Security Testing – Points to take care

Uncategorized

Following Things are supposed to take care for the security of any Web based application:

  1. Make ensure the security of the project; you should delete any users who are no longer working on the project/application.
  2. We should Edits IP Address restrictions for web security, so that a particular computer or group of computers
  3. Have certain access rights on the FrontPage web. IP Address masks can include asterisk wildcards, for example “128.109.*.*”. We can do this by typing this command from Run, this htm is existing in each & every windows machine:

C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40admisapiipaddr.htm
C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40admcgiipaddr.htm

  1. Cookies: Cookies are often used to store information about the user and his actions on a particular site. When a user accesses a site that uses cookies, the web server sends information about the user and stores it on the client computer in form of a cookie. These can be used to create more dynamic and custom-made pages or by storing, for example, login info. If you have designed your site to use cookies, they need to be checked. Verify that the information that is to be retrieved is there. If login information is stored in cookies check for correct encryption of these. If your applications require cookies, how does it respond to users that disabled the use of such? Does it still function or will the user get notified of the current situation. How will temporary cookies be handled? What will happen when cookies expire? Depending on what cookies are used for, one should examine the possibilities for other solutions:
  2. Encryption of e.g. login info
  3. Users denying or accepting.
  4. Temporary and expired cookies
  5. Log-files: are a very important in order to maintain security at the site. Verify that relevant information is written to the log-files and that the information is traceable. When secure socket layers are used, verify that the encryption is done correctly and check the integrity of the information, No access to edit scripts on the server without authorization.
  6. Hackers often stress systems by providing loads of wrong in-data until it crash and then gain access to it during start-up. So make sure that login page is capable to handle a heavy load.