Posts

Showing posts from May, 2014

Testing Types for Security Testing

Configuration Management Security Testing Often analysis of the network infrastructure and web application architecture can reveal good amount of information such as source code, HTTP methods permitted, administrative functionality, authentication methods, infrastructural configurations etc.  In present scenarios, complexity of interconnected and heterogeneous web server infrastructure, which can count hundreds of servers, makes configuration management review and validation a fundamental step in testing.  The application penetration test should include the checking of how infrastructure was deployed and secured.  While the application may be secure, a small aspect of the configuration could still be at a default install stage and vulnerable to exploitation.  Testing for Configuration Management usually includes – »         Usage of strong cipher algorithm and its proper implementation »         Security of DB listener port and component »         web servers, database serve