Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 67 views

    INT 407 Syn

    Uploaded by

    Æ Reddy Vïñød
    1. The document discusses security testing of financial web applications through penetration testing and analyzing the results of security audits conducted on several applications from one institution using automatic tools. 2. It provides context on the importance of information security for the finance sector given the sensitive client and organization data involved in banking, transactions, and other financial information. 3. Key aspects covered include the role of penetration testing to simulate attacks and identify vulnerabilities, frameworks for security assessment like OWASP, the use of web scanners in penetration testing, and the importance of risk analysis to measure and prioritize security controls and mitigations.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    INT 407 Syn

    Uploaded by

    Æ Reddy Vïñød
    67 views4 pages
    1. The document discusses security testing of financial web applications through penetration testing and analyzing the results of security audits conducted on several applications from one institution using automatic tools. 2. It provides context on the importance of information security for the finance sector given the sensitive client and organization data involved in banking, transactions, and other financial information. 3. Key aspects covered include the role of penetration testing to simulate attacks and identify vulnerabilities, frameworks for security assessment like OWASP, the use of web scanners in penetration testing, and the importance of risk analysis to measure and prioritize security controls and mitigations.

    Original Title

    INT 407 syn

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    1. The document discusses security testing of financial web applications through penetration testing and analyzing the results of security audits conducted on several applications from one institution using automatic tools. 2. It provides context on the importance of information security for the finance sector given the sensitive client and organization data involved in banking, transactions, and other financial information. 3. Key aspects covered include the role of penetration testing to simulate attacks and identify vulnerabilities, frameworks for security assessment like OWASP, the use of web scanners in penetration testing, and the importance of risk analysis to measure and prioritize security controls and mitigations.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    67 views4 pages

    INT 407 Syn

    Uploaded by

    Æ Reddy Vïñød
    1. The document discusses security testing of financial web applications through penetration testing and analyzing the results of security audits conducted on several applications from one institution using automatic tools. 2. It provides context on the importance of information security for the finance sector given the sensitive client and organization data involved in banking, transactions, and other financial information. 3. Key aspects covered include the role of penetration testing to simulate attacks and identify vulnerabilities, frameworks for security assessment like OWASP, the use of web scanners in penetration testing, and the importance of risk analysis to measure and prioritize security controls and mitigations.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 4

    Name: P Laxmi Narasimha Rao

    Reg No: 11604781


    Roll No:26
    Section:KE027
    Project: OWASP
    Abstract:

    Information security can no longer be neglected in any area. It is a concern to everyone and every
    organization. This is particularly important in the finance sector, not only because the
    financial amounts involved but also clients and organization’s private and sensitive information. As
    a way to test security in infrastructures, networks, deployed web applications and many other
    assets, organizations have been performing penetration testing which simulates an attacker’s
    behavior in a controlled environment in order to identify its vulnerabilities. This article focus on
    the analysis of the results of security audits conducted on several financial web applications
    from one institution with aid of automatic tools in order to assess their web applications
    security level. To help in security matters, many organizations build security frameworks for
    vulnerability assessment, security assessment, threat modeling, penetration testing, risk
    management and many more. As for penetration testing, organizations such as OWASP
    provide vulnerability and security information, a testing methodology, risk analysis and
    penetration testing.

    Introduction:

    The finance sector is one with the most valuable assets in information technology. Banking
    account information, client’s sensitive data and transactions are a few examples. They
    communicate with clients though web platforms and need to insure security and confidentiality.
    Financial entities are investing in penetration testing, a line of defines in information technology to
    assert security in applications, systems and networks . A pen test simulates an attacker’s behavior
    (commonly known as hacker) but in a controlled environment to identify and mitigate
    possible vulnerabilities . A great number of organizations provide frameworks and services to assess
    security such as pen testing, risk assessment, threat modelling and even teach ethical hacking .An
    ethical hacker is a security professional who uses hacking tools and techniques in a legitimate
    way and with consent from an organization to test and find vulnerabilities in a system . Pen
    test is used mainly in the end of the software development process.

    Web Scammers:
    A web scanner is a tool built to simplify the pen tester task. They are able to perform automatic
    attacks to web applications with little or none human intervention . A good web scanner provides
    similar behavior to a web browser. The functionalities that make a complete web scanner
    according to WASC defined in the WASSEC are:
    1. Protocol Support
    2. Authentication
    3. Session Management
    4. Crawling
    5. Parsing
    6. Testing
    7. Command and control
    8. Reporting

    Risk Analysis:
    Risk analysis is the process of identifying risks to organizations, in their work and in how they are
    seen by the world. Part of risk analysis incorporates threats and vulnerability analysis but in
    order to quantify, a measure is required . You cannot control what you cannot measure . A
    correct risk analysis allows an organization to evaluate their security maturity and prioritize
    controls and mitigations.
    Controlling of the Risks:

    1 Verify for Security Early and Often


    2 Parameterize Queries
    3 Encode Data
    4 Validate All Inputs
    5 Implement Identity and Authentication Controls
    6 Implement Appropriate Access Controls
    7 Protect Data
    8 Implement Logging and Intrusion Detection
    9 Leverage Security Frameworks and Libraries
    10 Error and Exception Handling

    Conclusion:
    In this I am going to explain about the OWASP (Open Web Application and Security Project) and its
    security measurements and its vulnerability tests . I will describe and apply a process necessary to verify
    the security of a web application .

    You might also like