BASIC TESTS AND TECHNIQUES
Let’s quickly summarise the steps involved in conducting a penetration test: Understand the application. Prepare the threat profile. Prepare the test plan. Execute the test cases. Prepare the report. In the previous chapter, we discussed the first three steps. We saw how a systematic approach is fol...
Gespeichert in:
| Hauptverfasser: | , , |
|---|---|
| Format: | Buchkapitel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | 26 |
| container_title | |
| container_volume | |
| creator | Kapoor, Nilesh Doraiswamy, Arvind Pakala, Sangita |
| description | Let’s quickly summarise the steps involved in conducting a penetration test:
Understand the application.
Prepare the threat profile.
Prepare the test plan.
Execute the test cases.
Prepare the report.
In the previous chapter, we discussed the first three steps. We saw how a systematic approach is followed to arrive at an exhaustive threat profile. We also discussed how a test plan is built – for each threat all possible attacks are listed. During the discussion, we came across a number of attack techniques like SQL injection, cross-site scripting, cross-site request forgery and variable manipulation. It’s time to take a closer look |
| format | Book Chapter |
| fullrecord | <record><control><sourceid>jstor_proqu</sourceid><recordid>TN_cdi_proquest_ebookcentralchapters_480367_9_26</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><jstor_id>j.ctt5hh5jh.7</jstor_id><sourcerecordid>j.ctt5hh5jh.7</sourcerecordid><originalsourceid>FETCH-LOGICAL-j666-38b34a866846dc2c45796de389870f9438d6a5f9df3353b741c4c66075930ffc3</originalsourceid><addsrcrecordid>eNpVjEFLxDAUhCOiuKz9A576BwppX_LyclxrdQvLirSeQ5smlLrYtYn_38p6cS4zA_PNFUu0olxzCRIJ8PpfL_Qt2yDXJIUifseSECa-SmhRUL5hD4-7pi7TtmraJt0dn9ZU7o_123vV3LMb352CS_58y9rnqi332eH1pS53h2xCxAyoB9ERIgkcbGGFVBoHB6RJca8F0ICd9HrwABJ6JXIrLCJXUgP33sKW8cvteZm_vl2IxvXz_GHdZ1y6kx27c3RLMII4oDLaFLgi6QWZQpwX8zsPZjI2RjmOchqNgh9LBkmS</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>book_chapter</recordtype><pqid>EBC480367_9_26</pqid></control><display><type>book_chapter</type><title>BASIC TESTS AND TECHNIQUES</title><source>O'Reilly Online Learning: Academic/Public Library Edition</source><creator>Kapoor, Nilesh ; Doraiswamy, Arvind ; Pakala, Sangita</creator><creatorcontrib>Kapoor, Nilesh ; Doraiswamy, Arvind ; Pakala, Sangita</creatorcontrib><description>Let’s quickly summarise the steps involved in conducting a penetration test:
Understand the application.
Prepare the threat profile.
Prepare the test plan.
Execute the test cases.
Prepare the report.
In the previous chapter, we discussed the first three steps. We saw how a systematic approach is followed to arrive at an exhaustive threat profile. We also discussed how a test plan is built – for each threat all possible attacks are listed. During the discussion, we came across a number of attack techniques like SQL injection, cross-site scripting, cross-site request forgery and variable manipulation. It’s time to take a closer look</description><identifier>ISBN: 9781905356829</identifier><identifier>ISBN: 190535682X</identifier><identifier>EISBN: 9781905356836</identifier><identifier>EISBN: 1905356838</identifier><identifier>OCLC: 609854780</identifier><identifier>LCCallNum: HG1708.7 .S43 2008</identifier><language>eng</language><publisher>United Kingdom: IT Governance Publishing</publisher><subject>Applied sciences ; Baked goods ; Bank accounts ; Banking ; Banking services ; Business ; Command languages ; Communication systems ; Communications technology ; Computer engineering ; Computer networking ; Computer programming ; Computer science ; Computer security ; Cookies ; Data products ; Database design ; Digital communication systems ; Economic disciplines ; Economics ; Engineering ; Financial economics ; Food ; Food science ; Foodstuffs ; Hyperlinks ; Hypertext ; Industrial sectors ; Industry ; Information science ; Internet ; Language ; Lexicology ; Linguistics ; Names ; Network security ; Network servers ; Nicknames ; Professional certification ; Professional services ; Programming languages ; Query languages ; Service industries ; SQL ; Technology ; Traffic ; Transportation ; User names ; Web servers ; World Wide Web</subject><ispartof>Security Testing Handbook for Banking Applications, 2009, p.26</ispartof><rights>2009 Prashant Verma</rights><rights>2009 Shalini Gupta</rights><rights>2009 Sangita Pakala</rights><rights>2009 Raghu Nair</rights><rights>2009 Arvind Doraiswamy</rights><rights>2009 Praveen Singh</rights><rights>2009 Nilesh Kapoor</rights><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Uhttps://ebookcentral.proquest.com/covers/480367-l.jpg</thumbnail><link.rule.ids>779,780,784,793</link.rule.ids></links><search><creatorcontrib>Kapoor, Nilesh</creatorcontrib><creatorcontrib>Doraiswamy, Arvind</creatorcontrib><creatorcontrib>Pakala, Sangita</creatorcontrib><title>BASIC TESTS AND TECHNIQUES</title><title>Security Testing Handbook for Banking Applications</title><description>Let’s quickly summarise the steps involved in conducting a penetration test:
Understand the application.
Prepare the threat profile.
Prepare the test plan.
Execute the test cases.
Prepare the report.
In the previous chapter, we discussed the first three steps. We saw how a systematic approach is followed to arrive at an exhaustive threat profile. We also discussed how a test plan is built – for each threat all possible attacks are listed. During the discussion, we came across a number of attack techniques like SQL injection, cross-site scripting, cross-site request forgery and variable manipulation. It’s time to take a closer look</description><subject>Applied sciences</subject><subject>Baked goods</subject><subject>Bank accounts</subject><subject>Banking</subject><subject>Banking services</subject><subject>Business</subject><subject>Command languages</subject><subject>Communication systems</subject><subject>Communications technology</subject><subject>Computer engineering</subject><subject>Computer networking</subject><subject>Computer programming</subject><subject>Computer science</subject><subject>Computer security</subject><subject>Cookies</subject><subject>Data products</subject><subject>Database design</subject><subject>Digital communication systems</subject><subject>Economic disciplines</subject><subject>Economics</subject><subject>Engineering</subject><subject>Financial economics</subject><subject>Food</subject><subject>Food science</subject><subject>Foodstuffs</subject><subject>Hyperlinks</subject><subject>Hypertext</subject><subject>Industrial sectors</subject><subject>Industry</subject><subject>Information science</subject><subject>Internet</subject><subject>Language</subject><subject>Lexicology</subject><subject>Linguistics</subject><subject>Names</subject><subject>Network security</subject><subject>Network servers</subject><subject>Nicknames</subject><subject>Professional certification</subject><subject>Professional services</subject><subject>Programming languages</subject><subject>Query languages</subject><subject>Service industries</subject><subject>SQL</subject><subject>Technology</subject><subject>Traffic</subject><subject>Transportation</subject><subject>User names</subject><subject>Web servers</subject><subject>World Wide Web</subject><isbn>9781905356829</isbn><isbn>190535682X</isbn><isbn>9781905356836</isbn><isbn>1905356838</isbn><fulltext>true</fulltext><rsrctype>book_chapter</rsrctype><creationdate>2009</creationdate><recordtype>book_chapter</recordtype><recordid>eNpVjEFLxDAUhCOiuKz9A576BwppX_LyclxrdQvLirSeQ5smlLrYtYn_38p6cS4zA_PNFUu0olxzCRIJ8PpfL_Qt2yDXJIUifseSECa-SmhRUL5hD4-7pi7TtmraJt0dn9ZU7o_123vV3LMb352CS_58y9rnqi332eH1pS53h2xCxAyoB9ERIgkcbGGFVBoHB6RJca8F0ICd9HrwABJ6JXIrLCJXUgP33sKW8cvteZm_vl2IxvXz_GHdZ1y6kx27c3RLMII4oDLaFLgi6QWZQpwX8zsPZjI2RjmOchqNgh9LBkmS</recordid><startdate>20090219</startdate><enddate>20090219</enddate><creator>Kapoor, Nilesh</creator><creator>Doraiswamy, Arvind</creator><creator>Pakala, Sangita</creator><general>IT Governance Publishing</general><general>IT Governance Ltd</general><scope>FFUUA</scope></search><sort><creationdate>20090219</creationdate><title>BASIC TESTS AND TECHNIQUES</title><author>Kapoor, Nilesh ; Doraiswamy, Arvind ; Pakala, Sangita</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-j666-38b34a866846dc2c45796de389870f9438d6a5f9df3353b741c4c66075930ffc3</frbrgroupid><rsrctype>book_chapters</rsrctype><prefilter>book_chapters</prefilter><language>eng</language><creationdate>2009</creationdate><topic>Applied sciences</topic><topic>Baked goods</topic><topic>Bank accounts</topic><topic>Banking</topic><topic>Banking services</topic><topic>Business</topic><topic>Command languages</topic><topic>Communication systems</topic><topic>Communications technology</topic><topic>Computer engineering</topic><topic>Computer networking</topic><topic>Computer programming</topic><topic>Computer science</topic><topic>Computer security</topic><topic>Cookies</topic><topic>Data products</topic><topic>Database design</topic><topic>Digital communication systems</topic><topic>Economic disciplines</topic><topic>Economics</topic><topic>Engineering</topic><topic>Financial economics</topic><topic>Food</topic><topic>Food science</topic><topic>Foodstuffs</topic><topic>Hyperlinks</topic><topic>Hypertext</topic><topic>Industrial sectors</topic><topic>Industry</topic><topic>Information science</topic><topic>Internet</topic><topic>Language</topic><topic>Lexicology</topic><topic>Linguistics</topic><topic>Names</topic><topic>Network security</topic><topic>Network servers</topic><topic>Nicknames</topic><topic>Professional certification</topic><topic>Professional services</topic><topic>Programming languages</topic><topic>Query languages</topic><topic>Service industries</topic><topic>SQL</topic><topic>Technology</topic><topic>Traffic</topic><topic>Transportation</topic><topic>User names</topic><topic>Web servers</topic><topic>World Wide Web</topic><toplevel>online_resources</toplevel><creatorcontrib>Kapoor, Nilesh</creatorcontrib><creatorcontrib>Doraiswamy, Arvind</creatorcontrib><creatorcontrib>Pakala, Sangita</creatorcontrib><collection>ProQuest Ebook Central - Book Chapters - Demo use only</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Kapoor, Nilesh</au><au>Doraiswamy, Arvind</au><au>Pakala, Sangita</au><format>book</format><genre>bookitem</genre><ristype>CHAP</ristype><atitle>BASIC TESTS AND TECHNIQUES</atitle><btitle>Security Testing Handbook for Banking Applications</btitle><date>2009-02-19</date><risdate>2009</risdate><spage>26</spage><pages>26-</pages><isbn>9781905356829</isbn><isbn>190535682X</isbn><eisbn>9781905356836</eisbn><eisbn>1905356838</eisbn><abstract>Let’s quickly summarise the steps involved in conducting a penetration test:
Understand the application.
Prepare the threat profile.
Prepare the test plan.
Execute the test cases.
Prepare the report.
In the previous chapter, we discussed the first three steps. We saw how a systematic approach is followed to arrive at an exhaustive threat profile. We also discussed how a test plan is built – for each threat all possible attacks are listed. During the discussion, we came across a number of attack techniques like SQL injection, cross-site scripting, cross-site request forgery and variable manipulation. It’s time to take a closer look</abstract><cop>United Kingdom</cop><pub>IT Governance Publishing</pub><oclcid>609854780</oclcid></addata></record> |
| fulltext | fulltext |
| identifier | ISBN: 9781905356829 |
| ispartof | Security Testing Handbook for Banking Applications, 2009, p.26 |
| issn | |
| language | eng |
| recordid | cdi_proquest_ebookcentralchapters_480367_9_26 |
| source | O'Reilly Online Learning: Academic/Public Library Edition |
| subjects | Applied sciences Baked goods Bank accounts Banking Banking services Business Command languages Communication systems Communications technology Computer engineering Computer networking Computer programming Computer science Computer security Cookies Data products Database design Digital communication systems Economic disciplines Economics Engineering Financial economics Food Food science Foodstuffs Hyperlinks Hypertext Industrial sectors Industry Information science Internet Language Lexicology Linguistics Names Network security Network servers Nicknames Professional certification Professional services Programming languages Query languages Service industries SQL Technology Traffic Transportation User names Web servers World Wide Web |
| title | BASIC TESTS AND TECHNIQUES |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-21T17%3A49%3A56IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-jstor_proqu&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=bookitem&rft.atitle=BASIC%20TESTS%20AND%20TECHNIQUES&rft.btitle=Security%20Testing%20Handbook%20for%20Banking%20Applications&rft.au=Kapoor,%20Nilesh&rft.date=2009-02-19&rft.spage=26&rft.pages=26-&rft.isbn=9781905356829&rft.isbn_list=190535682X&rft_id=info:doi/&rft_dat=%3Cjstor_proqu%3Ej.ctt5hh5jh.7%3C/jstor_proqu%3E%3Curl%3E%3C/url%3E&rft.eisbn=9781905356836&rft.eisbn_list=1905356838&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=EBC480367_9_26&rft_id=info:pmid/&rft_jstor_id=j.ctt5hh5jh.7&rfr_iscdi=true |