Security testing of Web Applications deals with
finding out all the inconsistencies and loopholes in the system which may
result in a loss of information and used for unwanted purposes. Security
Testing is not only mandatory, but it also needs to be continuous.
Security Issues of Web Applications can be
prioritized based on
- Exploitability
– which is based on the ease at which the software can be exploited/violated.
- Detectability
– refers to the ease at which the threat can be detected
- Impact
on the software - refers to the magnitude of damage that can be done if the
security loophole is attacked.
Let us review the main web application security
issues that require services for a thorough and continuous security testing of
web applications.
- SQL Injection and Cross Site Scripting: It is a kind of security issue that allows a user to alter backend SQL commands by crafting malicious data into application and tricking it to execute unintended commands or accessing unauthorized data. Cross Site Scripting or XSS targets users by injecting JavaScripts into the output of a Web Application. Such compromised outputs allows a hacker to obtain user sessions. This occurs whenever the data supplied by the user is not properly validated.
- Improper Session Management: While authenticating user credentials, user sessions are created in order to keep track of user HTTP requests. Such authentication credentials need to be encrypted at all times. A walk by attack or an XSS attack can steal the session values and impersonate the original user. Hence all high valued functions should carry out a two factor authentication.
- Web Server Security Misconfiguration: Misconfiguration of web servers and applications are very common. These include –
