61
Testing Web Application Security Integrating and automating security testing Rochester Security Summit Thu, 29 Oct 2009, 2p-3p

Testing Web Application Security

Embed Size (px)

DESCRIPTION

Web applications are commonly used to transmit, accept and store data that is personal, company confidential and sensitive. More enterprises are spending more time testing web applications, but many still do not integrate security testing into an application's overall test plan. In this presentation, we explore ways to integrate security testing into an end-to-end test plan, exercise security features in unit tests, integration tests, acceptance tests.

Citation preview

Page 1: Testing Web Application Security

Testing Web Application SecurityIntegrating and automating security testing

Rochester Security Summit Thu, 29 Oct 2009, 2p-3p

Page 2: Testing Web Application Security

Testing Web Application Security

Web applications are commonly used to transmit, accept and store data that is personal, company confidential and sensitive. More enterprises are spending more time testing web applications, but many still do not integrate security testing into an application's overall test plan.

In this session, we will explore ways to

integrate security testing into an end-to-end test plan, exercise security features in

unit testsintegration testsacceptance tests

Page 3: Testing Web Application Security

http://www.slideshare.net/ted.husted

Page 4: Testing Web Application Security

http://www.slideshare.net/RafalLos/creating-practical-security-testcases-for-web-applications

Page 5: Testing Web Application Security

http://www.slideshare.net/RafalLos/creating-practical-security-testcases-for-web-applications

Page 6: Testing Web Application Security

http://www.slideshare.net/RafalLos/creating-practical-security-testcases-for-web-applications

Page 7: Testing Web Application Security
Page 8: Testing Web Application Security
Page 9: Testing Web Application Security
Page 10: Testing Web Application Security

Bridging the Divide

Client-Side CapabiliesLengthInput valueInput transferData access Input field selectionControl flow

Server-Side CapabilitiesFiltersNumeric LimitsCharacter patterns

(email, URLs, SKUs)

Page 11: Testing Web Application Security
Page 12: Testing Web Application Security
Page 13: Testing Web Application Security
Page 14: Testing Web Application Security
Page 15: Testing Web Application Security
Page 16: Testing Web Application Security
Page 17: Testing Web Application Security
Page 18: Testing Web Application Security
Page 19: Testing Web Application Security
Page 20: Testing Web Application Security
Page 21: Testing Web Application Security
Page 22: Testing Web Application Security
Page 23: Testing Web Application Security
Page 24: Testing Web Application Security
Page 25: Testing Web Application Security
Page 26: Testing Web Application Security
Page 27: Testing Web Application Security
Page 28: Testing Web Application Security
Page 29: Testing Web Application Security
Page 30: Testing Web Application Security
Page 31: Testing Web Application Security
Page 32: Testing Web Application Security
Page 33: Testing Web Application Security
Page 34: Testing Web Application Security
Page 35: Testing Web Application Security
Page 36: Testing Web Application Security
Page 37: Testing Web Application Security
Page 38: Testing Web Application Security
Page 39: Testing Web Application Security
Page 40: Testing Web Application Security
Page 41: Testing Web Application Security

Open QA Selenium

http://selenium.openqa.org/documentation/

Page 42: Testing Web Application Security

Open QA Selenium

Selenium is a suite of tools

http://selenium.openqa.org/documentation/

Page 43: Testing Web Application Security

Open QA Selenium

Selenium is a suite of toolsSelenium IDE

records and runs tests

http://selenium.openqa.org/documentation/

Page 44: Testing Web Application Security

Open QA Selenium

Selenium is a suite of toolsSelenium IDE

records and runs tests

Selenium Remote Controlruns across multiple platforms

http://selenium.openqa.org/documentation/

Page 45: Testing Web Application Security

Open QA Selenium

Selenium is a suite of toolsSelenium IDE

records and runs tests

Selenium Remote Controlruns across multiple platforms

Selenium Grid runs across multiple machines

http://selenium.openqa.org/documentation/

Page 46: Testing Web Application Security
Page 47: Testing Web Application Security
Page 48: Testing Web Application Security
Page 49: Testing Web Application Security
Page 50: Testing Web Application Security
Page 51: Testing Web Application Security
Page 52: Testing Web Application Security
Page 53: Testing Web Application Security
Page 54: Testing Web Application Security

f:cd "F:\opt\selenium-remote-control-1.0-beta-2\selenium-server-1.0-beta-2"java -jar selenium-server.jar

Page 55: Testing Web Application Security
Page 56: Testing Web Application Security

> java -jar hudson.war

Page 57: Testing Web Application Security
Page 58: Testing Web Application Security
Page 59: Testing Web Application Security

Time for a Test Drive ...

Page 60: Testing Web Application Security

Please complete an evaluation.

Page 61: Testing Web Application Security

Questions?