Web application penetration testing refers to a set of services used to detect various security issues with web applications and identify vulnerabilities and risks, including:
- Known vulnerabilities in COTS applications
- Technical vulnerabilities: URL manipulation, SQL injection, cross-site scripting, back-end authentication, password in memory, session hijacking, buffer overflow, web server configuration, credential management, Clickjacking, etc.,
- Business logic errors: Day-to-Day threat analysis, unauthorized logins, personal information modification, pricelist modification, unauthorized funds transfer, breach of customer trust etc.
OWASP, the Open Web Application Security Project, an open source web application security documentation project, has produced documents such as the OWASP Guide and the widely adopted OWASP Top 10 awareness document.
The Firefox browser is a popular web application penetration testing tool, with many plugins specifically designed for web application penetration testing.
Foundstone's Hacme Bank simulates a banking application. It helps developers and auditors practice web application attacks, including input validation flaws such as SQL injection and Cross Site Scripting (XSS).
Read more about this topic: Penetration Test
Famous quotes containing the words web, application and/or testing:
“The web of our life is of a mingled yarn, good and ill
together.”
—William Shakespeare (1564–1616)
“My business is stanching blood and feeding fainting men; my post the open field between the bullet and the hospital. I sometimes discuss the application of a compress or a wisp of hay under a broken limb, but not the bearing and merits of a political movement. I make gruel—not speeches; I write letters home for wounded soldiers, not political addresses.”
—Clara Barton (1821–1912)
“No testing has overtaken you that is not common to everyone. God is faithful, and he will not let you be tested beyond your strength, but with the testing he will also provide the way out so that you may be able to endure it.”
—Bible: New Testament, 1 Corinthians 10:13.