1. Home
  2. Docs
  3. Aapladawakhana Service De...
  4. Technology
  5. Security Scope

Security Scope

  1. Automated Vulnerability Scanning: Automated Vulnerability Scanning of the application to identify obvious and common security holes – (Production replica/Test Environment)
  1. Application Penetration testing: Tests will be performed with the intention to identify the possible internal and external abuse of the application’s sensitive information (Test Environment/Production replica)

Approach:

A high-level approach for conducting Security testing of the Application.

  1. Information Gathering: In this phase, the test team will make an effort to understand the target system to gather the data required for overall Security testing
  1. Vulnerability Assessment: The objective of the phase is to uncover all the possible vulnerabilities in the Web Server and Application under test.
  1. Penetration Testing: In this phase, the target system is subjected to attack and exploited manually with the information gathered in the previous phases of testing in order to confirm the identified vulnerabilities
  1. Security Test Reporting: A security test report is produced with all the identified vulnerabilities for their implications and possible counter measures

Methodology:

OWASP Methodology for testing and focuses on following potential vulnerabilities:

  1. Business logic bypass
  1. SQL / XSS / HTML Injection
  1. Session Management
  1. CSRF vulnerability
  1. Sensitive data exposure
  1. Insecure direct object references
  1. Missing function level access
  1. Privilege escalations
  1. Encryptions

Tools:

The following tools will be used for security testing of application –

  1. Burp Suite Pro
  1. SQL Map
  1. Browser plugin’s – cookie manager, Web develop