Practical Security Testing for Web Applications

[presentation]
by
Rafal Los, Hewlett-Packard Application Security Center
Summary: 

Testing teams are generally quite efficient at testing Web applications through a wide range of functional data, business processes, and click streams. However, testing for security defects, which requires testing and a different mindset, is another story. Security testing involves anticipating what the application is not expecting and building test cases to cover those situations. Rafal Los demonstrates the approaches you need to understand negative security testing by offering insight into common attacks from simple parameter-based attacks like Cross-Site Scripting (XSS) and SQL Injection (SQLi) to more complex attacks like Cross-Site Request Forgeries (CSRF) and multi-stage persistent Cross-Site Scripting attacks (pXSS). Rafal provides examples and methodologies for gathering information, creating a negative-test strategy, executing attacks, and interpreting the results. Take back a new understanding of Web security issues and proven methods for addressing them proactively.

Upcoming Events

Apr 27
Jun 08
Sep 21