#so id like to avoid that mistake with DAV if possible
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
cardibfash
Cardi B
270 posts
denevert
1K posts
ps-web-lab
Ps-Web-Lab
21 posts
insailorsclothesshedidgo
Fill me a pitcher that's stronger than cream
43 posts
foulsoul-7
Untitled
1K posts
Fun Fact
25% of US internet users with an annual income of $80-100K use Tumblr.
veilkeeper · 5 months ago
Text
on one hand i want bioware to release full on dating profiles for all the companions ahead of time so i can thoroughly vet who im gonna kiss. on the other hand i want the organic experience of playing the video game with as few spoilers as possible and tripping over myself because of a lame dude i dont know anything about
#i had this problem in BG3 where bc of Spoilers i basically knew i was gonna romance astarion first before i started#and i tried to Keep An Open Mind but it was decided#when like if id gone in blind i almost certainly would have romanced gale or wyll first#so id like to avoid that mistake with DAV if possible#of course i will just bc im going to play DAV way sooner than i started playing BG3#but you know what im talking about#DAV#mine
11 notes · View notes
innovaturelabs · 5 years ago
Text
Security testing for Web Application
A security testing is the most essential testing in the software field ,the users might compromise on the design or on the aspects based functionality, but security will not be compromised at any stage.
What makes this thing a diamond in the testing field is the confidentiality that any human what to keep on their activities, Its basic human nature to keep a secret by themselves, they don’t want any external interference in their data and of course the risks that a leaked data can cause such as:
If a net banking details or credit card details are stolen then the person’s whole life's savings will be finished in seconds
A security breach in a software can cause many adverse affects most dangerous one is the data theft and rest are like Application crashing, Database damages, Application design break or unauthorized content manipulation
Today Web application is the most commonly used IT product, we have web application for most of anything in this world. We are now using web applications for many things in our daily life like Social media, Food ordering, Online shopping, Internet banking etc.
It has limitless application in our day to day life.
So if a Web application is a common one and is used by vast customers on a day to day basis that one will definitely be tried to attack, such web applications should be tested with all the latest available security testing methods and frequent security and vulnerability tests should be done to ensure its safety.
The Web application can either be public or will be restricted one(to particular IP in most cases).The Public one here is most prone to attacks as it is publicly available to all.
Some of most common Security vulnerabilities in Web Application are:
SQL Injection :Using SQL injection an attacker can interfere with the SQL queries that an application makes to its database. Using this An attacker can fetch the data in database or corrupt the database
Cross Site Scripting: Here a malicious script is set in the vulnerable part of the web application and when the user interacts with that section the script is executed. A severe malicious script can lead to user losing the account permanently
Broken Authentication and Session Management: Here there is a potential to steal a user's login data or clone session data to gain unauthorized access to users Account
Insecure Direct Object References: It is an access control vulnerability that arises when the critical information such as id or password is passed directly without any encryption to access any object.
Cross Site Request Forgery: This security flaw allows an attacker to make a user into submitting a web request that they did not intend. attack.
Distributed Denial of Service Attack: This type of attack involves a group of computers being harnessed together by a attacker and they flood the application with traffic
Insecure Cryptographic Storage: As the name itself says here a poorly encrypted data is targeted by attackers.
Failure to restrict URL Access :A web application will have url to access different contents and some path will be restricted to particular users or IP's ,so failing to restrict the access to such path will make the Application vulnerable to attacks
Security test methodology
Vulnerability Scanning: Automated software is used to scan the application  against known vulnerability signatures.
Security Scanning: Here the system weakness is identified and later it is fixed. Usually this is done based on a previously planned set of criteria.  This can be done manually or automation
Penetration testing: It is an attack on a system with the intention of finding security breaches and loopholes, potentially gaining access to its functionality and data.
Risk Assessment: This testing includes analysis of security risks observed in the application. E.g. If a login to an account is done via Facebook.and that Facebook account is under attacked then our system is also possible under threat .So such assessments are done in Risk assessment and provide measures to avoid it.
Security Auditing: A security Auditing is like any other general auditing it inspects the application on a scheduled basis for find security flaws
Ethical hacking: Unlike external hackers, who steal for their own gains, this is done by the company authorised personals to find the vulnerabilities before an external hacker finds it.
Posture Assessment: It is a combination of  Security scanning, Ethical Hacking and Risk Assessments to show an overall security posture of an organization.
Commonly Used Open source Testing tools:
Owasp ZAP
ZAP exposes:
Application error disclosure
Cookie not HttpOnly flag
Missing anti-CSRF tokens and security headers
Private IP disclosure
Session ID in URL rewrite
SQL injection
XSS injection
Wapiti
Vulnerabilities exposed by Wapiti are:
Command Execution detection
CRLF injection
Database injection
File disclosure
Shellshock or Bash bug
SSRF (Server Side Request Forgery)
Weak .htaccess configurations that can be bypassed
XSS injection
XXE injection
SQLMap
It is capable of supporting 6 types of SQL injection techniques:
Boolean-based blind
Error-based
Out-of-band
Stacked queries
Time-based blind
UNION query
Wfuzz
Vulnerabilities exposed by Wfuzz are:
LDAP injection
SQL injection
XSS injection
W3af
This tool allows testers to find over 200 types of security issues in web applications, including:
Blind SQL injection
Buffer overflow
Cross-site scripting
CSRF
Insecure DAV configurations
Today Data is referred to as new oil by all the leading business ventures and it is correct though. Today’s world run on Data and Data protection needs to be a primary concern for any It company. And here a Security test engineer plays a key role. They are the people who ensure the security of the data,any mistake done in a security test can result in loss of billions of money. It is not that a Data leakage is the only security issue the Web application that run for 24*7  suddenly stops working due to an attack is also a critical issue but comparing the effect  of this to a data breach it is less.
Adapting to the latest security testing methods and tools is the only way to keep a web application safe and this should be done frequently to keep the security of application up to date.
Tumblr media
For more information on the topic go to security testing.
#security testing#web application development
1 note · View note