|
| Challenges |
| • |
Finding vulnerabilities in feature and page rich web applications |
|
|
| • |
When the number of roles (and thus privilege levels) increase, the number of test cases increases quickly as the number of privilege-level combinations increase |
|
|
| • |
Security testing tools today can't keep up when new versions of an application are released frequently |
|
|
| • |
Lots of HTTP requests from Web 2.0 applications where the client is constantly issuing requests for small changes to the page. Every request is a potential candidate for tampering a variable, injecting a SQL snippet, or embedding a script |
|
| XBOSoft Solutions |
| • |
XBOSoft's approach to security testing combines intelligence, with experience and the right tools to find the most holes in the least amount of time |
|
|
| • |
Partition tests into smaller modules and module dependent clusters |
|
|
| • |
Focus on specific security functions like privilege escalation, authentication, cryptography, and business rule violation |
|
|
| • |
Use automated testing methods combined with judiciously applying brute force techniques, like fault injection |
|
|
| • |
Focus on the threats to intelligently reduce the number of pages |
|
|
| |
|
DDoS attacks. Distributed Denial of Service attacks generate a torrent of incoming messages to a website that forces it offline, thereby denying legitimate visitors and can overwhelm websites and web applications |
|
| |
|
Hacking attacks. Hacking attacks use password theft, backdoors, SQL injection, viruses, trojans, bots, and a variety of other methods to allow an external party to gain direct control over the functions and data of your site or damage or prevent it from operating properly |
|
| |
|
Phishing/Social Engineering attacks. Phishing/Engineering attacks attempt to manipulate or trick your users to voluntarily provide information that will allow a third party to gain unauthorized access to a site's operations and data |
