Techie Blogger

Welcome Visitor #

Thanks

Follow My Blog

Email subscription

Your email Please :

Welcome To All My Visitors

Dear Visitor,

This Blog is designed for reflect all my IT Security Experience & The Management Skills in all their fields , I Share it with everybody, I will try to share all my knowledge with you , in a best way I can to give you the best benefit.

Also I will share with you all the Security Articles that I like it to share the benefits with you also,

If you are looking for :

  • Security Basics, Security Solutions, Security hotfix info, Security Advices, Ethical Hacking, Pen-Test, Certifications, Work & Job Skills, Proposal Writing, Security Info, Management Skills, Short Online Training, ArcSight Knowledge Base

So you are in the right blog place.

Please see the Blog Categories to browse my blogs it will make you reach to the needed information fast.

Also don't forget to send me your feedback about the Blog, this will give me the chance to enhance it.

PS: to follow all the new posts that I add it in the near future , just register as follower or in the e-mails subscriptions.


Good Luck Regards
Ramy Al Damaty
Riyadh, Saudi Arabia (GMT +3)

Sunday, June 6, 2010

postheadericon Web application Security Assessment and Penetration Testing

9:20 PM | Posted by Ramy

A web application’s security assessment will allow us to analyze the critical components of a Web-based portal, e-commerce application, or Web platform.

  
Using manual techniques and hundreds of appropriate tools the assessment pinpoints specific vulnerabilities and identifies underlying problems. The analysis integrates detailed vulnerability and countermeasure information for:

  • authentication
  • authorization
  • session management
  • data integrity
  • data confidentiality
  • privacy concerns


Tranchulas provides comprehensive reviews for:


  • Fundamental Design Security
  • HTML Source Management
  • General Input Validation
  • SQL Injection
  • Cross Site Scripting
  • Token Analysis (Cookies, Custom Session IDs, etc.)
  • Session Security (Authentication and Authorization)


The Most Common Application Layer Vulnerabilities are:

  

80%                    Cross-site scripting

62%                    SQL injection

60%                    URL Manipulation

37%                    Cookie poisoning

33%                    Database server

23%                    Web Server

19%                    Buffer overflow

Labels:

Blog Archive

All The Rights are Reserved Only to Ramy A. Al Damati.