Stack Overflow
Stack Overflow

Questions tagged [security-testing]

The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, availability, authorization and non-repudiation.

Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing security testing is not an indication that no flaws exist or that the system adequately satisfies the security requirements.

Typical security requirements may include specific elements of confidentiality, integrity, authentication, availability, authorization and non-repudiation. Actual security requirements tested depend on the security requirements implemented by the system. Security testing as a term has a number of different meanings and can be completed in a number of different ways. As such a Security Taxonomy helps us to understand these different approaches and meanings by providing a base level to work from.

70 questions
0
votes
1 answer

Problems setting up burp suite

I have problems setting up burp suite on my macbook with google chrome. I have followed all guidelines on the official website and my settings look like this: But when I visit websites, I don't see any requests/responses in the intercept tab under…
user2597001
0
votes
2 answers

Automated testing for OWASP A1-A10

I am wondering out of OWASP top 10 (A1-A10) which all can be automated. Is it possible to automate their testing using Selenium, if not which tool can be used to automate them ? Also are there any documents or guidelines or any examples that can be…
CuriousLearner
  • 1,522
  • 1
  • 10
  • 7
0
votes
1 answer

How to do Pen testing / Security testing on Microservices?

Wanted to test microservices for security requirements and did some google and found some good blogs e.g URL: https://www.imbalife.com/sql-injection. Eg.SQL Injection Vulnerable Dorks. inurl:index.php?id= How to test if URL don't have any PHP…
Pooja
  • 2,162
  • 5
  • 33
  • 64
0
votes
1 answer

WebScarab bean shell debug

I'm using WebScarab bean shell. Just wondering what's the best way to debug the shell script?
Paul
  • 954
  • 19
  • 34
0
votes
1 answer

How we can implement security testing on banking domain mobile application?

I have one banking domain mobile application then how i will implement the security testing on that Application?
Prince
  • 3
  • 1
0
votes
1 answer

How to test

I need to pass (alert("XSSTest")) this string in all the field to test-penetration testing. even i dont have much idea about this. Presently am doing this entering this text/script manually to each and every field of my web application. Can any one…
user3540759
  • 1
  • 1
  • 2
0
votes
0 answers

Can I do bufferflow attack on my iOS application (under test), on iphone 5 which is not jail broken ?

I need to find vulnerabilities related to buffer over flow in my iOS app. I have basic understanding of what buffer over flow is, but I don't know about any tools/techniques to find bugs in my iOS application related to bufferoverflow. Can anyone…
Python_Novice
  • 170
  • 4
  • 16
0
votes
1 answer

Read/Write/Delete to phone's internal/external memory using Android application?

Is it possible to read/write/delete the data present in files or folders created by other applications? I am 99% sure that Android OS does not give such permission but to be 100% sure, I want to know this. The whole context is that if I download an…
Chaitanya Khurana
  • 93
  • 1
  • 12
0
votes
1 answer

Is logout option needed for a desktop application

I am testing an application which generates security certificates. I need to login with appropriate credentials to access the application. I don't see an option to logout. Is logout needed for desktop applications, or just exiting/ closing the…
Sheetal Prathap
  • 1
  • 2
0
votes
1 answer

Are there any tools for websites or app security scanning on Mac?

I want to do some security test for iOS app. There are some HTML5 pages in the app, so I want to do some security test such as network request, or others. I know there are many tools on Windows, but are there some tools on Mac? I also want to know…
Ying.Zhao
  • 154
  • 3
  • 13
0
votes
1 answer

zap proxy how to exlude response from alert tab

I'd like to know how to exclude certain responses from the alert tab? If there is a way. Can't find any. For example if the response page reports "character to number conversion error" I'd like to tell the zap attack proxy that this ain't a…
Michael Hausegger
  • 35
  • 1
  • 6
0
votes
2 answers

XSS attack : Alternative to OWASP?

Is there any alternative way to prevent XSS attack than OWASP XSS filter software? I need suggestion if it is possible to prevent at apache level. I am not security expert so need detailed information. Thanks for your help
user1095983
  • 7
  • 1
  • 4
0
votes
2 answers

What are the best penetration testing Linux distributions?

what are the best Linux operating systems that is use to security testing and hacking ? I heard Black track is the best.What are other best OS in the industry and what kind of differences in those OS ?
nu123
  • 141
  • 1
  • 3
  • 15
0
votes
1 answer

Acunetix Webscan

I am scanning my web application which i have build in Asp.net. Scanner is injecting junk data into the system trying to do blind Sql injection on the system but i am using Sql store procedures with parametrized quires which is escaping the blind…
Edi 0
  • 212
  • 5
  • 22
1 2 3
4
5