Software & WebApp Testing. Nisa ul Hafidhoh
|
|
- Julian Ellis
- 5 years ago
- Views:
Transcription
1 Software & WebApp Testing Nisa ul Hafidhoh
2 Testing Process of analyzing a software entity to detect differences between existing conditions and undesirable conditions (defects / bugs) and evaluate features of the software entity (standar ANSI/IEEE 1059)
3 Software Development Activity
4 Testing Activity
5 The Role of each Testing Process Ensure each component/unit aprpropriates with specification Ensure each component/unit collaborate Verification of functional requirements fulfillment Verification of non-functional requirements fulfillment Verification of from user / customer Testing in user environment
6 Software Testing Strategy testing-in-the-small to testing-in-the-large Conventional Software Unit testing: focus on each individual component, ensuring each function is running Integration testing: focus on design and construction of software architecture Validation testing: ensure the PL meets all needs System Testing: PL and other system elements are tested as a whole OO Software Focus on testing each class including attributes and operations Testing of communication / collaboration between classes
7 Software Testing Method
8 Blackbox VS Whitebox Blackbox testing Tidak perlu mengetahui struktur software Juga disebut dengan specificationbased atau functional testing Whitebox testing Harus mengetahui struktur dan implementasi dari software
9 Web App Testing Activity that looks for errors on parts of the Web App, such as: Content Function Structure Usability Navigability Compatibility Interoperability Performance Security
10 Challenge Web-based applications running on the network, and operating with different Systems Operating System Browser Hardware Platform Communication protocol
11 General Error in Web App What is often seen is the result of an error, not the error itself Errors are often difficult to reproduce Need to create environment Errors are often encountered from the WebApp configuration Error must be searched from: Client Server Network
12 Web App Testing
13 Content Testing To uncover syntactic errors (typos, grammatical errors) in document-based text, graphical representations, and other media To uncover semantic error (Focused on the information presented in each item content) To find errors in the organization or content structure presented to users.
14 Navigation Testing To ensure that mechanisms that allow users to browse through the webapp can work and to validate each NSU (Navigation Semantic Unit) can be achieved by the appropriate user category.
15 Navigation Mechanism Navigation/link Internal links within the webapp, external links for other webapps must be ensured, content / functionality can be run. Redirect Tested by asking for an incorrect internal or external URL link and assessing how the webapp handles this request. Bookmarks Despite the browser functionality, the webapp should be tested to ensure that meaningful page titles can be extracted from the bookmarks created.
16 Navigation Mechanism [2] Frame & Frameset Each frame is tested for the correct content, proper layout and size, download performance, and browser compatibility Framesets consist of several frames SiteMap Provided a table of contents of all web pages Each site path must be tested to ensure that the link will bring the user to the right content or function. Internal Search Engines Validate the accuracy and completeness of the search, error handling of search engines, and advanced search features
17 Interface Testing Interface features including font type, use of colors, frames, images, borders, tables, and related interface features generated as a result of webapp execution should be tested Individual interface mechanisms are tested in a way analogous to unit testing (client-side scripting, dynamic HTML, scripting, content streaming) The full interface is tested against the selected use case along with NSU to reveal errors in the interface semantics
18 Interface Mechanism When a user interacts with a web app, the interaction can be through various mechanisms. Link Each navigation link should be checked to ensure that the appropriate content / functionality can be achieved Form Ensure that the labels identifying the fields in the form are correct and the fields must be visually identified to the user The server receives all information contained in the form and no data is lost in the transmission between the client & server Use the appropriate default when the user does not select a pulldown menu or button The browser function (e.g., Back arrow) does not damage data entered in a form
19 Interface Mechanism [2] Client-side scripting Black-box testing is done to uncover errors in processing when the script is run. This test is often combined with form testing, since the input script often comes from the data provided as part of the form processing. A compatibility test should be performed to ensure that the selected scripting language will work well in different environment configurations Dynamic HTML Testing must be performed to ensure that dynamic HTML is displayed correctly. Compatibility Test must be performed to ensure dynamic HTML works well in environment configurations that support webapp
20 Interface Mechanism[3] Pop-up windows A series of tests ensures that : The size and position of the pop-up is correct Pop-ups do not cover the original webapp window The aesthetic design of the pop-up is consistent with the aesthetic design of the interface The scroll bar and other control mechanisms added to the pop-up location and function are correct. Streaming content The test should show that Streaming data is up-to-date, displayed correctly, can be delayed without errors and Restart without difficulty.
21 Interface Mechanism[4] Cookies On the server side, tests should ensure that cookies are properly created and transmitted to the client side when certain content or functionality is requested and to ensure that the expiration date is correct. On the client side, the tests determine whether the webapp correctly? Pastes the cookies for specific requests sent to the server
22 Compatibility Testing A series of compatibility validation tests are derived or often adapted from existing interface tests, navigation tests, performance tests, and security tests. The purpose of this test is to uncover errors or execution problems that can be traced in the different configurations.
23 Component Testing Component level testing, also called functional testing, focuses on a set of tests that attempt to uncover errors in the webapp function. Each webapp function is a software component (implemented on one programming or scripting language) and can be tested using blackbox testing or whitebox technique.
24 Database Testing Test that uncovers errors in communication between webapp and database. The test is designed to uncover errors made when translating user requests into forms that DBMS can process. The raw data obtained from the database must be transmitted to the webapp server and formatted for subsequent delivery to the client. Tests that demonstrate the validity of transformations are applied to the raw data to create valid content objects.
25 Interaction Layer
26 Security Testing A security test designed to investigate vulnerabilities in the client-side environment, the communication network that occurs as data is sent from the client to the server and back again, as well as the server-side environment. Client-side Vulnerability: On the client side, vulnerabilities can often be traced to pre-existing bugs in the browser, program, or communications software. for example: one of the commonly mentioned bugs is Buffer Overflow
27 Security Testing [2] Network Vulnerability: Data communicated between client and server is vulnerable to spoofing. Spoofing occurs when one end of a communication path is undermined by and an entity with malicious intent. For example, A user can be forged by a malicious website that acts as if it is a legitimate web app. The goal is to steal passwords, proprietary information, or credit data.
28 Security Testing [3] Vulnerability in server side: Vulnerabilities include denial-of-service attacks and malicious scripts that can be forwarded to the client side or used to disable server operations For example: the server-side database can be accessed without authorization (data theft).
29 Performance Testing To reveal performance issues because: Lack of server-side resources Insufficient network bandwidth Inadequate database capacity, poor or weak operating system capabilities Poorly designed web app functionality The goal is twofold To understand how the system responds to loading (that is, the number of users, the number of transactions, or the overall volume of data) increases To collect metrics that will cause design modifications to improve performance
30 Load & Stress Testing Load Testing to determine how web applications and server-side environments will respond to various load conditions. Stress Testing Stress testing is a continuation of load testing, but in this case forced to exceed the operational limit.
31 Referensi Pressman, R.S. & David Lowe Web engineering : a practitioner s approach. McGraw-Hill Louise Tamres Introducing Software Testing. First edition, Addison Wesley.
32 Thankyou
Testing Web Applications. Slides copyright 1996, 2001, 2005, 2009 by Roger S. Pressman. For non-profit educational use only
Chapter 20 Testing Web Applications Slide Set to accompany Software Engineering: A Practitioner s Approach, 7/e by Roger S. Pressman Slides copyright 1996, 2001, 2005, 2009 by Roger S. Pressman For non-profit
More informationSoftware Testing Strategies. Slides copyright 1996, 2001, 2005, 2009, 2014 by Roger S. Pressman. For non-profit educational use only
Chapter 22 Software Testing Strategies Slide Set to accompany Software Engineering: A Practitioner s Approach, 8/e by Roger S. Pressman and Bruce R. Maxim Slides copyright 1996, 2001, 2005, 2009, 2014
More informationSoftware Testing Strategies. Software Engineering: A Practitionerʼs Approach, 7/e by Roger S. Pressman
Chapter 17 Software Testing Strategies Slide Set to accompany Software Engineering: A Practitionerʼs Approach, 7/e by Roger S. Pressman Slides copyright 1996, 2001, 2005, 2009 by Roger S. Pressman For
More informationUser Interface Design. Slide Set to accompany. Software Engineering: A Practitioner s Approach, 7/e by Roger S. Pressman
Chapter 11 User Interface Design Slide Set to accompany Software Engineering: A Practitioner s Approach, 7/e by Roger S. Pressman Slides copyright 1996, 2001, 2005, 2009 by Roger S. Pressman For non-profit
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationBeta Mobile app Testing guidelines
Beta Mobile app Testing guidelines Quality Assurance (QA) plays an important role in the mobile applications development life cycle, but many overlook the critical nature of this piece of the app development
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationThe Nature of Software. Slides copyright 1996, 2001, 2005, 2009, 2014 by Roger S. Pressman. For non-profit educational use only
Chapter 1 The Nature of Software Slide Set to accompany Software Engineering: A Practitioner s Approach, 8/e by Roger S. Pressman and Bruce R. Maxim Slides copyright 1996, 2001, 2005, 2009, 2014 by Roger
More informationDefect Based Approach using Defect Taxonomy. Chhavi Raj Dosaj
Defect Based Approach using Defect Taxonomy Chhavi Raj Dosaj Defect Based Testing Dynamic Testing Techniques White-box Black-box Experience based Defect based Defect Based Testing In defect based testing
More informationCSC 482/582: Computer Security. Cross-Site Security
Cross-Site Security 8chan xss via html 5 storage ex http://arstechnica.com/security/2015/09/serious- imgur-bug-exploited-to-execute-worm-like-attack-on- 8chan-users/ Topics 1. Same Origin Policy 2. Credential
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationCURIOUS BROWSERS: Automated Gathering of Implicit Interest Indicators by an Instrumented Browser
CURIOUS BROWSERS: Automated Gathering of Implicit Interest Indicators by an Instrumented Browser David Brown Mark Claypool Computer Science Department Worcester Polytechnic Institute Worcester, MA 01609,
More informationGoogle Chrome. Google Chrome FAQs
Google Chrome FAQs Google Chrome Although it might look different (and despite having some different approaches to managing itself), Google Chrome is still fundamentally a web browser. There are still
More informationTesting Object-Oriented Applications. Slide Set to accompany. Software Engineering: A Practitioner s Approach, 7/e by Roger S.
Chapter 19 Testing Object-Oriented Applications Slide Set to accompany Software Engineering: A Practitioner s Approach, 7/e by Roger S. Pressman Slides copyright 1996, 2001, 2005, 2009 by Roger S. Pressman
More informationQUIZ #5 - Solutions (5pts each)
CS 435 Spring 2014 SOFTWARE ENGINEERING Department of Computer Science Name QUIZ #5 - Solutions (5pts each) 1. The best reason for using Independent software test teams is that a. software developers do
More informationSystem Models. 2.1 Introduction 2.2 Architectural Models 2.3 Fundamental Models. Nicola Dragoni Embedded Systems Engineering DTU Informatics
System Models Nicola Dragoni Embedded Systems Engineering DTU Informatics 2.1 Introduction 2.2 Architectural Models 2.3 Fundamental Models Architectural vs Fundamental Models Systems that are intended
More informationOWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13
Airlock and the OWASP TOP 10-2017 Version 2.1 11.24.2017 OWASP Top 10 A1 Injection... 3 A2 Broken Authentication... 5 A3 Sensitive Data Exposure... 6 A4 XML External Entities (XXE)... 7 A5 Broken Access
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationSoftware Engineering: A Practitionerʼs Approach, 7/e by Roger S. Pressman. Slides copyright 1996, 2001, 2005, 2009 by Roger S.
Chapter 13 WebApp Design Slide Set to accompany Software Engineering: A Practitionerʼs Approach, 7/e by Roger S. Pressman Slides copyright 1996, 2001, 2005, 2009 by Roger S. Pressman For non-profit educational
More information06 Browsing the Internet with Firefox
06 Browsing the Internet with Firefox Before starting on the exercise some explanations. Note these are simplified as the intention is to to help with using and exploiting the internet. You will come across
More informationDeveloping ASP.Net MVC 4 Web Application
Developing ASP.Net MVC 4 Web Application About this Course In this course, students will learn to develop advanced ASP.NET MVC applications using.net Framework 4.5 tools and technologies. The focus will
More information20486: Developing ASP.NET MVC 4 Web Applications
20486: Developing ASP.NET MVC 4 Web Applications Length: 5 days Audience: Developers Level: 300 OVERVIEW In this course, students will learn to develop advanced ASP.NET MVC applications using.net Framework
More informationCOURSE 20486B: DEVELOPING ASP.NET MVC 4 WEB APPLICATIONS
ABOUT THIS COURSE In this course, students will learn to develop advanced ASP.NET MVC applications using.net Framework 4.5 tools and technologies. The focus will be on coding activities that enhance the
More informationCS 161 Computer Security
Raluca Ada Popa Spring 2018 CS 161 Computer Security Discussion 9 Week of March 19, 2018 Question 1 Warmup: SOP (15 min) The Same Origin Policy (SOP) helps browsers maintain a sandboxed model by preventing
More informationChecklist for Testing of Web Application
Checklist for Testing of Web Application Web Testing in simple terms is checking your web application for potential bugs before its made live or before code is moved into the production environment. During
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationDeveloping ASP.NET MVC 4 Web Applications
Developing ASP.NET MVC 4 Web Applications Course 20486B; 5 days, Instructor-led Course Description In this course, students will learn to develop advanced ASP.NET MVC applications using.net Framework 4.5
More informationIs Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection
Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are
More informationRobust Defenses for Cross-Site Request Forgery
University of Cyprus Department of Computer Science Advanced Security Topics Robust Defenses for Cross-Site Request Forgery Name: Elena Prodromou Instructor: Dr. Elias Athanasopoulos Authors: Adam Barth,
More informationDeveloping ASP.NET MVC 4 Web Applications
Developing ASP.NET MVC 4 Web Applications Duration: 5 Days Course Code: 20486B About this course In this course, students will learn to develop advanced ASP.NET MVC applications using.net Framework 4.5
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationTitle: Multiple Remote Command Execution vulnerabilities on Avaya Intuity Audix LX (plus some client-side bugs)
Title: Multiple Remote Command Execution vulnerabilities on Avaya Intuity Audix LX (plus some client-side bugs) Document last modified on: 17th September 2009 Date of discovery of vulnerabilities: December
More informationVulnerabilities in online banking applications
Vulnerabilities in online banking applications 2019 Contents Introduction... 2 Executive summary... 2 Trends... 2 Overall statistics... 3 Comparison of in-house and off-the-shelf applications... 6 Comparison
More informationCourse 20486B: Developing ASP.NET MVC 4 Web Applications
Course 20486B: Developing ASP.NET MVC 4 Web Applications Overview In this course, students will learn to develop advanced ASP.NET MVC applications using.net Framework 4.5 tools and technologies. The focus
More informationCIS 4360 Secure Computer Systems XSS
CIS 4360 Secure Computer Systems XSS Professor Qiang Zeng Spring 2017 Some slides are adapted from the web pages by Kallin and Valbuena Previous Class Two important criteria to evaluate an Intrusion Detection
More informationFinding Vulnerabilities in Web Applications
Finding Vulnerabilities in Web Applications Christopher Kruegel, Technical University Vienna Evolving Networks, Evolving Threats The past few years have witnessed a significant increase in the number of
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationISO/IEC Common Criteria. Threat Categories
ISO/IEC 15408 Common Criteria Threat Categories 2005 Bar Biszick-Lockwood / QualityIT Redmond, WA 2003 Purpose This presentation introduces you to the threat categories contained in ISO/IEC 15408, used
More informationTesting Object-Oriented Applications. Slides copyright 1996, 2001, 2005, 2009 by Roger S. Pressman. For non-profit educational use only
Chapter 19 Testing Object-Oriented Applications Slide Set to accompany Software Engineering: A Practitioner s Approach, 7/e by Roger S. Pressman Slides copyright 1996, 2001, 2005, 2009 by Roger S. Pressman
More informationASP.NET MVC Training
TRELLISSOFT ASP.NET MVC Training About This Course: Audience(s): Developers Technology: Visual Studio Duration: 6 days (48 Hours) Language(s): English Overview In this course, students will learn to develop
More informationSecurity Engineering by Ross Andersson Chapter 18. API Security. Presented by: Uri Ariel Nepomniashchy 31/05/2016
Security Engineering by Ross Andersson Chapter 18 API Security Presented by: Uri Ariel Nepomniashchy 31/5/216 Content What is API API developing risks Attacks on APIs Summary What is API? Interface for
More informationSECURITY TRENDS & VULNERABILITIES REVIEW WEB APPLICATIONS
SECURITY TRENDS & VULNERABILITIES REVIEW WEB APPLICATIONS 2017 Contents Introduction... 3 1. Materials and methods... 3 2. Executive summary... 4 3. Participant portrait... 5 4. Trends... 6 5. Manual web
More informationDeveloping ASP.NET MVC 5 Web Applications. Course Outline
Developing ASP.NET MVC 5 Web Applications Course Outline Module 1: Exploring ASP.NET MVC 5 The goal of this module is to outline to the students the components of the Microsoft Web Technologies stack,
More informationSlides copyright 1996, 2001, 2005, 2009, 2014 by Roger S. Pressman. For non-profit educational use only
Chapter 16 Pattern-Based Design Slide Set to accompany Software Engineering: A Practitioner s Approach, 8/e by Roger S. Pressman and Bruce R. Maxim Slides copyright 1996, 2001, 2005, 2009, 2014 by Roger
More informationINNOV-09 How to Keep Hackers Out of your Web Application
INNOV-09 How to Keep Hackers Out of your Web Application Michael Solomon, CISSP PMP CISM Solomon Consulting Inc. www.solomonconsulting.com What is a Web Application? Any access to your data via the Internet
More informationSafeNet MobilePASS+ for Android. User Guide
SafeNet MobilePASS+ for Android User Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep the
More informationfabrikone User Guide for Shape NC: Healthy Starts in Early Care and Education Professional Development CEU Series Learners
fabrikone User Guide for Shape NC: Healthy Starts in Early Care and Education Professional Development CEU Series Learners The following topics are covered in this guide (click the titles to jump ahead
More informationGUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.
Report on IRONWASP Software Product: IronWASP Description of the Product: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing.
More information20486: Developing ASP.NET MVC 4 Web Applications (5 Days)
www.peaklearningllc.com 20486: Developing ASP.NET MVC 4 Web Applications (5 Days) About this Course In this course, students will learn to develop advanced ASP.NET MVC applications using.net Framework
More informationSecurity Testing White Paper
Security Testing White Paper Table of Contents 1. Introduction... 3 2. Need for Security Testing... 4 3. Security Testing Framework... 5 3.1 THREAT ANALYSIS... 6 3.1.1 Application Overview... 8 3.1.2 System
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationCHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS
180 CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS 8.1 SUMMARY This research has focused on developing a Web Applications Secure System from Code Injection Vulnerabilities through Web Services (WAPS-CIVS),
More informationTop 10 Database Security Threats and How to Stop Them. Rob Rachwald Director of Security Strategy
Top 10 Database Security Threats and How to Stop Them Rob Rachwald Director of Security Strategy Data Has Value Data Has Value Top 7 Attacks Discussed in Hacker Forums 11% 9% 12% 12% 15% 21% 20% dos/ddos
More informationCYSE 411/AIT 681 Secure Software Engineering. Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun
CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun Reading This lecture [McGraw]: Ch. 7-9 2 Seven Touchpoints 1. Code review 2. Architectural
More information4. Risk-Based Security Testing. Reading. CYSE 411/AIT 681 Secure Software Engineering. Seven Touchpoints. Application of Touchpoints
Reading This lecture [McGraw]: Ch. 7-9 CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun 2 Seven Touchpoints Application of Touchpoints
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 4 Week of February 13, 2017 Question 1 Clickjacking (5 min) Watch the following video: https://www.youtube.com/watch?v=sw8ch-m3n8m Question 2 Session
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationInternet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.
Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:
More informationCitiDirect BE SM Mobile
CitiDirect BE SM Mobile User Guide Treasury and Trade Solutions CitiDirect BE Mobile Table of Contents Table of Contents CitiDirect BE SM Mobile Introduction...2 How to use CitiDirect BE Mobile For Entitled
More informationF-Secure Mobile Security
F-Secure Mobile Security for S60 User s Guide "F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure product names and symbols/logos are either trademarks or
More informationReview of Previous Lecture
Review of Previous Lecture Network access and physical media Internet structure and ISPs Delay & loss in packet-switched networks Protocol layers, service models Some slides are in courtesy of J. Kurose
More informationChapter 2: Application Layer. Chapter 2 Application Layer. Some network apps. Application architectures. Chapter 2: Application layer
Chapter 2 Application Layer Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009. Chapter 2: Application Layer Our goals: conceptual, implementation
More informationChapter 2 Application Layer. Lecture 4: principles of network applications. Computer Networking: A Top Down Approach
Chapter 2 Application Layer Lecture 4: principles of network applications Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Application Layer 2-1 Chapter
More informationUNFPA Consultant s Guide
UNFPA Consultant s Guide For Creating or Updating One s Profile in the Roster Welcome to the UNFPA Consultant Roster. This online application enables you to register and create your profile in our global
More informationWeb Application Security Statistics Project 2007
Web Application Security Statistics Project 2007 Purpose The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative
More informationSecurity and Authentication
Security and Authentication Authentication and Security A major problem with computer communication Trust Who is sending you those bits What they allow to do in your system 2 Authentication In distributed
More informationWEB SECURITY: XSS & CSRF
WEB SECURITY: XSS & CSRF CMSC 414 FEB 22 2018 Cross-Site Request Forgery (CSRF) URLs with side-effects http://bank.com/transfer.cgi?amt=9999&to=attacker GET requests should have no side-effects, but often
More informationFIREFOX MENU REFERENCE This menu reference is available in a prettier format at
FIREFOX MENU REFERENCE This menu reference is available in a prettier format at http://support.mozilla.com/en-us/kb/menu+reference FILE New Window New Tab Open Location Open File Close (Window) Close Tab
More informationLecture 12. Application Layer. Application Layer 1
Lecture 12 Application Layer Application Layer 1 Agenda The Application Layer (continue) Web and HTTP HTTP Cookies Web Caches Simple Introduction to Network Security Various actions by network attackers
More informationSECURITY TRENDS & VULNERABILITIES REVIEW WEB APPLICATIONS
SECURITY TRENDS & VULNERABILITIES REVIEW WEB APPLICATIONS Contents Introduction...3 1. Research Methodology...4 2. Executive Summary...5 3. Participant Portrait...6 4. Vulnerability Statistics...8 4.1.
More informatione-commerce Study Guide Test 2. Security Chapter 10
e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the
More informationWe will ask you for certain kinds of personal information ( Personal Information ) to provide the services you request. This information includes:
PRIVACY POLICY This Website is operated by Mergent, Inc., a member of the London Stock Exchange plc group of companies ( we/our/us/mergent ). Website means the website located at www.mergent.com, any subsequent
More informationVULNERABILITY STATISTICS FOR E-BANKING SYSTEMS ( ) WHITE PAPER
E-BANKING SYSTEMS VULNERABILITY STATISTICS FOR E-BANKING SYSTEMS (2011 2012) WHITE PAPER Page 1 CONTENTS Executive Summary 3 1. Source Data & Methodology 4 2. Overall Results 6 2.1. The Most Common Vulnerabilities
More informationUser Interface Design. Slides copyright 1996, 2001, 2005, 2009, 2014 by Roger S. Pressman. For non-profit educational use only
Chapter 15 User Interface Design Slide Set to accompany Software Engineering: A Practitioner s Approach, 8/e by Roger S. Pressman and Bruce R. Maxim Slides copyright 1996, 2001, 2005, 2009, 2014 by Roger
More informationReview for Internet Introduction
Review for Internet Introduction What s the Internet: Two Views View 1: Nuts and Bolts View billions of connected hosts routers and switches protocols control sending, receiving of messages network of
More informationDeveloping ASP.NET MVC 4 Web Applications
Developing ASP.NET MVC 4 Web Applications Código del curso: 20486 Duración: 5 días Acerca de este curso In this course, students will learn to develop advanced ASP.NET MVC applications using.net Framework
More informationDeveloping ASP.NET MVC 5 Web Applications
Developing ASP.NET MVC 5 Web Applications Course 20486C; 5 days, Instructor-led Course Description In this course, students will learn to develop advanced ASP.NET MVC applications using.net Framework tools
More informationScribe Notes -- October 31st, 2017
Scribe Notes -- October 31st, 2017 TCP/IP Protocol Suite Most popular protocol but was designed with fault tolerance in mind, not security. Consequences of this: People realized that errors in transmission
More informationQuestion: 1 DES - Data Encryption standard has a 128 bit key and is very difficult to break.
1 ISC - SSCP System Security Certified Practitioner (SSCP) Question: 1 DES - Data Encryption standard has a 128 bit key and is very difficult to break. Question: 2 What is the main difference between computer
More informationVisual Studio Course Developing ASP.NET MVC 5 Web Applications
Visual Studio Course - 20486 Developing ASP.NET MVC 5 Web Applications Length 5 days Prerequisites Before attending this course, students must have: In this course, students will learn to develop advanced
More informationOUTLOOK WEB APP (OWA): MAIL
Office 365 Navigation Pane: Navigating in Office 365 Click the App Launcher and then choose the application (i.e. Outlook, Calendar, People, etc.). To modify your personal account settings, click the Logon
More informationChapter 5: Networking and the Internet
Chapter 5: Networking and the Internet (Completion Time: 3 weeks) Topics: Internet Basics An overview of how the internet works and how we as users interact with it. This topic can also be used as sort
More informationImportant Points to Note
Important Points to Note All Participating colleges are requested to mute your telephone lines during the webinar session. Participants are requested to make note of questions / responses to questions,
More informationRelational Model. Nisa ul Hafidhoh
Relational Model Nisa ul Hafidhoh nisa@dsn.dinus.ac.id Data Model Collection of conceptual tools for describing data, data relationships, data semantics, and consistency constraints Example of Data Model
More information01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationConfigure Internet Explorer for MyEvolv Overview
Configure Internet Explorer for MyEvolv Overview MyEvolv requires a specific browser setting configuration to ensure optimal performance. Incorrect browser settings will result in page loading issues and
More informationThe Weakest Link: Mitigating Web Application Vulnerabilities. webscurity White Paper. webscurity Inc. Minneapolis, Minnesota USA
The Weakest Link: Mitigating Web Application Vulnerabilities webscurity White Paper webscurity Inc. Minneapolis, Minnesota USA March 19, 2008 Contents Executive Summary...3 Introduction...4 Target Audience...4
More informationUser Manual Mobile client User Interface Version 5.0. Powered by
User Manual Mobile client User Interface Version 5.0 Powered by Cartographic browser Gomap 4 1 Access control 5 1.1 Public access 5 1.2 Secured access 5 1.3 Multiple applications 5 2 Organisation 6 3 Parameters
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationIIS Installation for.net Application. Md. Saifullah Al Azad
IIS Installation for.net Application Md. Saifullah Al Azad Contents 1 Mimimal... 2 1.1 Common HTTP Features... 2 1.1.1 Static Content... 2 1.1.2 Default Document... 2 1.2 Application Development... 2 1.2.1
More informationA Lightweight Framework for Detection and Resolution for Phishing, Pharming and Spoofing
A Lightweight Framework for Detection and Resolution for Phishing, Pharming and Email Spoofing Pooja Modi 1, Hardik Upadhyay 2, Ketan Modi 3, Krunal Suthar 4 ME Student, Department of Computer Engineering,
More informationHow to perform the DDoS Testing of Web Applications
How to perform the DDoS Testing of Web Applications Peerlyst November 02, 2017 Nasrumminallah Zeeshan (zeeshan@nzwriter.com) A Denial of Service (DoS) attack is consisted of carrying out traffic flooding
More informationWeb Security 2 https://www.xkcd.com/177/ http://xkcd.com/1323/ Encryption basics Plaintext message key secret Encryp)on Func)on Ciphertext Insecure network Decryp)on Func)on Curses! Foiled again! key Plaintext
More information20486 Developing ASP.NET MVC 5 Web Applications
Course Overview In this course, students will learn to develop advanced ASP.NET MVC applications using.net Framework tools and technologies. The focus will be on coding activities that enhance the performance
More informationWEB APPLICATION SCANNERS. Evaluating Past the Base Case
WEB APPLICATION SCANNERS Evaluating Past the Base Case GREG OSE PATRICK TOOMEY Presenter Intros Overview An overview of web application scanners Why is it hard to evaluate scanner efficacy? Prior Work
More information