prashant singhMay 31, 20182 minSecurity Testing Procedure and ApproachesIt is a type of software testing that checks whether the application or product is secured or not. Or Security testing is performed to...
prashant singhMay 31, 20181 minCSRF(Cross Site Request Forgery)Cross site request forgery happens in authenticated session when the server is trust on the user. CSRF attack occurs when a malicious...
prashant singhMay 31, 20182 minCross Site Scripting Attack and SolutionXSS:- It doesn't need an authenticated session and can be exploited when the vulnerable website doesn't do the basic validation or...
prashant singhMay 31, 20181 minSecurity HeaderBelow all headers are mitigating Cross-site scripting. Content Security Policy Header:- system.webServer> <httpProtocol> <customHeaders>...
prashant singhMay 31, 20181 minContent security policy headerCurrently, OWASP update the Header issue To protect against Cross-Site Scripting, set the 'default-src' policy, or 'script-src' AND...
prashant singhMay 31, 20181 minSome more attribute to set in session and headersMissing HTTP ONLY attribute in session cookie <session-config> <cookie-config> <http-only>true</http-only> </session-config>...
prashant singhMay 31, 20181 minDifference between multiple security termsEncoding Maintaining data usability Reversed data by employing same algorithm No secret key Encryption Maintaining data confidentiality...
prashant singhMay 31, 20181 minDifference security termsPhishing Steal the information It is a method of retrieval Phishing attack is use spoofing Steal the information Spoofing Download...
prashant singhMay 31, 20181 minUnion SQL InjectionIn this attacker uses the UNION Statement for the attack which merges the two or more selected statement for retrieving the data from the...
prashant singhMay 31, 20181 minSession Hijacking Attack and PreventionSession Hijacking:- It is also known as TCP hijacking or cookie hijacking obtaining a session ID over the network. Once a session has...