1 check for sql injection attacks2 secure pages should use https protocol3 page crash should not reveal application or server info . Error page should be displayed for this.4 escape special characters in input5 error messages should not reveal any se…

相关学习资料 http://www.cnblogs.com/LittleHann/p/3823513.html http://www.cnblogs.com/LittleHann/p/3828927.html http://www.searchsecurity.com.cn/showcontent_56011.htm https://www.owasp.org/index.php/File:OWASP_Testing_Guide_Presentation.zip information syst…

IOS Application Security Testing Cheat Sheet    [hide]  1 DRAFT CHEAT SHEET - WORK IN PROGRESS 2 Introduction 3 Information gathering 4 Application traffic analysis 5 Runtime analysis 6 Insecure data storage 7 Tools 8 Related Articles 9 Authors and P…

Security Testing BasicsSoftware security testing is the process of assessing and testing a system to discover security risksand vulnerabilities of the system and its data. There is no universal terminology but for our purposes,we define assessments a…

1 check if page load time is within acceptable range2 check page load on slow connections 3 check response time for any action under light, normal, moderate and heavy load conditions4 check performance of database stored procedures and triggers5 chec…

1 check if correct data is getting saved is database upon successful page submit2 check values for columns which are not accepting null values3 check for data integrity. Data should be stored in single or multiple tables based on design4 Index names…

When writing tests for your application it is often desirable to avoid hitting the database.  Entity Framework allows you to achieve this by creating a context – with behavior defined by your tests – that makes use of in-memory data. This article wil…

Day 7: Http 和 Https Why? 当在网络上传输一些私人,敏感信息时,应该采用加密的手段来保证这些信息在传输的过程中不被侦测到.Https协议正是这种实现机制. Https是一种广泛使用的安全通信协议,下面是维基百科对它的定义: 超文本传输安全协议(缩写:HTTPS,英语:Hypertext Transfer Protocol Secure)是超文本传输协议和SSL/TLS的组合,用以提供加密通讯及对网络服务器身份的鉴定.HTTPS连接经常被用于万维网上的交易支付和企业信息系统中…

http://www.ivizsecurity.com/blog/penetration-testing/live-cd-penetration-testing-pen/ Yesterday I was researching for some of the other lesser known live CDs for penetration testing.  While I’m an avid user and a fan of backtrack, someone mentioned t…

测试策略 描述测试工程的总体方法和目标:根据测试需求,描述在什么测试阶,依据什么测试要素和目标,进行什么种类的测试,使用什么样的测试方法和工具. 测试策略的制定主要包含如下内容: 确定测试过程要使用的测试技术和工具: 制定测试启动.停止.完成标准: 进行风险分析和应对方案. 根据测试需求分解测试单元,编写测试计划: β测试_Beta测试 β测试,英文是Beta testing.又称Beta测试,用户验收测试(UAT). β测试是软件的多个用户在一个或多个用户的实际使用环境下进行的测试.开发者通常…