With the popularity of Internet applications, software security is increasingly important, today I put together a list of software security testing, please take a closer look, see if there are omissions, and more to the force, to supplement in this thanked!
1. The security of the system and test methods
- Security software system
- Safety Codes and Standards System
- Source code review methods
- Risk-based Security Testing
- Permeability Test Method
- Fuzzing method
2. The code security testing
- Program code security
- C ++ / Java security list
- JavaScript Security List
- Code security scanning tools
3. Web security testing
- Dynamic tracking element attributes
- Check the JavaScript event
- Cross-site scripting attacks (XSS)
- Cross-site request forgery attack (CSRF)
- Denial of Service (DOS)
- Cookie hijacking
- Input validation
- Browser security issues
- File upload risk
- Web server security
- MSI IIS vulnerability test
- Apache / Tomcat / ... vulnerability test
- Content Security
- Session Management
- Intercept and modify the post request
- And examples of SQL injection
- AJAX security testing
- Multi-system single sign-on mechanism
- Web security penetration testing
- SQL injection vulnerability scanning tools
- Real-time observation using the request header Firebug
- Use Webscarab observation post real-time data
- Using real-time observation of the response header Tamperdata
- Using curl test URL redirection attacks
- Scan site using nikto
4. The security verifying system functionality
- Password Security
- Authentication
- User rights
- Unauthorized attack
- Access control policy
- Check the operation log
- Configuration Management
- Function failure, caused by abnormal security risk
The security verifying data
- Verification data encoding
- Data encryption and decryption
- System data integrity
- Data Manageability
- Data independence
- Data backup and disaster recovery
6. network and communications security test
- Protocol conformance verification
- Firewall
- Intrusion Detection Technology
- Network Interception
- IPSec/SSL VPN
- Fki / students
- Network Vulnerability Assessment Tool