Security Testing in Web Application

February 07, 2017 | ニテシュ バッド, Software Engineer, Celestial Systems

Introduction
Web Application Security is a branch of information security that deals specifically with the security of websites, web applications and web services.With the emergence of Web 2.0 increased information sharing through social networks and other business adoption of Web as a means of doing business on the web has lead to increased attacks and as a result security on web apps has increasingly become of greater importance.

Overview
Security in Web Apps is to determine potential security threats and detecting the vulnerabilities in the web application. The majority of the web application vulnerabilities are namely XSS, CSRF, SQLi.

Why Security Testing?
Security testing is important to establish these basic concepts in Security which are:
1. Confidentiality – Information should be accessible to only those with authorized access
2. Integrity – A measure intended to allow the receiver to determine that the information which it is providing is correct
3. Authentication – Establishes the identity of the user
4. Authorization – User should receive a service or perform an action for which he has permission
5. Availability – Information and communication services should be ready any time, as needed
6. Non-repudiation – Prevent later denial that an action happened

When to start Security Testing?
Network Security testing is usually started once the functionality, integrity and system testing is complete and when the product is about to be released. However, depending on the application and client needs, Security testing can be integrated as a part of CI in order to constantly check for vulnerabilities and make tracking easy.

NetSparker
NetSparker is a Security Testing tool for web applications, websites and web-services. It finds security flaws in your websites, web applications and web services, It runs on all types of application regardless of platform and technology.
NetSparker is one of the most soughed tools in security testing of the web applications.
It has two versions
1. Desktop Scanner
2. Cloud Scanner

Key Features of NetSparker
1. We can customize the scope of testing in terms of URLs or API’s to be tested.
2. The detected vulnerability can be re-tested if found as per user’s choice.
3. Flexibility in configuring scan reports
4. It has multiple scan modes like Incremental, Full scan and scheduled scan.
5. In reporting vulnerability and its variant, technical details, PoC.
6. Suggests remedy and how to solve the vulnerability.
7. Categorization of Reports Generation.


Other Tools
There are few other tools similar to NetSparker like Acunetix, Ammonite. NetSparker provides better features such as comprehensive report generation, better vulnerability detection and better remedy suggestions.

Feature NetSparker Ammonite
Acunetix
Vulnerability Re-Tester Yes No No
Web Service Scanner Yes Yes No
CGI Scanner Yes No Yes
Licensed Software Yes No Yes

 

ホーム     企業     オファリング     リソース     キャリア     問い合わせ

テクノロジーパートナー

SENCHA     APTELIGENT     MOXTRA     LEANPLUM     SAUCELABS

 

© 2001-2017 Celestial Systems Inc. All Rights Reserved.