linux poison RSS
linux poison Email

A Complete Guide to Securing a Website - White Paper

To secure a website or a web application, one has to first understand the target application, how it works and the scope behind it.  Ideally, the penetration tester should have some basic knowledge of programming and scripting languages, and also web security.

A website security audit usually consists of two steps.  Most of the time, the first step usually is to launch an automated scan.  Afterwards, depending on the results and the website’s complexity, a manual penetration test follows.  To properly complete both the automated and manual audits, a number of tools are available, to simplify the process and make it efficient from the business point of view.  Automated tools help the user making sure the whole website is properly crawled, and that no input or parameter is left unchecked.  Automated web vulnerability scanners also help in finding a high percentage of the technical vulnerabilities, and give you a very good overview of the website’s structure, and security status.  Thanks to automated scanners, you can have a better overview and understanding of the target website, which eases the manual penetration process.

For the manual security audit, one should also have a number of tools to ease the process, such as tools to launch fuzzing tests, tools to edit HTTP requests and review HTTP responses, proxy to analyses the traffic and so on.

Read more ...


Post a Comment

Related Posts with Thumbnails