security

C# Security Testing

Published by jaffamonkey on April 9, 2012 | Leave a response

White-Box testing is testing the system based on the internal perspective of the system.In this case, this is also known as Static Analysis. These tools can find issues with the source code before the code is actually executed.

Posted in security, testing, video | Tagged analysis, Box, code, internal perspective, perspective, security, Security Testing White-Box testing, source, Static, system, testing, White

Zed Attack Proxy (ZAP) – The short guide

Published by jaffamonkey on April 4, 2012 | Leave a response

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners [...]

Posted in security, test automation, testing | Tagged Authentication, choice, guide, penetration testing, port, range, security, security vulnerabilities, set, test, tool, ZAP, Zed Attack Proxy

Zed Attack Proxy

Published by jaffamonkey on November 3, 2011 | Leave a response

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks

Posted in security, testing | Tagged application security, application software, choice, guide, localhost, Open, Open Web Application Security Project, Operation, port, proxy, setting, tool, ZAP, Zed

Directory Buster

Published by blog on May 11, 2011 | Leave a response

Another great security tool from the Open Web Application Security Project. Asides from worrying spelling in a lot of these open source projects (“Responce”??), there is little gem to identify hidden pages/directories and directories with a web application, which highlights possible security holes (an emailer script in unused page for example). This can be used [...]

Posted in security, testing | Tagged Apache, Case, Open, Open Web Application Security Project, page, project, Responce, security, tool, txt, version, Web application

Skipfish

Published by blog on April 30, 2011 | 1 Response

Now onto another command line based security testing tool called Skipfish. You can download and compile source, or yum for package (yum install skipfish). Now navigate to a directory where you want to output results directory to be created (or you can enter specific path in the command string). The Skipfish help page gives you [...]

Posted in security, testing | Tagged command line, command string, output results

Zap Website Security Testing

Published by blog on April 30, 2011 | 3 Responses

OWSAP ZAP is a useful website security testing tool, that any web savvy tester could use effectively. Apart from the annoyingly vague setup (ensure first task is to set up your browser to use same proxy as defined in ZAP), there are useful tools that you can start at a click. I ran the “Active [...]

Posted in security, testing | Tagged Autocomplete, click, Cookie, Cross site scripting, Low, Password, test, testing, tool, Warning, website security, website security testing, XSS, ZAP

TamperData

Published by blog on April 21, 2011 | Leave a response

Oh, I like this – a great tool for any web tester, and a better alternative to using CURL to manipulate POST/GET http data. TamperData is an Firefox extension to track and modify http/https requests. It is ideal to common more lightweight security issues, which are important to consider, given the amount of amateur hackers, [...]

Posted in security, testing | Tagged alternative, CURL, distro, Firefox extension, Linux, network, penetration, security, snigger, tester, tool, web, web tester

1 2 Next →