1 / 12

Automatic security testin g tools for web-based system

Automatic security testin g tools for web-based system. CS577b Individual Research Shi- Xuan Zeng 04/23/2012. Outline. Introduce security testing Web application/system security testing Web application/system security risks Security testing tools comparison Summary.

fairly
Download Presentation

Automatic security testin g tools for web-based system

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Automatic security testingtools for web-based system CS577b Individual Research Shi-XuanZeng 04/23/2012

  2. Outline • Introduce security testing • Web application/system security testing • Web application/system security risks • Security testing tools comparison • Summary

  3. What is security testing? • Providing evidence • Fulfilling requirements • Fundamental processes • Boundary values • Equivalence classes • Security classes * Web Security Testing Cookbook (O’Reilly)

  4. Web application security testing • Functional testing V.S. Security testing • Use variety tools manually and automatically • Simulate and stimulate activities • Goal • Produce repeatable and consistent tests * Web Security Testing Cookbook (O’Reilly)

  5. Web application security risks *OWASP Top Ten Project (2010)

  6. Top 10 Web Application Security Risks *OWASP Top Ten Project (2010)

  7. Security testing tools comparison 1

  8. Security testing tools comparison 2

  9. Summary • Security testing provides evidence and fulfill requirements. • The goal is to produce repeatable and consistent tests. • Beware of top 10 web application security risks. • Choose free, easy used, and good traceability testing tools. • Suggest w3af and N-Stalker Security Scanner Free Edition.

  10. Reference • Web Security Testing Cookbook • PacoHope, Ben Walther; O’Reilly Media Inc.; Oct 28 2008 • OWASP Top Ten Project • https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project • http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf • 10+ Free Web Application Security Testing Tools • http://www.webresourcesdepot.com/10-free-web-application-security-testing-tools/

  11. Questions ?

  12. Thank You!!

More Related