ProblemOne protection against XSS attacks implemented by some browsers is the HttpOnly attribute in cookies. If a cookie has this attribute set, the browser will not let any JavaScript code access the cookie. Thus, attempts to steal the cookie as discussed...
Bypassing Field Length Restrictions (XSS)
ProblemIn the target application, you may find an input field that could be vulnerable to stored XSS, but the server truncates the input to a number of characters that seems insufficient to carry out a meaningful XSS attack. This restriction can be bypassed...
SMAF - State Machine based test automation framework
An introduction to Model based Testing The main premise behind model-based testing is to create a model, a representation of the behavior of the system under test. One way to describe the system behavior is through variables called operational modes....
Making HTTP Requests Using XSS
ProblemOne of the most powerful tools available to an attacker building an XSS exploit is being able to generate requests to the target website from the victim's browser and being able to read the responses. This recipe will discuss how you can use JavaScript...
Making HTTP Requests Using XSS
Problem One of the most powerful tools available to an attacker building an XSS exploit is being able to generate requests to the target website from the victim's browser and being able to read the responses. This recipe will discuss...
Creating Overlays Using XSS
Problem : How to create an attack that uses XSS in creating overlays on the target website such that the victim users believe that they are on the intended website, but the view is in reality being controlled by the attacker. This attack exploits the...
Stealing Cookies Using XSS
Problem : How to steal cookies using XSS Solution: Stealing a user's cookie is the easiest real XSS attack. Inject something like the attack string shown below into a vulnerable parameter. <script>document.write('<img height=0 width=0 ...
SMAF - State Machine based test automation framework
Direct benefit of such a model•Programmatic•Efficient coverage•Tests what you expect and what you don’t•Very nimble and rapid development as it can discard inputs which point to fault areas to reduce failures•Resistant to pesticide paradox in testing.•Finds...
SMAF - State Machine based test automation framework
I am proposing a few thoughts of mine, which i intend to convert into a white paper and eventually build this whole harness at some point. Till then ,i will keep revisiting my initial thoughts to give it something more everytimeAbstract:Model-based testing...
Security tests
[Me]: - Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. If there is a recipe which demonstrate how developers and testers can check for the most common web security issues,...
General issues
[Me]:- Guruji, what questions can I ask myself or raise as clarifications to sort generic issues? [Guruji]:- You can try answering yourself these questions help you 1) How will the application be...
Client Side Issues
[Me]:- Guruji, what questions can I ask myself or raise as clarifications to sort client side issues? [Guruji]:- You can ask yourself these questions to elucidate client side issues 1) Can users behind...
Server Side Issues
[Me]:- Guruji, what questions can I ask myself or raise as clarifications to sort server side issues? [Guruji]:- You can ask yourself these questions to elucidate server side issues 1) What is the...
Other Technologies
[Me]:- Guruji, if I have to do testing on other technologies like Active X or XML, what questions can I formulate? [Guruji]:- You can ask yourself these questions 1) Are ActiveX controls used? If...
Security Testing
[Me]:- Guruji, if I have to do Security testing, what questions I will need ask and get answers for effective testing [Guruji]:- You can ask yourself these questions 1) What security problems were...
