Click here to load reader
Upload
websecurify
View
67
Download
2
Embed Size (px)
DESCRIPTION
In part 4 of Web Application Security 101 we will dive deep into the standard testing methodology used by penetration testers and vulnerability researchers when testing web application for security vulnerabilities.
Citation preview
Testing MethodologyIntroduction to web application security penetration testing.
Process BreakdownStage 1: Enumeration
Stage 2: Assessment
Stage 3: Exploitation
Stage 4: Deliverable
Stage 1: EnumerationServer and Client Technologies.
Software Versions.
Application Structure.
Common Configuration Practices.
Stage 2: AssessmentFinding vulnerabilities by brute force.
Finding vulnerabilities by fuzzing.
Finding vulnerabilities manually.
Complex Input Validation Problems.
Logic Flaws.
Stage 3: ExploitationProve that the target is vulnerable.
Measure attack effectiveness.
Ease of Exploitability.
Attack Likelihood.
Mitigation Controls.
Stage 4: DeliverableDocument findings.
Discuss mitigations.
Provide examples.
Assessment Methodology1. Authentication.
2. Session Management.
3. Access Control.
4. Data Transport.
5. Server Tier.
6. Data Storage.
7. Logging.
8. Business Logic.
9. Data Validation.