On-the-Go: A 4 Questions in WebApp #Information #Security #FYI #InfoSec. 1-What techniques are used in WebApp Security Testing? >The Techniques are so clear its just Manual OR Automatic testing thats it 2-Which is better manual or automatic testing using tools? >Manual testing for sure beside the automated tool because there is some security vulnerabilities couldnt be found by the automated scans like Sessions managements bugs, Broken Authentication vulnerabilities and other logical flaws. Also the Automated tools has more false positive results which is not preferable in such field. 3-Which free tools is better and more effective? >You can use OWASP ZAP which is an open source crawler and scanner tool that scans your web application and gives you a detailed report about the found vulnerabilities, Also there is free version of VEGA Scanner that can do the same job, Burp Suite Proxy free edition has also a powerful crawler and vulnerability scanner on-the-fly and finally there is Netsparker Community Edition which is a free web app sec scanner but only for specific vulnerabilities since its the free version and the premium one scans for all types. You can also find a huge amount of helpful information security tools under a dedicated Operation Systems linux distributions like BackTrack and Kali Linux 4-Is there a trusted material or sites I can gather info from them? >Yup The best materials can be found on OWASP, SANS and InfoSec Institute https://owasp.org/index.php/Main_Page https://sans.org/ infosecinstitute/ [*] Any Comments are welcome :)
Posted on: Mon, 22 Dec 2014 21:14:04 +0000
Trending Topics
Recently Viewed Topics
© 2015