SECURITY TESTING from Start

Testing of an application; learn defined its own (respect to application)value. We learned each thing from real world. Real world has given us a concept, be sure before execution. However it is a total a different concept that how much security should provide.

Most of the site are vulnerable, No one is sure in real world ; how can you assure that your sites are secure. Hence we must focus on basics of an application security.

Security takes place with the initial development of an application as a developer start to develop an application. Must focus on weakness of its application.

I have just started to learn security of application with my team. Demand was really ambitious, team was looking for stealing data, Hijacking application etc. A tough task to hijack an application~brain was denying. The hijacking of application! hijacking is not security testing. However, we accept to start working to hack. Ultimately, we get success.

After all, we have understood that hacking and security testing has thin line difference. security testing is to find out all vulnerable points. These points may use for hacking. By learning we have earned that fixation produces another security breach.

Application Security has various point of concern. However, right know we were just looking for business logic.

There is two most famous attack are used by attacker first SQL Injection and second XSS.

SQL Injection.

.SQL injection is a way to communicate database directly. However, it is just because the programmer doesn't focus at this. A simple escaping of SQL Statement stops the vulnerability.

Basic SQL injection can be done through URL. Try to find URL like given below. or User can directly insert SQL inject with filed.

http://www.xyz.com/index.asp?id=123

XSS.

XSS Cross site scripting is another way to get control over. Javascript functions have power. This power of execution can be used to access the vital information of an application.

cross-site scripting can be used at any place where user input is possible. the script can be written to get information.

http://www.xyz.com/index.asp?id=<script>alert( document.forms[0].element[0]);</script>