Software Testing

What is Cross-Site Scripting?

Posted on

What is Cross-Site Scripting (XSS)? Cross-Site Scripting (XSS) attacks are a type of injection problem, in which malicious scripts are injected into the otherwise trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. XSS attacks […]

Software Testing

SQL Injection

Posted on

SQL injection is a technique often used to attack data driven applications. This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed SQL command to the database. SQL injection is a code injection technique that exploits a security vulnerability in […]

Software Testing

Security testing tips

Posted on

This post is in continuation of my earlier post on security testing.  Before I move into details of security testing here are few tips for beginners and some browser add-on that can help in security testing.   Security testing tips:- Directory listing is enabled or disabled –  You can see if it is enabled or disabled […]

Software Testing

Security Testing – What is Security testing?

Posted on

What is Security testing? Security testing is a process to determine that an information system protects data and maintains functionality as intended. It is the process that determines that confidential data stays confidential and users can perform only those tasks that they are authorized to perform. Security testing covers confidentiality, integrity, authentication, availability, authorization and […]

Software Testing

Security Testing

Posted on

Security Testing What is Security testing? Security testing is a process to determine that an information system protects data and maintains functionality as intended. It is the process that determines that confidential data stays confidential and users can perform only those tasks that they are authorized to perform. Security testing covers confidentiality, integrity, authentication, availability, […]