Security Testing

Security testing is performed to determine the key information security attributes of data confidentiality, integrity and availability in an application. Upon agreement with the client, AppTest Software can utilize a variety of attack techniques to check the security attributes of an application. These include:

Cross site scripting (XSS):

It involves inputting a script that is accepted and displayed by the server. Executing this script on the client-side causes an undesirable event in the user machine.

SQL injection:

This modifies the SQL query that is then executed by the server, again causing an unintentional event e.g. the attacker is able to view confidential data and even increase his privileges for a more severe attack.

Password cracking/ guessing:

A large number of potential passwords are automatically attempted against the application. This may result in the attacker logging in as a legitimate user.

Data tampering:

This involves modifying the data after it is accepted by the client-side application. This results in bypassing all client-side application controls.

Session hijacking:

This is taking over an active session of another user. It allows the attacker to impersonate another user and view and modify their data. In addition, the AppTest Software team uses black box vulnerability scanners to complement the determination of vulnerabilities found by the above attack techniques.