Tuesday, January 19, 2021
Techiexpert.com
No Result
View All Result
  • Login
  • Register
  • Home
  • Tech news
  • Startups
  • AI
  • IOT
  • Big Data
  • Cloud
  • Data Analytics
  • ML
  • Blogging
Techiexpert.com
No Result
View All Result

Do you mean SOFTWARE SECURITY :: Webslayer

Yasemin Bakır by Yasemin Bakır
June 8, 2017
in Tech news
Reading Time: 3min read
A A
0
Do you mean SOFTWARE SECURITY :: Webslayer
13
SHARES
181
VIEWS
Share on FacebookShare on Twitter

SOFTWARE SECURITY, FUZZ TESTING AND WEBSLAYER
In recent years, secured software product development  has increased. Consequently, software security testing has become more important. According to me, basic way to provide security is to discover vulnerabilities of your own applications. So, you should be black hat hacker of your systems.

The vulnerabilities of systems can be identified with some attacks. Penetration testing  is the common name of attack methods. Web based applications can be collapsed by a penetration testing  method. There are several testing techniques in the software security testing literature like “Information Disclosure Attacks”, “Authentication/Authorization Attacks”, “Design Attacks”, “Input Attacks”,  “Cryptographic Attacks”, “Logic/Implementation (business model) Attacks”.

Fuzz testing was developed at the University of Wisconsin Madison in 1989 by Professor Barton Miller and his students.

Do you mean SOFTWARE SECURITY :: Webslayer 1

ADVERTISEMENT

Status Of Security Testing In STLC:
Unit Test, Integration Test,  System Test, Acceptance Test are constitute the core of the STLC, but security testings are protective shell of the system. Fuzzing is a security testing method that is a part of STLC (Software Testing Life Cycle). This technic sends random or nonrandom datas and gives informations about behaviours of the system. Fuzzing test can be use in Integration Test and Unit Test process. Fuzzing includes negative testcases which aim to crack down the system.

Lets’s consider input attacks methods. For example, fuzzing ( fuzz testing ) steps include input attacks. Fuzzing is a black box testing tecnique. Black box testing is a functional testing method which doesnt’t allow to see codes. Therefore it is based on shallow bugs. The aim is to understand the strengths and weaknesses of the system against external attacks. It’s a kind of brute force attack to systems.

Fuzzing Steps:

Fuzzing has six steps that are “Identity Interfaces”, “Generate Input”, “Send Input”, “Monitor Target”, “Analyse Exceptions” and last step is “Reporting”.
·         Identifying Interfaces: First step, the test items to be fuzzed are determined. The test items are a test management activity plan, a specified system’s web link which has login page, network system, database, test cases that is negative terms. In this step, to be specified input resources.
·         Generating Input: This activity requires  a fuzzing tool that generates limited or unlimited and random or nonrandom datas for attack application’s input fields like textboxes ( user name, password…). The datas includes strings, numbers and other characters. It is desired to use different values with arrays.
·         Sending Input: In this step, starts sending datas to selected inputs by the tool. Sending data will be in different combinations with characters in the arrays. Valid or invalid datas can be used.
·         Monitoring Target:In monitor target step, system behaviours, vulnerabilities and the response of the system to attack recorded.
·         Analysing Exceptions: The results of the test case execution to be analysed that understand to potential impacts on reliability and security.
·         Reporting: After analysing exceptions the results reported. Multiple filters for improving the performance and for producing better results for the analysing. Such as used standards, sections, implementation specification, executed test cases, current status…

A Smart Fuzzing Tool : Webslayer
Webslayer tool is designed by OWASP for brute forcing web applications. It has multiplatform and it allows to brute force attacks of any kind in any part of the http request (Post, get, headers, Authentication,etc), parameter fuzzing and injection (XSS, SQL, etc), Basic and Ntml brute forcing, Predictable resource locator (File and directories discovery).
It is a smart fuzzing tool that is mean selected nonrandom datas and data types to attack to systems.In Webslayer tool terms, an array size, location of empty strings or boundaries, integer values or signed integers combinations can be changed.
At the same time the tool can to be adding invalid headers, generating double headers and permutation header’s values.
The possibilities will be increased if the array include large combination. For example;
The array values ; {0,1,2,3,4,5,6,7,8,9,a,b,c} and system is sending 3-digit numbers to the web application.
Can you imagine possibilities? : 12!13!13!=….
This situation negatively affects the system performance. So that by optimizing the number of possibilities that is provided for maximum performance with Webslayer tool.

Tags: fuzzingsdlcsecuritystlcwebslayer
Share5Tweet3Share1Pin1
Yasemin Bakır

Yasemin Bakır

7+ years experience on Software Projects, Big Data, Telecommunication Industry, Technical Analysis

Related Posts

Second Edition of SAP-CIIE Startup Accelerator Program Announced
Tech news

5 Ways To Grow Your Startup’s Visibility Online

January 18, 2021
Impact of COVID-19 on Startups Funding
Tech news

Post-Pandemic Investment Management: Why turn to AI

January 17, 2021
Get Maximum Benefit from your LinkedIn App using Piwaa
Tech news

Get Maximum Benefit from your LinkedIn App using Piwaa

January 16, 2021
chatbot customer service
Tech news

25 Virtual Assistant Services You Can Offer Your Clients

January 14, 2021
Learn how to set up automated security testing
Tech news

Majority of DDoS Attacks in 2020 – StormWall Report

January 14, 2021
Broadband – Types & Their Benefits to Cloud Computing
Tech news

Broadband Connection – Types & Their Benefits Explained

January 14, 2021

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Latest Stories

What Should eCommerce Owners Invest in to Improve Their Site
Blogging

What Should eCommerce Owners Invest in to Improve Their Site

by Sony T
January 18, 2021
Second Edition of SAP-CIIE Startup Accelerator Program Announced
Tech news

5 Ways To Grow Your Startup’s Visibility Online

by Sony T
January 18, 2021
Impact of COVID-19 on Startups Funding
Tech news

Post-Pandemic Investment Management: Why turn to AI

by Daglar Cizmeci
January 17, 2021
Get Maximum Benefit from your LinkedIn App using Piwaa
Tech news

Get Maximum Benefit from your LinkedIn App using Piwaa

by Sony T
January 16, 2021
chatbot customer service
Tech news

25 Virtual Assistant Services You Can Offer Your Clients

by Sony T
January 14, 2021
Load More
Techiexpert.com

© 2020 All Rights Reserved

  • Terms of use
  • Privacy Policy
  • About Us
  • Contact us
  • Write For Us
  • Cookie Policy

  • Login
  • Sign Up
No Result
View All Result
  • Home
  • Tech news
  • Startups
  • AI
  • IOT
  • Big Data
  • Cloud
  • Data Analytics
  • ML
  • Blogging

© 2020 All Rights Reserved

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.