Prevention techniques for testers

All-in-One Guides:Web application security -- How to prevent attacks

Prevention techniques for testers

Software testers have a number of different tests at their disposal to help identify security flaws, including input validation, penetration testing, white box testing and black box testing. Learn about what they do and how to run them.

Ajax security:

1 - 3 of 3

  • Testing for security in the age of Ajax programming

    Tip -  Ajax applications require an innovative approach to security testing. Bryan Sullivan offers programmers and QA testers tips on eliminating vulnerabilities in Ajax applications.

  • How to safely deploy Ajax applications

    Ask the Expert -  Ajax applications are popping up all over the Web, but many people are uncertain how to secure Ajax on their sites. Because of Ajax's unique capabilities, some extra precautions are required. Expert Caleb Sima clears up the confusion.

  • Ajax security -- Is anyone listening?

    Tip -  Concerned about Ajax security? Security expert Kevin Beaver says that if developers and security professionals learn the basics of Ajax, lock it down within reason, and consistently test for the obvious holes, then that's really all that's needed to make...

Black, white and gray box testing:

1 - 2 of 2

  • Web application testing: The difference between black, gray and white box testing

    Tip -  Security is critical when operating a Web application. Black, gray and white box tests are three tests you can conduct to ensure an attacker can't get to your application. Learn what the differences are in this tip from Denim Group's Dan Cornell.

  • How to learn white box testing

    Ask the Expert -  Learning white box testing, also known as clear box or glass box testing, can be accomplished by following a series of steps. Testing expert Mike Kelly explains how to approach this learning process.

Input validation:

1 - 2 of 2

  • The importance of input validation

    Tip -  Web applications are vulnerable if you don't practice input validation. Learn how to prevent application attacks such as buffer overflow, SQL injection and cross-site scripting.

  • One simple rule to make your Web apps more secure

    19 Oct 2006

    Interview -  If there's one thing developers should do to increase Web applications security, it's input validation, according to Caleb Sima, founder and CTO of SPI Dynamics. In this interview, he discusses the most dangerous threats to Web applications, such as SQL...

Penetration testing:

1 - 3 of 3

  • Manual vs. automated penetration testing

    Ask the Expert -  Manual penetration testing, automated pen testing or both? Application tools and technologies expert Brad Arkin helps you sort through your application security options.

  • What to do after penetration testing: source code analysis

    Tip -  You may think penetration testing is enough to make sure your Web applications are secure. But source code analysis tools can uncover vulnerabilities that aren't easily found using pen testing. Long skeptical about such tools, security expert Kevin...

  • Penetration testing best practices

    Tip -  Penetration testing can help you find critical vulnerabilties in your Web applications. Here are some best practices for pen testing to achieve application security.

The basics of Web application security testing:

1 - 3 of 4

  • Web application security testing checklist

    Tip -  Testing your Web application security is something that needs be taken seriously. The best way to be successful is to prepare in advance and know what to look for. Here's an essential elements checklist to help you get the most out of your Web...

  • How to define the scope of functional security testing

    Tip -  With a many internal threats originating from applications, functional security testing is one of the most reliable ways to identify internal security vulnerabilities.

  • The most effective time to do security testing

    Ask the Expert -  For years security testing applications meant doing a pen test at deployment. But now companies now see the benefit of testing sooner, expert Chris Wysopal says.

VIEW ALL IN THIS CATEGORY

Web services security:

1 - 3 of 4

  • Web security: Web services an overlooked entry point for attacks

    Tip -  Web services are not only the backbone of application interaction, but they can also be the Achille's heel of Web security. Kevin Beaver explains their vulnerabilities and suggests tools to test for security problems.

  • Why are Web services more vulnerable than Web apps?

    Ask the Expert -  Web application security should be adapted to fit the unique needs to Web services. Expert Rami Jaamour explains how Web services security differs from traditional application security.

  • XML security: Preventing XML bombs

    Ask the Expert -  With the use of Web services, XML security becomes increasingly important. Web services expert Rami Jaamour explains the damage an XML bomb can do and how to protect against it.

VIEW ALL IN THIS CATEGORY