Security testing is a testing process which tests an application for confidentiality, integrity, authentication, availability, authorization and non-repudiation.
In short words we can say verifying that data is available and accessible to authentic users only and amount of data available to any user is as per their authorization level.
As more and more online transaction being performed online through website, proper security testing of web applications is becoming very important.
Below are various type of popular security attacks -
URL manipulation -
Some web application send user data to server after appending to the url. This gives hacker a chance to manipulate the data and send wrong information.
SQL injection
In this process SQL statement are inserted into UI controls of the application. When the page is submitted to server, those statements are executed on server causing attack on user data.
Spoofing
Attacking users by creating hoax look-alike websites or emails. So user navigates to their site thinking it is the original site and enters sensitive data.
Attacking XSS
Cross-site scripting allows attackers to inject client side script and bypass access controls.
In next post we will look at different approaches to test website for security attacks.
Please let me know your feedback about this post.
In short words we can say verifying that data is available and accessible to authentic users only and amount of data available to any user is as per their authorization level.
As more and more online transaction being performed online through website, proper security testing of web applications is becoming very important.
Below are various type of popular security attacks -
URL manipulation -
Some web application send user data to server after appending to the url. This gives hacker a chance to manipulate the data and send wrong information.
SQL injection
In this process SQL statement are inserted into UI controls of the application. When the page is submitted to server, those statements are executed on server causing attack on user data.
Spoofing
Attacking users by creating hoax look-alike websites or emails. So user navigates to their site thinking it is the original site and enters sensitive data.
Attacking XSS
Cross-site scripting allows attackers to inject client side script and bypass access controls.
In next post we will look at different approaches to test website for security attacks.
Please let me know your feedback about this post.
No comments:
Post a Comment