Sit Down Series: On Web Security - 1
We web security enthusiasts got together to learn and share about Computer and Web Security. Started by testing a few Table Top Applications ;) Performed Sympathetic, Exploratory, Usability and User Experience testing. Eventually the below topics formed the basis of our learning. Types of Security threats: 1) SQL Injection Injecting data into the database using SQL Queries. Upon execution of the query: Those error messages that give away sensitive information to the attacker qualifies for a STANDARD Injection. Those error messages that do not give away sensitive information to the attacker qualifies for a BLIND Injection. 2) Code Injection Is carried out by injecting code into an application using HTML scripting, JavaScript which will be executed when the same information is sent to the server. Testers: Test, if the data base is yielding results readily by forging such attacks. 3) XSS Cross Site Scripting Injecting malicious data/executable scripts using HTM...