PaulDotCom mailing list archives
Web application testing
From: gbugbear at gmail.com (Tim Mugherini)
Date: Thu, 11 Feb 2010 20:57:52 -0500
I'm not a heavy web guy but I Agree a good place to start reading would be OWASP http://www.owasp.org/index.php/File:OWASP_T10_-_2010_rc1.pdf http://www.greebo.net/owasp/OWASP%202010%20Top%2010%20Cheat%20Sheet.pdf T On Thu, Feb 11, 2010 at 5:40 PM, Christian Frichot <xntrik at gmail.com> wrote:
Hi Aaron, I would start by having a look at the materials that www.owasp.org have to provide. That would be a good start. And as you mentioned, you should always test against a non-production environment, if possible (and/or based on a risk assessment). I know some testers can give estimates based on the number of pages, but I can't comment on how accurate that is. It depends on your experience and the size of the app and what sort of results they're expecting. Good luck! On Thu, Feb 11, 2010 at 11:42 PM, Aaron <subdriven at gmail.com> wrote:Hello, all! There may come a time where I'll have to do some web application testing. I was wondering if this wonderful group had some good resources for best practices, good reporting methodologies, estimates of time involved to just do basic testing, etc. Of course since it will be web application testing it is going to require doing XSS, SQL injection testing/attacking, and possibly some code review. I'm also wondering how most people go about this sort of test. I am not sure I would feel comfortable testing against a live system in case I manage to really destroy stuff so I would have to test against a copy or a test/dev site. From the experiences others have had, is that something the customer usually provides or do they hand over the basics of the application and it becomes my responsibility to set it up in a lab environment? Is there a rule of thumb for time estimates for these kinds of tests or is it just a shot in the dark guess? Thanks in advance for any insight! Aaron _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- Christian Frichot e: xntrik at gmail.com w: http://un-excogitate.org _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Web application testing Aaron (Feb 11)
- Web application testing Christian Frichot (Feb 11)
- Web application testing Tim Mugherini (Feb 11)
- Web application testing Andrew Ellis (Feb 15)
- Web application testing Tim Mugherini (Feb 11)
- Web application testing Christian Frichot (Feb 11)