Re: Web Application Security Testing Procedures

["Adam Tuliper" <amt () gecko-software com>]

> From a high level to start:

-Cross site scripting
-Data input validation attacks (overflows, sql injection,
etc)
-Check and validate all form/querystring/cookie values as
well as making sure your data is cleaned up and invalid
characters/strings removed.

-Banner/Error message revealing - Can information be
retrieved that helps an attacker attack your application
better.

-Denial of service possibilities stemming from any of the
above as well as DOS from repeated requests that take a
while to process (if any exist in the app). 

..
..
..


On Tue, 28 Dec 2004 12:05:49 -0500
 Lecia McCalla <lmccalla () fsl org jm> wrote:
> Hi All,
> I am currently researching Web application security with
> the ultimate goal
> of preparing a Web Applications Security Testing
> Procedures Document.
> However, since I'm a novice in the field, I'm requesting
> some assistance
> from the group.
>
> Please provide suggestions and/ or guidelines as to what
> should be
> considered when testing security for web applications.
>
>
> Regards,
> Lecia McCalla
> Business Analyst - Quality Management
> Fiscal Services Limited
> Mailto:lmccalla () fsl org jm
> Tel: (876)927-1125-8 Extn 3815
> Fax: (876)927-1810

---------------------------------------------------------------------
Web mail provided by NuNet, Inc. The Premier National provider.
http://www.nni.com/