February 27, 2016 at 6:58 pm #11038@suraj2016Only available when logged in
Currently, I am working as Software Tester in a bank, I want to test my company’s website, How can I start to test website ?
Which idea should I apply while testing security of this banking domain ?March 4, 2016 at 2:37 pm #11090March 7, 2016 at 6:42 pm #11098@thoughtsofdevaOnly available when logged in
Depends on what actually you test.. If it is going to be consumer banking site, then its a great challenge in performing security testing. As this is very important and has a power to destroy customers trust and may possibly increase the cost on controlling any threats in the future.
Below are the key factors:
You can use tools like Fiddler, which will actually help in tampering the consumer entered data and see if they pass through. You will have to perform on each and every field in each and every sub-apps of the application/website. It is huge to think this way. Alternatively, you can filter out items/fields which are classified as highly sensitive and/or Mandatory. As I say this, I also mean there are different approaches while using different tools. What I know is a little, there are a lot to know about Web Application Security factors.March 9, 2016 at 1:05 pm #11110@jarilaaksoOnly available when logged in
Due to the vagueness of the question, I presume the questioner is a rather junior tester. Because of this, I imagine OWASP testing guides could be a good start. If OWASP is heavy to start with, one can go for something possibly lighter, such as udemy. An interesting approach and collection of resources can be found from Atlassian guest blog. And lastly, as so very often happens, TestInsane has this covered, too.
You must be logged in to reply to this topic.