Questions tagged [security-testing]
Security testing is a process to determine that an information system protects data and maintains functionality as intended.
94 questions
- Bountied 0
- Unanswered
- Frequent
- Score
- Trending
- Week
- Month
- Unanswered (my tags)
1
vote
0
answers
171
views
list the cyphers of a tls client
So, I have to test that client that connects to an HTTPS server, and ensure it offer the listed cyphersuites during the tls handshake.
But I'm finding no way to start a server and have it tell me what ...
6
votes
1
answer
167
views
How to export fuzzing report from ZAP with request and response?
I'm doing fuzzing test on a project using OWASP ZAP.
After the test is completed, I export the results in CSV format from the Fuzzer tab in results.
This result doesn't have the Request and response. ...
1
vote
0
answers
80
views
Security testing for a AAD authentication web application using OWASP ZAP
I'm having difficulty in how to start security testing for these type of application which has Azure AD authentication. Can someone guide me on how to start this? Do I need to use Zest script for this?...
1
vote
1
answer
140
views
How can you test if a page can be anonymously accessible within an app you have already authenticated in?
I am trying to ensure that a page that can be visited from within an app that requires user to be logged in, can be accessed anonymously. A controller has been introduced that can present views as ...
4
votes
6
answers
1k
views
Is security testing the sole responsibility of testers or part of a mixed team?
Details:
The well-known differences between API/GUI i.e. Functional Test are clearly defined. However, I ask myself the question: Does security testing belong in the focus of testers at all? Or ...
0
votes
4
answers
274
views
How to calculate security test or penetration test cost for the customer?
Details:
A customer would like to know in detail what costs penetration testing causes on the one hand, and what benefits penetration has on the other hand.
Also, what it effectively means to save ...
2
votes
1
answer
257
views
Vulnerability regression testing in an agile environment
Starting point:
We used different solutions in the test team to test our websites for vulnerabilities in different ways.
In doing so, we naturally also want to retest the bugs anchored in the backlog ...
-1
votes
2
answers
97
views
How can one test the security measures or vulnerability when it comes to API testing? [closed]
I use REST for API Testing.
What are good tools and/or approaches to testing security issues ?
Any information through which I can broaden my perspective,ways,tools for testing when it comes to API.
0
votes
1
answer
50
views
For a beginner,how can one start with the security testing? [closed]
Are there any areas which need to be looked before starting with the security testing?
What tools can be helpful for it?
-2
votes
1
answer
667
views
OWASP ZAP integration into SOAPUI for REST API Testing
One of the topics I am currently working on is the testing of APIs on the security level, e.g. as integration in SOAPUI and OWASP in WSO2.
The integration of SOAPUI and WSO2 is set up and also works. ...
-1
votes
1
answer
72
views
Can I make test cases for web application security testing?
We have been performing application security testing based on OWASP standards. We use JIRA to report the bugs or improvements. However, is there any way where we can make a generic test case for these ...
0
votes
1
answer
937
views
How to test SSO integration?
I am doing QA for a website, and they have recently added SSO integration for their website.
How can I manually test that this SSO integration is working fine.
Also I need to automate the testing of ...
7
votes
3
answers
8k
views
Is it really possible to be a Full-Stack QA & if yes then list the technical skills required?
Everyone needs an all-rounder whether it is a software developer or Tester these days. Hence we are hearing the term "Full Stack QA" these days so my question is what skill-set makes a Full Stack QA &...
0
votes
1
answer
201
views
Security Testing for brute force attacks on login page
I want to perform testing for brute force attacks on login page of a website. I am new to security testing and I think i can test this by multiple failed login attempts. I wrote the below code to test ...
3
votes
1
answer
182
views
Is there any good browser plugin or tool to quickly identify any security issues of a web site?
I'm working on a web project and need to give a quick update on how the security of the web site.
So is there any tool or browser plugin to do a quick scan for my web project and get an analysis ...