Security testing operation vijay
-
Upload
lavanyam210 -
Category
Technology
-
view
120 -
download
3
Transcript of Security testing operation vijay
![Page 1: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/1.jpg)
Security TestingOperation Vijay
![Page 2: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/2.jpg)
What is hacking?
![Page 3: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/3.jpg)
Hackers
![Page 4: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/4.jpg)
Types of Hackers● Ethical Hackers
● Crackers
![Page 5: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/5.jpg)
DefineSecurity Testing is a type of testing that
intends to uncover vulnerabilities of the system and determine that its data and resources are protected from possible intruders.
![Page 6: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/6.jpg)
Types of Security Testing● Infrastructure Security Testing
● Application Security Testing
![Page 7: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/7.jpg)
When?
![Page 8: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/8.jpg)
Security Testing Vocabulary● Reconnaissance/ Information
gathering
● Vulnerability
● Exploit
![Page 9: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/9.jpg)
Reconnaissance
Demo
![Page 10: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/10.jpg)
Reconnaissance
Mission
![Page 11: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/11.jpg)
P@ssw04d
![Page 13: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/13.jpg)
Default / Weak Passwords
![Page 14: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/14.jpg)
Password Vaults
Demo
![Page 15: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/15.jpg)
Cross Site ScriptingClient side injection attack
Types:
Reflected XSS
Stored XSS
DOM based XSS
![Page 16: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/16.jpg)
Reflected XSS
Demo
![Page 17: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/17.jpg)
![Page 18: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/18.jpg)
Reflected XSS
Mission
![Page 19: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/19.jpg)
Stored XSS
Demo
![Page 20: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/20.jpg)
![Page 21: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/21.jpg)
Stored XSS
Mission
![Page 22: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/22.jpg)
XSS PreventionDon’t use user input as-is
Encoding
X-XSS-Protection Response Header
HttpOnly flag Response Header
![Page 23: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/23.jpg)
Popular XSS Attacks
![Page 24: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/24.jpg)
SQL InjectionAttack where SQL commands are
injected in order to affect the execution of predefined SQL commands
![Page 25: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/25.jpg)
SQL Injection
Demo
![Page 26: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/26.jpg)
![Page 27: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/27.jpg)
SQL Injection PreventionDon’t use user input directly
Use prepared statements
Use stored procedures
Use frameworks
![Page 28: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/28.jpg)
ZAP
![Page 29: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/29.jpg)
Referenceshttps://www.owasp.org
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
https://www.google.co.in/about/appsecurity/tools/
https://xkcd.com/327/
http://www.dvwa.co.uk/
https://www.amazon.in/Web-Application-Hackers-Handbook-Exploiting-ebook/dp/B005LVQA9S
https://google-gruyere.appspot.com
https://www.youtube.com/watch?v=lc7scxvKQOohttps://www.imperva.com/docs/wp_consumer_password_worst_practices.pdf
http://softwaretestingfundamentals.com/security-testing/
![Page 30: Security testing operation vijay](https://reader035.fdocuments.us/reader035/viewer/2022070601/5883569d1a28ab42678b5743/html5/thumbnails/30.jpg)
Thank you
Dhaval Doshi (@dhavaldoshi)Lavanya Mohan (@LavanyaMohan210)
Shirish Padalkar (@_Garbage_)