Security Testing Question

How to apply eValid to functional testing of web applications.

Security Testing Question

Postby GJones » Thu Apr 17, 2014 2:15 pm

Good evening.

I hope some chap can tell me why do I need to run security test over and over again?

Cheers
GJones
 
Posts: 1
Joined: Tue Apr 15, 2014 1:11 pm

Re: Security Testing Question

Postby eValid » Fri Apr 18, 2014 9:58 am

GJones wrote:Good evening.

I hope some chap can tell me why do I need to run security test over and over again?

Cheers


Hey GJones, thanks for posting your question on the eValid forum.

The short answer is, because the exploit may not be apparent now, but it might be later. You have to catch it when it is "alive".

A SQL injection exploit, for example, is done by spoofing a user in an included JavaScript based SQL interface request. The exploit works when you visit that particular page which might contain content that is NOT from your own website.

To catch that error you have to visit the page, and THEN run the scan for weakness in that page. But the hackers are smart; the exloit may no be there every time.

So actually trying the page to confirm it has NOT been hacked (that is, is secure) is actually a reasonable to do. The comfort you get is that you are very likely to detect an incursion.

Here is a summary of technical resources that the eValid suite has available to apply to general questions of cybersecurity:

http://www.e-valid.com/Products/Documen ... mmary.html

-- eValid Support
eValid
 
Posts: 2431
Joined: Tue Jan 01, 2008 12:48 pm
Location: USA


Return to Desktop and Mobile Device Functional Testing

Design Downloaded from free phpBB templates | free website templates | Free Web Buttons