Embed Size (px)
Citation preview
Security Testing Case Study
360logica Software Testing Services
The Client
Our Customer is a Online News Community http://www.newsfromfriends.com . User can get their personal newspaper and share thoughts and address them to special persons
The requirements
• Customer wanted to make sure their users privacy and content are secured enough, few of their security test requirements are below:
• SQL injection vulnerability• Cross site scripting• Business workflow securities• Authentication security• Brute force authentication breach testing• Firewall security testing• Web server files security
The Solution
• Identification of Application Input e.g. Files, environment variables, parameters in URL, through form submission etc., config files and registry
• Identification Application Output e.g. Files, Environmental Variables , Network Traffic , The Windows Registry , Console/Form , Database Source and Hidden
• Logical tests Authentication, login, Email confirmation, business work flow securities, data encryption etc.
The Technology• PHP
• Linux• Apache
Contribution• Breach finding using cross site scripting and SQL
injection• Breach finding using Brute force authentication• Link injection, other user’s profile access breach
and their content as well• Hidden folders and direct files access from web
server• Email security and Data encryption security
