Some common terms in web application security testing:<\/p>\n
Password Cracking<\/strong>: \u00a0In order to log in to the private areas of the application, one can either guess a username\/ password or use some password cracker tool for the same. Lists of common usernames and passwords are available along with open source password crackers. \u00a0Enforce a complex password (e.g. with alphabets, number and special characters, with at least a required number of characters)<\/p>\n URL manipulation<\/strong>: \u00a0Check all ranges of input variables. Dont accept values which are not needed by the application. Avoid forming dynamic variables.<\/p>\n SQL Injection<\/strong>:\u00a0This is the process of inserting SQL statements through the web application user interface into some query that is then executed by the server. \u00a0Escape the quotes. Use mysql_escape_string or equivalent.<\/p>\n Cross Site Scripting<\/strong>: \u00a0When a user inserts HTML\/ client-side script in the user interface of a web application and this insertion is visible to other users, it is called XSS. All HTML tags should be scrubbed from the variables. Dont use eval directly on any user input.<\/p>\n Spoofing<\/strong>:\u00a0The creation of hoax look-alike websites or emails is called spoofing. \u00a0Use identity images like the ones Yahoo! and bank websites are using so that user is confident he is logging on to the correct system.<\/p>\n Crumbs<\/strong>: To ensure user has come from a \u00a0previous page in the flow and not directly.<\/p>\n","protected":false},"excerpt":{"rendered":" Some common terms in web application security testing: Password Cracking: \u00a0In order to log in to the private areas of the application, one can either guess a username\/ password or use some password cracker tool for the same. Lists of common usernames and passwords are available along with open source password crackers. \u00a0Enforce a complex … Continue reading Security in web applications<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,11,8],"tags":[],"class_list":["post-20","post","type-post","status-publish","format-standard","hentry","category-uncategorized","category-security","category-web-development"],"_links":{"self":[{"href":"http:\/\/www.tech.dimprash.com\/index.php?rest_route=\/wp\/v2\/posts\/20","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.tech.dimprash.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.tech.dimprash.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.tech.dimprash.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.tech.dimprash.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=20"}],"version-history":[{"count":5,"href":"http:\/\/www.tech.dimprash.com\/index.php?rest_route=\/wp\/v2\/posts\/20\/revisions"}],"predecessor-version":[{"id":23,"href":"http:\/\/www.tech.dimprash.com\/index.php?rest_route=\/wp\/v2\/posts\/20\/revisions\/23"}],"wp:attachment":[{"href":"http:\/\/www.tech.dimprash.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=20"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.tech.dimprash.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=20"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.tech.dimprash.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=20"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}