Home Testing Solutions Testing Protocols Quality Assurance KPIMS
 

Testing Protocols

Web Security Testing

Many attacks to a website are simple enough to perform, that anyone with a browser would be able to do. Others require intimate knowledge of the host server and underlying applications. All are potentially damaging to an organisation’s Web presence. The following are some of the basic attack types employed against Websites and Web applications:

Cross-site scripting – Where a script is added to a URL, which will be executed when a user clicks on the relevant link.

Buffer overflow – Browser requests sent to an application that exceed the allocated buffer size can allow hackers to execute code to overwrite system data.

Hidden field manipulation – This involves changing the values of hidden fields, which are frequently used to provide status information to the server.

Forceful browsing – Modifying a URL can bypass web controls in order to break out of a server’s root directory and access files on the rest of the system.

Database sabotage – This involves appending valid SQL commands to form fields.

Cookie poisoning – This is by manipulating a session cookie’s contents, thus enabling the attacker to obtain unauthorised information from the server.

 

Preliminary Tests . Security . Performance & Acceptance . Regression & Automation

  

 
Contact Us Careers Terms Privacy
Search:

 

 

Xybax Technology ltd
A UK leader in quality software testing services, offering knowledge and experience in application black box testing through Total Quality Management
. mainframe . total quality management . TQM . dot net . consultancy .

web site designed and developed by selvatico .