Stack Overflow
Stack Overflow

Questions tagged [security-testing]

The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, availability, authorization and non-repudiation.

Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing security testing is not an indication that no flaws exist or that the system adequately satisfies the security requirements.

Typical security requirements may include specific elements of confidentiality, integrity, authentication, availability, authorization and non-repudiation. Actual security requirements tested depend on the security requirements implemented by the system. Security testing as a term has a number of different meanings and can be completed in a number of different ways. As such a Security Taxonomy helps us to understand these different approaches and meanings by providing a base level to work from.

70 questions
1
vote
1 answer

Installation of QARK in ubuntu 18.04

I've tried to install QARK in my Ubuntu 18.04 Desktop machine. I was following some docs provided by Linked In but it has not worked for me.
Manu VS
  • 61
  • 2
  • 7
1
vote
2 answers

In the ExtJs's CellEditing plugin if we put security string, then it executes

In the ExtJs's(ExtJs 3.1) CellEditing plugin if we put security string like > in any of the cell, then it executes (alert will be shown). Can we prevent this using any beforeEdit or Validateedit or edit events?
Him Singhvi
  • 103
  • 3
  • 13
1
vote
1 answer

How to automate Fuzz operation in ZAP?

I know there is zapv2 library, but how could I automate Fuzz in zapv2 ? Is it possible to use zapv2 to locate a fuzz file ? and trigger fuzzer scan ? Thanks !
allencharp
  • 1,101
  • 3
  • 14
  • 31
1
vote
1 answer

Owasp Zap: spider scan stops at 99%

Owasp Zap: spider scan stops at 99%. and not getting completed 100% even after waiting for long time. Please help me! Screenshot
Dhruval Patel
  • 13
  • 3
1
vote
2 answers

how can we use OWASP ZAP tool to check the validation quality of an application

I want to check the quality of login page validation. So can I use OWASP zap to achieve this. I want to regonice the weak password as well as generation of weak session tokens, error messages and etc. Is it possible in Zed Attack Proxy
user8795416
1
vote
2 answers

Mobile app with configuration to access different server environment

just wanted to know if it is a good practice for app development where in build variants can access same set of server environment. For example, with a production build I can access development, staging, and production server just by changing…
Ashwani Kumar
  • 834
  • 3
  • 16
  • 30
1
vote
2 answers

Testing an iOS app's SSL/TLS certificate validation using a transparent mitmproxy on OSX

As part of a security test of an iOS app I'm developing, I'd like to verify that it correctly validates SSL/TLS certificates when connecting to various APIs. I installed mitmproxy on my Mac and configured it as a transparent proxy, then configured…
Alex Nauda
  • 4,126
  • 1
  • 24
  • 24
1
vote
1 answer

type of security testing in web based application

looking for Type of Security testing are dynamic and static analysis part of security testing? as QA tester do we need to know programming or coding language knowledge to perform security testing? at what phase of STLC or SDLC we can perform…
binitsql
  • 67
  • 2
  • 10
0
votes
2 answers

On which aspects i should put more emphasis for Security Testing of the Desktop Based Application?

I am testing one Desktop based client server application. I want to perform a Security test of that application. Can anybody explain me which points i can consider while performing Security Test of the Desktop application?
Yoko Zunna
  • 1,804
  • 14
  • 21
0
votes
0 answers

How do we perform penetration testing of a SPA frontend app?

We are building a single page application in React and it should be highly secured. However, I do not find proper resources on doing automated/manual penetration testing so as to find security issues early on. Nowadays, there have been numerous…
Sumit Naik
  • 12
  • 2
0
votes
0 answers

CSP headers are not set in Django in Apache server how to rectify

In Django I m trying set the CSP headers but it is not setting. I tried with various methods but it doesn't works. I used to code in settings.py but CSP headers not set in Django. CSP_REPORT_URI = example.com CSP_NONCE_SCRIPT = False # True if you…
Shivaprakash
  • 11
  • 1
0
votes
0 answers

Is the full XML schema of the context file documented somewhere?

When generating a context file using OWASP Zap's Desktop UI (for Windows), I noticed a parameter from the UI missing in the exported context file. Is the full XML schema of the context file documented somewhere so we can add elements in…
Lee
  • 922
  • 2
  • 11
  • 19
0
votes
0 answers

How to bind DVWA to a real available ip in my network?

I started messing with docker and DVWA, I've noticed that the docker DVWA's enviroment is binded to the localhost (127.0.0.1). I wanted to bind it to a real address in order to mess with it from another machine but keeps outputting the following…
chyxo
  • 19
  • 4
0
votes
1 answer

How to automate fuzzing in ZAP?

We have a requirement as below to automate in ZAP Go through POST request in ZAP tool Identify values which got posted in Request tab Highlight the value passed(for example: to textarea field) and right click > goto Fuzzer Choose required…
sridattas
  • 459
  • 1
  • 6
  • 21
0
votes
0 answers

Is it possible to link Owasp Zap and Browserstack,Crossbrowsertesting.com or SeleniumGrid?

Details: Currently I used Owaspzap with a connection to Postman, and via the api in the local area. But we also want to connect to Browserstack or Crossbrowsertesting.com to test our mobile pages for security issues. Even after intensive research, I…
Mornon
  • 59
  • 5
  • 22
1
2
3 4 5