The 3 Top Techniques For Web Security Testing Using A Proxy
If you’re a web application functional tester, you’ve almost certainly used a proxy to test a few features. (If not, you should!) In this webinar, Paco will briefly show how you get your environment set up to use a proxy, and then show you 3 really fundamental techniques for performing exploratory testing on the security of web applications. Using Burp Suite, a popular web proxy for security testing, we’ll start with the straightforward technique of tamper with the body of the request. This bypasses all the client-side security checks, and lets you focus on the server-side security checks. The second technique will focus on how to tamper with cookies, headers, and other HTTP-level data. The third technique will show you how and why it is sometimes useful to use a proxy to tamper with the HTTP response. While this really only scratches the surface of what a proxy can do for you in your security testing, it’s a great way to get started and get comfortable. Given this as a starting point for web security testing, you can get off the ground and create much more complex and interesting tests.