Chronicles Of Testing

Is software security of any relevance to the role that I play as a programmer, a product owner, a  business developer, a user and a tester? In the past month, a retail firm failing to fix the reported bugs concerning security led to several user's credentials landing in pastebin.com(revealed and now removed). This article is an attempt to identify every role in SDLC with that of a responsible securitista. Why security needs to be considered as a functional feature? Why should software security be identified as an integral part of SDLC? Why is there a need to build a security team? Why having a mind-set and skills required for security, a boon to any organization? In addition, it is necessary to get consumers to understand that the Application/Website built is robust and secure. And have this message conveyed with the security features that your application provides the users with. The image below is one such attempt by Amazon.   Image courtesy: Amaz...

We web security enthusiasts got together to learn and share about Computer and Web Security. Started by testing a few Table Top Applications ;) Performed Sympathetic, Exploratory, Usability and User Experience testing. Eventually the below topics formed the basis of our learning.  Types of Security threats: 1) SQL Injection Injecting data into the database using SQL Queries. Upon execution of the query: Those error messages that give away sensitive information to the attacker qualifies for a STANDARD Injection. Those error messages that do not give away sensitive information to the attacker qualifies for a BLIND Injection. 2) Code Injection  Is carried out by injecting code into an application using HTML scripting, JavaScript which will be executed when the same information is sent to the server.  Testers: Test, if the data base is yielding results readily by forging such attacks. 3) XSS Cross Site Scripting Injecting malicious data/executable scripts using HTM...