Main Menu

It doesn't matter how good your programmers are, rigorous testing will always be part of producing secure software. Hope and Walther steal Web security testing back from the L33T hax0rs and return it to the realm of the disciplined professional.

Brian Chess,
Founder/Chief Scientist Fortify Software

Contents

PDF

Print

E-mail

Written by Ben Walther

Tuesday, 23 September 2008 00:30

Table of Contents

1. Introduction
A brief synopsis of what web security testing is and where it fits.

2. Installing Free Tools
We believe the some of best ~~things~~ web security testing tools in life are free.

3. Basic Observation
Learn what to look for - how can you tell when a website is insecure?

4. Web-Oriented Data Encoding
Data comes in many shapes and sizes. Recognize and translate as you need.

5. Tampering with Input
Your application shouldn't trust user input - at least not after the testers have read this chapter.

6. Automated Bulk Scanning
Because doing it all by hand is cumbersome.

7. Automating Tasks with cURL
Using the command line can speed up testing without requiring full-scale automation.

8. Automating Tasks with LibWWWPerl
Interesting tests require more power - Perl delivers.

9. Seeking Design Flaws
Every application is a special case. Are there any domain-specific security weaknesses?

10. Attacking AJAX
The rise of AJAX reveals new security considerations.

11. Manipulating Sessions
Real world attacks frequently target the user's session. Find out why (and how).

12. Multifaceted Tests
For advanced readers only: go beyond the basics and run some truly devious tests.

Last Updated on Tuesday, 23 September 2008 00:33

follow pacohope at http://twitter.com/

follow OWASP NoVA at http://twitter.com/

Web Security Testing Cookbook. Copyright © 2008 Paco Hope. All Rights Reserved.