester can modify the parameter value in the query string to check if the server accepts it.
Via HTTP GET request user information is passed to the server for authentication or fetching data. The attacker can manipulate every input variable passed from this GET request to a server in order to get the required information or to corrupt the data.
In such conditions, any unusual behavior by the application or web server is the doorway for the attacker to get into an application.
#3) SQL Injection
The next important factor that should be checked is SQL Injection.
Entering a single quote (‘) in any textbox should be rejected by the application. Instead, if the tester encounters a database error, it means that the user input is inserted in some query which is then executed by an application. In such a case, the application is vulnerable to SQL injection.
SQL injection attacks are very critical as an attacker can get access to vital information from the server database. To check SQL injection entry points into your web application, find out the code from your codebase where direct MySQL queries are executed on the database by accepting some user inputs.
If the user input data is crafted in SQL queries to query the database, an attacker can inject SQL statements or part of the SQL statements as user inputs to extract vital information from a database.
Even if an attacker is successful in crashing the application, from the SQL query error shown on a browser, the attacker can access information they are searching for. Special characters from the user inputs should be handled/escaped properly in such cases.
#4) Cross-Site Scripting (XSS)
A tester should additionally check the web application for XSS (Cross-site scripting). Any HTML, for example, <HTML> or any script, for example, <SCRIPT> should not be accepted by the application. If it is, then the application can be prone to an attack by Cross-Site Scripting.
The attacker can use this method to execute a malicious script or URL on the victim’s browser. Using cross-site scripting, an attacker can use scripts like JavaScript to steal user cookies and information stored in the cookies.
Many web applications get some useful information and pass this information on to some variables from different pages.
For Example, http://www.examplesite.com/index.php?userid=123&query=xyz
The attacker can easily pass on some malicious input or <script> as a ‘&query’ parameter which can explore important user/server data on the browser.
Important: During security testing, the tester should be very careful and should not modify any of the following:
- Configuration of the application or the server.
- Services running on the server.
- Existing user or customer data hosted by the application.
Additionally, a security test should be avoided in a production system.
Some Key Terms Used in Security Testing
Before we proceed further, it would be useful to familiarize ourselves with a few terms that are frequently used in web application security testing.
#1) What is “Vulnerability”?
This is a weakness in the web application. The cause of such a weakness can be due to the bugs in the application, an injection (SQL/ script code), or the presence of viruses.
#2) What is “URL Manipulation”?
Some web applications communicate additional information between the client (browser) and the server in the URL. Changing some information in the URL may sometimes lead to unintended behavior by the server and this is termed URL Manipulation.
#3) What is “SQL injection”?
This is the process of inserting SQL statements through the web application user interface into some query that is then executed by the server.
#4) What is “XSS (Cross-Site Scripting)”?
When a user inserts HTML/ client-side script in the user interface of a web application, this insertion is visible to other users and it is termed XSS.
#5) What is “Spoofing”?
Spoofing is the creation of hoax look-alike websites and emails.
Conclusion
The purpose of a security test is to discover the vulnerabilities of the web application so that the developers can remove them and make the web application as well as its data safe from any kind of unauthorized action.
Recommended Reading => Difference between SAST/DAST/IAST/RASP
Feel free to share your feedback/suggestions about this tutorial in the comments section below. We would love to hear from you.
Was this helpful?
Recommended Reading
-
This tutorial explains Interactive Application Security Testing (IAST), a web application security tool to detect security vulnerabilities: IAST (Interactive Application Security Testing) is a security tool that combines the security function of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) into one security tool. It is an…
-
This comprehensive tutorial explains what is Dynamic Application Security Testing (DAST), its types, working, implementation, examples, etc: DAST is also called a web application scanner that is used for black-box security testing. It does not have access to the source code rather it penetrates an application from the outside of…
-
In this tutorial we will learn what is Static Application Security Testing (SAST), how it works, its benefits, its implementation, etc: Static Application Security Testing is a security tool that analyzes source code to detect any security vulnerabilities in your enterprise applications. It is white box testing, and it scans…
-
Upload and install your mobile application on any device to kick off your Appium testing directly from Eclipse: Your mobile applications can be managed within the Eclipse through a dedicated Application Pane in Appium Studio for Eclipse. Your application can quickly and easily be uploaded and launched on any device. This…
I think web applications should be througly tested for security testing. Any penetration in web application or server can lead to loss of important data as well company revenue.
In our company we are not concentrating more on securtiy testing, i have pointed this out to my lead and he is convienced now.
You can set aside some fix test plan time for security testing of web application.
I would also love to see detailed article on SQL injection..
Thank you… the article really helped me….
good, nice article
Good article
Can Some One help me with the testing related to Pay Pal and credit card transaction. What points should be take care while testing it.
Hello,
I found this article interesting and came across it while trying to find out more info on security testing. I have good manual testing experience and I am keen on learning the security testing. Can anyone let me know of any online training for web application security testing. What are the pre-requisities required before taking up this training.
Please mail me on [email protected]
Thanks
Thanks for a great article! 🙂
HI,
pllease give details information on Cross Site Scripting & SQL Injection WITH EXAMPLES TO MY MAILD
very useful to think and research web security testing, thnx v. much
hi,
nice and very easy to understand.
hi,
Its very useful for all web testers..
I am working as a manual tester.Interest to know about SQL Injection. Can you please send me in the easiest way.
This article is very nice
Hi,
Can any body elaborate me,
that same username with different mail id and password can be used for login or registration.
As i m a new to testing field and need lot knowledge.can any one plz elaborate tis article like how fresher ll be expecting.Thinking tat no one knows abt security and how to implement sql injection in real scenario.
very precious and Awesome article….
alot of thanks to give a such a nice article..:-)
Hi ,
Great article btw I’m a tester and I want to learn more and more about security testing… can you help me?
very helpful article
this information sucks!10 years old information dude need some thing new like yuor ==@@
Hi,
I found this site very useful for getting answer to my queries.
Can anyone pls shed a light on web application security scanners in terms of desktop assessment services
Very Nice Article
very helpful to understand security types.
thx
Information given was very useful, simple and easy to understand
Thanks!!!
One of the finest articles I’ve came across. I’m willing to use it for the internal training of my QA Team.
Thanks alot. That’s great article. It’s very useful.
Hi,
pllease give details information on Cross Site Scripting & SQL Injection.
Glad to read your article. It’s very informative and helpful.
accurate information,simple and more understanding…kepedup man
thanks
i was seeking for SQL injection concept from a long time
hi..i don’t have that much experience in security testing can u please guide me i’m interested to learn some basics regarding how to hack the application by using script injections………..i’m waiting for your informative reply dear:)
Nice description and very much useful.
This article is very useful.. I exept detailed description on security testing with example in further articles.
Thanks
Thanks for sharing us this beautiful article
Hi Vijay,
Recently I had been to an interview and encounted to a new term hard error and soft error.
They have asked me the difference between Hard and soft error.
If u have the ans. pls reply for the thread.
Regards
Vis
WOW!!!!!!! Nice article.Thank you all for such useful information……..
Very nice article and written with clarity
[email protected]
Inder’s topic on Web Security testing and SQL Injection are excellent
Came across this website/blog just randomly. Looks great… lot of information, tips and techniques!
Hope to keep visiting 🙂
Great article, these days I am very much keen to go into depth and to look for work as penetration tester and this article covers the depth overview of it.Thanks for it.
Nice Article very glad to read your Article
Thanks & Regards
V.saibabu
Its realy good article…..
sir inder p singh,
i need your help to reach my goal as LEGEND IN SECURITY TESTING.
Thank you sir
hi,
This is shantha from chennai.plz tel me when the security testing has to do?
very useful article and it helps me in some way.Thanks for it…and can any one please explain me about SQL Injection…
Hi All,
Its nice artical ,I am thank full to Inder P Singh but could you please elobarate the security testing with steps by steps,
please give me solution ..
we have web based application , some unauthorised user access our application and login to application.. how to test those ?
This is a good and expository article. This is timely and helpful. Thank you.
Very helpful article for beginners…Thanks for putting up this information here
can u please provide the step by step of security testing, regarding security testing of the web application with an example. I think theoretical explanation is not enough for security testing.
Also any PPT on the same would be of great advantage.
email Id – [email protected]
Thanks for your help in Advance!
thanks
hi sir,
Security testing is always demanding.right now iam working as manual testing professional.iam very ambitious to become as security testing professional.
thank you
Very Nice Article By Inder P Singh. Thank u Vry Much.
Nice Article………!!!!!!!
This one will help me a lot.
Hi Friends,
I’m new in testing field Manual testing. can any one tell me about security testing.
How do we done or check security testing in manually.
plz gave me som examples.
and also send example in SQL injection attack
on my mail id
[email protected]
Wavvvv. Its really amazing. The way they explain is really down to earth.Hope it is enough to get a minimum knowledge on security testing.Once again thanks to website.
H! I read this Article. this is very good for me for more knowledge.
Hello Famtema,
Thanx 2 u, bcoz u hv given nice site for sql injection.
It has useful info.
bye bye
Can anyone just provide the checklist of Security Testing…
Thanks in advance..
Thanks for the usefull article.
Please cont.. the good work.
Very nice article and written with clarity. proved to be useful.
HI,
pllease give details information on Cross Site Scripting & SQL Injection WITH EXAMPLES TO MY MAILD My Mailid is [email protected] .
Nice Article and it is useful for us, Could u please give detail information(article) on SQL Injection. No one can famaliries it.
Thanks…….
This is the realy usefull for me and also for those who want to learn more about the SQL injection and software testing, but i was expecting more can anyone send me detailed description???
useful….
Thanks a lot singh ji….SINGH IS KING
Hello Vijay,
I would like to learn How test the WEBSITE security, to avoid from Hacking. Are there any effective tools which are easy to use ?
Or are there any skills I can learn to Test this very effectively ?
Please advice, waiting for your reply desperately.
Thanks to all. I came to know valuable info from this site.
Hi,
SQL Injection and Security testing articles are very useful for all web tester..
Nice article!!!!
Hi ,
Really Really Helpful…
Very Nice and helpful article!!!!!!!!!!!!1
hi my self nitin i have 1 yer exprience in software development. before one month i got a job in software testing company as QA now i want to do career in software testing. so plz help me……..
Thanks in advance
Great explaination provided in this article..
Really easy to understood
Thanks to the author..
Awesome!!!!!!!!!!!!!!!!!!!
Thanks….
very useful article and it helps me in some way.Thanks for it…and can any one please explain me about SQL Injection…
Hi,
This is Meer Sr Test Engineer, I was hard to me to understand SQL Injection,After reading this article. Its so easy to to understand, even a layman(LLR in testing) can come to know, thanks to all that shares their real time knowledge.
Plz can anyone mail the information on XSS and SQL injection more detail as when n how to start the testing.
Thnx in adv,
My mail ID:[email protected]
regards,
Meer
I was expecting the detailed description of whole Security Testing…
Information is good for intermediates but for lyman like me freshers i think little bit detailed description must be given…
Also look in to data encryption which is very important for security testing.
Informative guide on security testing for web applications. Valuable insights for ensuring robust security measures. Appreciate the detailed explanation!
Thanks Inder P singh,
Nice article , I would like to know how to perform the security testing of Webservices , Restful API’s and JMS services. Can you share me the steps and tools which can be used to do that.
My email Id :[email protected]
Regards,
Hemant
I’m really very impressed from this website i have learnt a lot from here, you guys are one of the reason that i’m continuing my journey from an internee to Team Lead.
Thanks
Hi Guys,
I’m very new to this field, so far i understand what is cloud testing, i have take over a task to do a web, android and ios cloud testing. Is there anyone can guide me what type of requirement we need to find a good software for this
fantastic article ……
Hi Prasan, my id is [email protected]
Also would like to share with you all a very useful and detail information on SQL Injection.
http://www.sitepoint.com/article/sql-injection-attacks-safe/
Hope it will give you all a start up.
Thanks n Rgds
F.
I’m really well inspired from this website . Taking up the challenge and looking forward to make blogs like this.
Thank you ..These are very helpful. I’m looking for WAP testing, what all things should be taken into consideration whil WAP testing and specially security testing.
Hello Fatema,
Thanx 2 u, bcoz u hv given nice site for sql injection.
It has useful info.
bye bye
It is very use ful …….Plz send the any information about the Security testing. My mail ID is [email protected]
Nice information!
Can you please send detailed infromation on ‘SQL Injection’ at [email protected] ?
Can you please send detailed infromation on ‘SQL Injection’ at [email protected]
This article is very useful.. I exept detailed description on security testing with example in further articles.
Thanks
Good article, I got enought information regarding the tesing, but some points are provided in very brief, more discription is required. kindly suggest me some good book for web based application testing.
Thanks in advance
It’s really helpful to us
Hi, Thank you for sharing this Beautiful Blog…
Hi Inder P Singh,
Nice article. Could u explain SQL injection topic in a simplest way. Then it would be helpful for us.
nice its very useful but should be in more details with example.
Hi Vijay Kindly do not send any updates on my email ID..
My Email ID is [email protected]
Thanks,
Anil
Very Nice Article
very helpful to understand security types.
Hii , Nice blog article , Thanks for sharing , Felt intrested to read
Hi Vijay,
Pl. give a link at the bottom to reach at the top of page.
Thanks!
hi ,
i was working as a manual testing engineer could u plz cooperate to get job in pune this my cell no 9325767762.
Very useful article
Request you to share a article for mobile application Security Testing.
The article was very informative and useful. Thanks for sharing your knowledge.
bad article
very nice, it’s very useful 4 all
Great article, these days I am very much keen to go into depth and to look for work as penetration tester and this article covers the depth overview of it.Thanks for it.
b/w does any one knows good institute in UK/India for web security testing training?
Thanks and Regards
IAM A 1+EXP AS MANUAL TESTER IN MNC,IAM GOOD AT COMPLETE STLC(SOFTWARE TESTING LIFE CYCLE).PLEASE GUIDE ME WHAT I NEED TO LEARN TO MAKE A PERFECT BASEMENT IN SOFTWARE TESTING.
THANKS A LOT IN ADVANCE.
MY MAIL ID: [email protected]
MOBILE : 9431577453
Anybody would like to know about frameworks, Automation tools (QTP,Selenium,Test Partner, Load runner……) or looking for jobs please mail me [email protected]
im working on ASLC(application security life cycle) with 3i-infotech. ihave 2years exp in testing.any job for me in testing
Thanks for the ebook
please help me from where i can start the security testing for web application? which tool would be better? please guide me.
thanks man for passing such valuable information.
A very nice article, folks please visit OWASP top 10 vulnerabilities to get more kick out of it.
Good Luck.
its a very precious information provided, on web , like this very very few sites existing with required full information
Excellent article.. Simple and informative..
Fantastic article for the beginners, I have no basic knowledge on testing but these page made me to understand
It is very good info.
Thanks a lot!!!
Exhaustive testing
“Exhaustive testing” is a term used to describe a thorough process in which every scenario, input, and state of a system is investigated to guarantee that it functions. The goal of this approach is to find faults, vulnerabilities, or defects that might arise in different situations. Extensive testing is rigorous, but since there are so many combinations to consider, it can be resource- and time-intensive. To cover a variety of scenarios, testers use techniques including decision tables, equivalency partitioning, and boundary analysis. Although robustness is the goal, it might not be possible for complicated systems. Thus, in order to effectively manage resources and guarantee high-quality software performance, testers frequently strike a compromise between comprehensive testing and risk-based testing.
Hi Inder P Singh,
It is a very basic and nice information for Security Testing.
Inder, Could you possible to give example on the above information?
Nice article
can u please provide the step by step of security testing, regarding security testing of the web application with an example. I think theoretical explanation is not enough for security testing.
Dear Vijay,
Really very helpful article.
Thanks
It’s really such a great article to get started to know the security testing concepts. However that would really helpful if you could also provide some examples or websites Url WHERE readers can get such adequate information about all the concepts for security testing.
Hi,
I am new to security testing.
Can any one send me a sample test plan for secuty testing of web application.
Thanks
df
Hello,
I found this article interesting and came across it while trying to find out more info on security testing. I have good manual testing experience and I am keen on learning the security testing. Can anyone let me know of any online training for web application security testing. What are the pre-requisities required before taking up this training.
Hello Inder P,
You article on Security testing is very informative one. I am hoping to see an article on SQL Injection as well..
Thanks again for sharing this great information with us.
Regards,
Yoginder
Hi,
Thanx for sharing Security and SQL injection topic,it’s very helpful to me.
Thanks. This is very useful information about Security testing.Please notify me whenever you got something new.
There is a very good online free course for for those who want to learn ethical hacking – http://hackvidhi.com/courses.php .
This course covers basic of web programming and ethical hacking, both. It will be starting in this summer. Seats limited, please enroll now!
Thanks for a great article!
my email address is: [email protected]
You must watch this w w w. filimography. blogspot. com
This is really nice info mentioned here. But as far as Security Testing is concerned, can anyone provide me links from where I can get the collective information on the famous attacks on web applications till date…..
Kindly share your thoughts on this forum or send me email on [email protected]
Hi QA/TEST ENGINEERS,
IAM A 1+EXP AS MANUAL TESTER IN MNC,IAM GOOD AT COMPLETE STLC(SOFTWARE TESTING LIFE CYCLE).PLEASE GUIDE ME WHAT I NEED TO LEARN TO MAKE A PERFECT BASEMENT IN SOFTWARE TESTING.
THANKS A LOT IN ADVANCE.
MY MAIL ID:[email protected]
MOBILE : 9391395989
hi dude
i selected a topic security testing as my company presentation for 25 min time could u send some tips to make this one effective
Hi,
I want to know about client side and server side Security. As a tester how can I test it ??
Regard,
Purabi
Hi,
I have 1+ year experience in automation. Want to learn Security testing from sketch. Please guide me with the same and would appreciate if could be provided with some notes.
Thanks and regards
Megha
Very good article.. 🙂
hi, what are the requisites for WEB APPLICATION SECURITY TESTING.
ETHICAL HACKING or any other.
ravi
7396844285
[email protected]
Thanks alot for such a useful information,it helps me in building up my basics for web testing.
Thanks for Sharing.
Indeed a nice article. Good to see youngsters being curious about website security issues and testing techniques.
Good article and excellent way to articulate, keep it up
Great article.. thanks a lot..
Very nice article but it will be very helhul if you provide some example with every Security Testing Approch.
Thanks…….
Its very nice.
very precious and Awesome articale
alot of thanks to give a such a nice article
Hello Inder P Singh
wat a nice article,its beautiful, am xpecting more and more from u.really gr8.
Its realy worthy information for all testers. I think in india there are very few peoples who are realy in the Security Testing i want to be one of them. thanks for such a great information.
thanks
articals are realy good and helpfull thanks for that
i wan to the difference between sanity and smoke testing plz let me know
I think this is the best article I have come across on the internet on Security Testing, Thanks Inder
Please suggest an institute for web application security testing in hyderabad
Thanks for the detailed guide. As a tester, I appreciated the article. The step-by-step approach is invaluable. Penetration testing, vulnerability scanning, and secure coding techniques are clear and easy to understand. The inclusion of real examples and practical advice adds value to the content.
I absolutely agree that security testing integration is important throughout the development life cycle. This approach does ensure that vulnerabilities can be identified and fixed early, which can save organizations from potential breaches and reputational damage.
Really very good article. We vll get to know many concepts after reading this article.
Thanks a lot for good article……….
Previously I was involved in security testing, but didn’t know the impact of “security test defects”. This material helped me a lot to understand the same.
You can also get OWASP Testing Guide V4.0, which has indept coverage of all that is security testing. It is under creative commons licence so is free to download and distribute.
Good Luck.
Nice info
i could not found temp folder in my computer in C drive for cookies base testing ..will you help me out to see this..
hi,
There are lots of good works to do in your website.I prefer oracle for testing skills.I wish you a happy new year 2011.
too useful!
hi, can anyone pls suggest me the training institutes for WAST in hyderabad or banglore. or any real time training experts.
Very Nice Article By Inder P Singh. Thank u Vry Much.
Hi…This is very bad information that i got from this site..I just suggest to every one please don’t visit it.All information are wrong.
Very helpful ! .. keep it up dude !
Dear Prashant and others,
I will definitely write an article on the SQL injection and share it with you.
Thanks
Thats a very nice article.. Keep going..
Can anyone please provide me with Sample URL’s to use for security testing with ZAP.
Thanks alot its very very very helpful
Hi could any one say more about the security testing or mail at [email protected]
very precious and Awesome articale
alot of thanks to give a such a nice article
very good
it helped me a lot
thanks a lot
All contents are really very useful for understanding the concept of Security Testing.
Thankyou so much……..
Very Good Article but needs more details
thank u so much…and waiting for the detailed one .. !
dear pkduong,
sure as a security we need to study hacking and anti hacking too.i need explanation regarding hacking and antic hacking.
thank you
Gr8 article.
Please share some information about automation of security testing.
very Informative article
I need more information on security testing. Please send the details to my email address.
Hello,
I am QA Engg.
Nice Article and it is useful for us, Could u please give detail information(article) on SQL Injection. No one can famaliries it.some example pls.
Thanks…….
Its normal artical but could you please elobarate the security testing with steps by steps . how to test any Server with example.
ja oye chad pare
could you tell me the leading security testing tool in the market
For those who want to start with security testing, they can look into this and also write to me if you need any guidance to start.
http://tuppad.com/blog/2012/05/14/how-do-i-start-security-testing/
You can find me on Twitter @santhoshst | LinkedIn – http://www.linkedin.com/profile/view?id=44693468&goback=%2Enmp_*1_*1_*1_*1_*1_*1_*1_*1_*1&trk=spm_pic
Thanks!
Dear all,
Long time to visit this site. I love this one, it’s just basic thing of security testing as the article mention, just the term. We have lot of things to talk about this topic. Hope to see another one deeper 🙂
For moment, I just thought one question:
To be a security tester, should we try to study hacking technique and practice to hack some sites?
Thanks for reading my comment :),
Duong
Dear Mr.Inder P Singh (Article Author),
Great Article.
Thanks for your time.
What I feel is, Its good, If you would have discussed about
HTTPS (HTTP Secured), Thats where
encription,
decription,
public key,
private key,
digital signature,
ciphers,
authentication,
authorization,
SSL/TLS,
128 bit encription,
SSL Hand shake etc., Comes in to picture (for better idea about security).
Its worth reading your article.
Thanks,
Govardhan Reddy M,
Software Test Engineer,
“The best is yet to come”.
[email protected]
hi fatema whats ur id
[email protected]
hi shantha
security testing is done for particular products
mail me
will send details
Hi, How to test Server security? explain with example.
thanks
anyone here can help me? Let say Zalada website is serve through https, can anyone guide me steps on how to downgrade it to http so that a hacker can intercept and do man in the middle attack on specific user? For example, using this exploit to obtain Carol Danvers credential