Web application penetration testing refers to a set of services used to detect various security issues with web applications and identify vulnerabilities and risks, including:
- Known vulnerabilities in COTS applications
- Technical vulnerabilities: URL manipulation, SQL injection, cross-site scripting, back-end authentication, password in memory, session hijacking, buffer overflow, web server configuration, credential management, Clickjacking, etc.,
- Business logic errors: Day-to-Day threat analysis, unauthorized logins, personal information modification, pricelist modification, unauthorized funds transfer, breach of customer trust etc.
OWASP, the Open Web Application Security Project, an open source web application security documentation project, has produced documents such as the OWASP Guide and the widely adopted OWASP Top 10 awareness document.
The Firefox browser is a popular web application penetration testing tool, with many plugins specifically designed for web application penetration testing.
Foundstone's Hacme Bank simulates a banking application. It helps developers and auditors practice web application attacks, including input validation flaws such as SQL injection and Cross Site Scripting (XSS).
Read more about this topic: Penetration Test
Famous quotes containing the words web, application and/or testing:
“The soul knows only the soul; the web of events is the flowing robe in which she is clothed.”
—Ralph Waldo Emerson (1803–1882)
“We will not be imposed upon by this vast application of forces. We believe that most things will have to be accomplished still by the application called Industry. We are rather pleased, after all, to consider the small private, but both constant and accumulated, force which stands behind every spade in the field. This it is that makes the valleys shine, and the deserts really bloom.”
—Henry David Thoreau (1817–1862)
“Traditional scientific method has always been at the very best 20-20 hindsight. It’s good for seeing where you’ve been. It’s good for testing the truth of what you think you know, but it can’t tell you where you ought to go.”
—Robert M. Pirsig (b. 1928)