A web application or webapp is an application that is accessed via web browser over a network such as the Internet or an intranet. It is also a computer software application that is coded in a browser-supported language (such as HTML, JavaScript, Java, etc.) and reliant on a common web browser to render the application executable
Analysis shows that
•1% of the bugs (programming errors) cause 50% of security problems
•If configured right, information systems can survive almost all attacks
Application security deals with checking the vulnerabilities in application and to ensure there is secure methods followed to remove these security flaws at all stages of SDLC.
What are the threats?
• denial-of-service
• unauthorized use or misuse of computing systems
• loss/alteration/compromise of data or software
• monetary/financial loss
• loss or endangerment of human life
• loss of trust in computer/network system
• loss of public confidence
• denial-of-service
• unauthorized use or misuse of computing systems
• loss/alteration/compromise of data or software
• monetary/financial loss
• loss or endangerment of human life
• loss of trust in computer/network system
• loss of public confidence
Who are the threats?
• Competitors
• Hackers
• Corporate Spies
• Disgruntled Employees
• Careless Employees
• Professional Thieves
• Visitors
• Competitors
• Hackers
• Corporate Spies
• Disgruntled Employees
• Careless Employees
• Professional Thieves
• Visitors
Security Testing:
In order to find vulnerabilities in web applications we need
to identify them:
Methods:
Code audit (a lot of work) also refers to White Box Testing
Testing (manual or automated) also refers to Black Box Testing
Manual testing: a human being attacks a web application using his experience, knowledge and tools
Automated testing: a human being uses an automated vulnerability scanner to attack a web application
Security Testing helps to understand the extent to which a system/application can protect itself from unauthorized access, hacking, cracking, any code damage, etc.
•Verify and validate that applications meet the security requirements
•Identify security vulnerabilities of applications in the given environment
This type of testing needs sophisticated testing techniques
to identify them:
Methods:
Code audit (a lot of work) also refers to White Box Testing
Testing (manual or automated) also refers to Black Box Testing
Manual testing: a human being attacks a web application using his experience, knowledge and tools
Automated testing: a human being uses an automated vulnerability scanner to attack a web application
Security Testing helps to understand the extent to which a system/application can protect itself from unauthorized access, hacking, cracking, any code damage, etc.
•Verify and validate that applications meet the security requirements
•Identify security vulnerabilities of applications in the given environment
This type of testing needs sophisticated testing techniques
Hi Anupama,
ReplyDeleteWelcome to the Blogosphere.Congrats on ur first approach.However i had few suggestions.
1) your Opinions and Research comments values more than Copy and Paste in a Post.
2) maintain Uniform Font .
3) Be more specific with real time examples.
4) Give a chance to Readers to reach at ur Mail.
All the Best ...
There is a great risk to the applications from being affected as a number of attacks on web applications Penetration Test take place. Penetration Test Methodology is implemented to make sure the applications are safe and free of risks that could harm it for wrong purposes.
ReplyDelete