Com545 Lab 5 Essay

5552 Words May 23rd, 2016 23 Pages
Lab Five
Executive Summary A security test is a method of evaluating the security of a computer system or network by methodically validating and verifying the effectiveness of application security controls. A web application security test focuses only on evaluating the security of a web application. The process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities. Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution (Open Web Application Security Project [OWASP], 2014a). Vulnerability is a flaw or weakness in a system's design, implementation, operation or management that
…show more content…
This analysis is important because often there is not a direct link connecting the main application backend. Discovery analysis can be useful to reveal details such as web applications used for administrative purposes. In addition, it can reveal old versions of files or artifacts such as undeleted, obsolete scripts, crafted during the test/development phase or as the result of maintenance. | 4.2.1 Spiders, Robots and Crawlers (OWASP-IG-001) [rename to "Review webserver metafiles" ] | This phase of the Information Gathering process consists of browsing and capturing resources related to the application being tested. | 4.2.x Review webpage comments and metadata(OWASP-IG-00x) | Review the webpage metadata, HTML, JavaScript comments for sensitive information and disabled links/scripts. | 4.2.3 Identify application entry points (OWASP-IG-003) | Enumerating the application and its attack surface is a key precursor before any attack should commence. This section will help you identify and map out every area within the application that should be investigated once your enumeration and mapping phase has been completed. | 4.2.x Identify application exit/handover points (OWASP-IG-00x) | Identify the functional exit points of the application and

Related Documents