‘Security Testing Demystified’
‘The information has been provided by Debasis Mohanty.
The original article can be found at: http://www.hackingspirits.com/eth-hac/papers/SecTesting.zip‘
‘This article has been written in very simple language which can be understood not only by security testers but also can be read & understood by non-technical managers as well.
Just to summarize, this article doesn’t talk anything specific about a particular type of attack rather demonstrate a holistic approach for security testing. At a broader level it covers the following areas:
Anatomy of Security Testing
* Understanding the product and its architecture
* Identifying possible attack vectors
* Preparation of test cases
* Vulnerability Research & Discovery
* Exploitation of vulnerabilities found
* Compilation of final security testing report
* Final discussions of bug findings and fixes
Briefs about various mistakes and assumptions made by programmers
Talks about why HTTP-REFERRER is a bad thing to rely on
* How important it is to validate all client side info sent to the server?
* How to identify potential attack vectors?
* How wild and evil imaginations are important attributes for a security tester?
* Anatomy of a Security Testing Report
* Why a final live hack demo is a good thing to do?
The full presentation can be found at: http://www.hackingspirits.com/eth-hac/papers/SecTesting.zip‘