Web Application Security
Web Application Security
OWASP Top 10 - 2007
OWASP Top 10 - 2010
Need to Know for IT Manager about:
What is Web Application Security?
How to ensure application security?
What is application security audit?
Web Application Security
What is web application security audit?
Why audit is required?
How audit is different than testing
How audit is performed
Auditing standards
Web Penetration Testing Steps
Passive Mode
Gathering information
Tools used
Active Mode
Domains covered
Configuration Management Testing
Business Logic Testing
Authentication Testing
Authorization Testing
Session Management Testing
Data Validation Testing
Denial of Service Testing
Web Service Testing
Ajax Testing
Tools and Methodology used
Penetration Test – Information Gathering
Collecting information about target application and target environment
Identifying
Parameters, Form values, Cookies and Headers
Web
application entry points
application fingerprint
Application stacks, versions used
Application
discovery
Different applications, access mechanisms (olds and obsoletes)
Analysis
of the error codes
Configuration Management Testing
SSL Testing
Infrastructure Configuration Management
Testing
Application Configuration Management
Testing
Testing for file extensions
Testing for HTTP methods
Authentication Testing
Credentials transport over encrypted channels
Testing for user enumeration
Brute Force Attack
Testing for bypassing authentication scheme
Testing for logout and browser cache management Testing for CAPTCHA
Testing for vulnerable remember password and password reset
Session Management Testing
Testing
for session management
schema
Testing for cookies attributes
Testing for exposed session variables
Authorization Testing
Testing for path
OWASP Top 10 - 2007
OWASP Top 10 - 2010
Need to Know for IT Manager about:
What is Web Application Security?
How to ensure application security?
What is application security audit?
Web Application Security
What is web application security audit?
Why audit is required?
How audit is different than testing
How audit is performed
Auditing standards
Web Penetration Testing Steps
Passive Mode
Gathering information
Tools used
Active Mode
Domains covered
Configuration Management Testing
Business Logic Testing
Authentication Testing
Authorization Testing
Session Management Testing
Data Validation Testing
Denial of Service Testing
Web Service Testing
Ajax Testing
Tools and Methodology used
Penetration Test – Information Gathering
Collecting information about target application and target environment
Identifying
Parameters, Form values, Cookies and Headers
Web
application entry points
application fingerprint
Application stacks, versions used
Application
discovery
Different applications, access mechanisms (olds and obsoletes)
Analysis
of the error codes
Configuration Management Testing
SSL Testing
Infrastructure Configuration Management
Testing
Application Configuration Management
Testing
Testing for file extensions
Testing for HTTP methods
Authentication Testing
Credentials transport over encrypted channels
Testing for user enumeration
Brute Force Attack
Testing for bypassing authentication scheme
Testing for logout and browser cache management Testing for CAPTCHA
Testing for vulnerable remember password and password reset
Session Management Testing
Testing
for session management
schema
Testing for cookies attributes
Testing for exposed session variables
Authorization Testing
Testing for path