10

I am a manual tester with limited knowledge of how to code. How to approach the security testing of a web site. Are there any good tools/sites/docs/ or classes preferably for security testing where i can learn from them?

alecxe
11.4k11 gold badges52 silver badges107 bronze badges
asked Jun 19, 2013 at 19:05
1
  • 3
    Welcome to SQA, userjain. You might start by searching this site for other questions about security testing. Commented Jun 19, 2013 at 20:03

8 Answers 8

6

I would start here: https://www.owasp.org/index.php/Main_Page

Lots of good reading, tools, videos, etc.

answered Jun 19, 2013 at 22:44
1

There are already a bunch of really good SO/SQA related pages; including tools .

answered Jun 20, 2013 at 0:26
0

BurpSuite and Fiddler are two important tools for my security testing tasks. Definitely check them out.

As for the approach I have found it is good to find out if your organization is required to allow 3rd party audits and security scans. Make sure your security tests cover these cases first. Then move to the most sensitive areas. Usually anything to do with authentication, sessions, user authorization levels and money transactions are a good place to start. It may be controversial to say this but as far as security goes I feel that the low hanging fruit / obvious exploits are a good place to start. Most attackers will try those first as well.

answered May 26, 2014 at 22:48
0

Another good starting point would be to read up, please see https://www.guru99.com/software-testing.html

answered Jul 8, 2019 at 2:09
0

Here are some manual test cases written by testers for security verification of website which you can use as a reference. It also contains test cases for wordpress security. By going through it you will able to identify where you need security and why. http://mundrisoft.com/tech-bytes/tips-for-security-testing-of-wordpress-website/

answered Jul 8, 2019 at 10:54
0

Web application security testing is the process of testing and analyzing, reporting on the security level of a Web application. It is used by Web developers and security administrators to test how secured the web application is using various manual and automated security testing techniques. The main motive is to identify any underline vulnerabilities or threats that can hinder the security or integrity of the Web application. https://www.qasource.com/security-testing-services

answered Jan 13, 2022 at 16:51

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.