Geek Answers Handbook

Website Security Testing

I am currently working on a school assignment that requires us to conduct security testing on a website created by one of our colleagues. The website is created using ASP.Net 3.5 / 4 and the MS-SQL database.

The main functions of the website:

  • Registration and login using roles
  • Download Documents
  • Sharing uploaded documents
  • Leave comments on common documents

I have already started testing the website using:

  • XSS in the Regions, Log In, and Leave a Comment section
  • SQL Injection on Registration and Login Pages
  • Downloading executables with a different extension (I changed the executable .docto to check if the system checks the file extension or the actual contents)

These tests were performed manually, and I have access to the source code!

Can you suggest any other tests that I could perform?

Greetings

+5
source share
3 answers

OWASP is a good resource for blocking - I contacted their "first tenth" items, as I followed, he blocked the application himself and found it to be really useful.

Having turned into any element in their top ten, you will learn how to recognize a specific vulnerability and offer to remove this vulnerability. All code agnostics, high-level descriptions, so it can be applied to any project .Net, Ruby, PHP, etc.

+3
source

.

: - ( ), , (, cookie, , PHP [secure] - [ ]). , .

, " ". ?

.

+1

Cat.NET( Microsoft, , ).

I'm working to make Cat.NET easier and faster to use inside VisualStudio, and here's a pretty cool PoC how it works: Real-time Vulnerability Creating Feedback Inside VisualStudio (with green and red)

If you are interested in Cat.NET, you can download it from http://www.microsoft.com/en-us/download/details.aspx?id=19968

0
source

More articles:


All Articles