Aug 15, 2007 8:44:18 AM

This presentation on security testing really gave me some good ideas about how to improve my testing of websites. A few items to check include:

• SQL Injection attacks (top cc attack)
• Cross Site Scripting (XSS) attacks (persistent and once off)
- Forum script
- Forum links
• Phishing Attacks
• Authentication attacks
- Username disclosure in error messages
- Brute force
- Poor session management
- Weak password recovery
• Information Disclosure - Browser cache, error pages
• Buffer / Integer Overflows
• Denial of Service - searches etc
• Request / Cookie Manipulation
• Weak administrative controls
• Registration Abuse
• Bogus Credit Card Transactions

Click "more" to see the whole thing.
[more]

Posted by webcowgirl @ Aug 15, 2007 8:44:18 AM [Link]