Tuesday, August 24, 2010

Security Testing - Design Guidelines for Secure Web Applications

Security Testing - Design Guidelines for Secure Web Applications

I would suggest to read this article before conducting security test. This will help you understand how and where to check for application vulnerabilities. You can create a check-list and record whether developers are following the below mentioned practices.

Web applications present designers and developers with many challenges. The stateless nature of HTTP means that tracking per-user session state becomes the responsibility of the application. As a precursor to this, the application must be able to identify the user by using some form of authentication. Given that all subsequent authorization decisions are based on the user's identity, it is essential that the authentication process is secure and that the session handling mechanism used to track authenticated users is equally well protected. Designing secure authentication and session management mechanisms are just a couple of the issues facing Web application designers and developers. Other challenges occur because input and output data passes over public networks. Preventing parameter manipulation and the disclosure of sensitive data are other top issues.

Attaching the screen shot that show the vulnerable places where hacker need to exploit.

Link to Microsoft site


1 comment: