Security TestingOperation Vijay

What is hacking?

Hackers

Types of Hackers● Ethical Hackers

● Crackers

DefineSecurity Testing is a type of testing that

intends to uncover vulnerabilities of the system and determine that its data and resources are protected from possible intruders.

Types of Security Testing● Infrastructure Security Testing

● Application Security Testing

When?

Security Testing Vocabulary● Reconnaissance/ Information

gathering

● Vulnerability

● Exploit

Reconnaissance

Demo

Reconnaissance

Mission

P@ssw04d

http://youtube.com/v/lc7scxvKQOo

Default / Weak Passwords

Password Vaults

Demo

Cross Site ScriptingClient side injection attack

Types:

Reflected XSS

Stored XSS

DOM based XSS

Reflected XSS

Demo

Reflected XSS

Mission

Stored XSS

Demo

Stored XSS

Mission

XSS PreventionDon’t use user input as-is

Encoding

X-XSS-Protection Response Header

HttpOnly flag Response Header

Popular XSS Attacks

SQL InjectionAttack where SQL commands are

injected in order to affect the execution of predefined SQL commands

SQL Injection

Demo

SQL Injection PreventionDon’t use user input directly

Use prepared statements

Use stored procedures

Use frameworks

ZAP

Referenceshttps://www.owasp.org

https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

https://www.google.co.in/about/appsecurity/tools/

https://xkcd.com/327/

http://www.dvwa.co.uk/

https://www.amazon.in/Web-Application-Hackers-Handbook-Exploiting-ebook/dp/B005LVQA9S

https://google-gruyere.appspot.com

https://www.youtube.com/watch?v=lc7scxvKQOohttps://www.imperva.com/docs/wp_consumer_password_worst_practices.pdf

http://softwaretestingfundamentals.com/security-testing/

Thank you

Dhaval Doshi (@dhavaldoshi)Lavanya Mohan (@LavanyaMohan210)

Shirish Padalkar (@_Garbage_)