Web application penetration testing refers to a set of services used to detect various security issues with web applications and identify vulnerabilities and risks, including:
- Known vulnerabilities in COTS applications
- Technical vulnerabilities: URL manipulation, SQL injection, cross-site scripting, back-end authentication, password in memory, session hijacking, buffer overflow, web server configuration, credential management, Clickjacking, etc.,
- Business logic errors: Day-to-Day threat analysis, unauthorized logins, personal information modification, pricelist modification, unauthorized funds transfer, breach of customer trust etc.
OWASP, the Open Web Application Security Project, an open source web application security documentation project, has produced documents such as the OWASP Guide and the widely adopted OWASP Top 10 awareness document.
The Firefox browser is a popular web application penetration testing tool, with many plugins specifically designed for web application penetration testing.
Foundstone's Hacme Bank simulates a banking application. It helps developers and auditors practice web application attacks, including input validation flaws such as SQL injection and Cross Site Scripting (XSS).
Read more about this topic: Penetration Test
Famous quotes containing the words web, application and/or testing:
“If our web be framed with rotten handles, when our loom is well nigh done, our work is new to begin. God send the weaver true prentices again, and let them be denizens.”
—Elizabeth I (1533–1603)
“It is known that Whistler when asked how long it took him to paint one of his “nocturnes” answered: “All of my life.” With the same rigor he could have said that all of the centuries that preceded the moment when he painted were necessary. From that correct application of the law of causality it follows that the slightest event presupposes the inconceivable universe and, conversely, that the universe needs even the slightest of events.”
—Jorge Luis Borges (1899–1986)
“Today so much rebellion is aimless and demoralizing precisely because children have no values to challenge. Teenage rebellion is a testing process in which young people try out various values in order to make them their own. But during those years of trial, error, embarrassment, a child needs family standards to fall back on, reliable habits of thought and feeling that provide security and protection.”
—Neil Kurshan (20th century)