SlideShare a Scribd company logo

Security testing addons

Deepu S Nath
Deepu S Nath
Technology
1 of 6
Download to read offline
Essential Security Testing Addons Sreenath
3 Essential Security Add-ons for Devs v HackSearch v XSS Me v SQL inject Me
HackSearch v  Unwanted pages crawled by Google bot v  Backlinks v  Exposed Data v  Exposed FilesExposed Emails v  Whois v  DNS (Health and Information) v  Antivirus site approval v  Builtwith Technologies
XSSMe v  XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS). It does NOT currently test for stored XSS.rnrn v  The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack.rnrn. v  The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. v  There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.rnrn v  You can think of the work done by the tool as the same as the QA testers for the site manually entering all of these strings into the form fields.
SQL Inject Me v  SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities. v  The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack. v  The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page. v  The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool. v  You can think of the work done by the tool as the same as the QA testers for the site manually entering all of these strings into the form fields.
Thank you

Recommended

No sql injection in meteor.js application
No sql injection in meteor.js applicationNo sql injection in meteor.js application
No sql injection in meteor.js applicationDesignveloper
 
Is word press vulnerable to xss and sql injections
Is word press vulnerable to xss and sql injectionsIs word press vulnerable to xss and sql injections
Is word press vulnerable to xss and sql injectionsssusercc9654
 
Sifting through twitter
Sifting through twitterSifting through twitter
Sifting through twittervolvent
 
Coffee@DBG - Evolution of html
Coffee@DBG - Evolution of htmlCoffee@DBG - Evolution of html
Coffee@DBG - Evolution of htmlDeepu S Nath
 
Cross Device UI Designing
Cross Device UI DesigningCross Device UI Designing
Cross Device UI DesigningDeepu S Nath
 
Getting ready for the cloud iaa s
Getting ready for the cloud iaa sGetting ready for the cloud iaa s
Getting ready for the cloud iaa sDeepu S Nath
 
Coffee@DBG - TechBites Sept 2015
Coffee@DBG - TechBites Sept 2015Coffee@DBG - TechBites Sept 2015
Coffee@DBG - TechBites Sept 2015Deepu S Nath
 
Tech bites
Tech bitesTech bites
Tech bitesDeepu S Nath
 

Recommended

No sql injection in meteor.js application
No sql injection in meteor.js applicationNo sql injection in meteor.js application
No sql injection in meteor.js applicationDesignveloper
 
Is word press vulnerable to xss and sql injections
Is word press vulnerable to xss and sql injectionsIs word press vulnerable to xss and sql injections
Is word press vulnerable to xss and sql injectionsssusercc9654
 
Sifting through twitter
Sifting through twitterSifting through twitter
Sifting through twittervolvent
 
Coffee@DBG - Evolution of html
Coffee@DBG - Evolution of htmlCoffee@DBG - Evolution of html
Coffee@DBG - Evolution of htmlDeepu S Nath
 
Cross Device UI Designing
Cross Device UI DesigningCross Device UI Designing
Cross Device UI DesigningDeepu S Nath
 
Getting ready for the cloud iaa s
Getting ready for the cloud iaa sGetting ready for the cloud iaa s
Getting ready for the cloud iaa sDeepu S Nath
 
Coffee@DBG - TechBites Sept 2015
Coffee@DBG - TechBites Sept 2015Coffee@DBG - TechBites Sept 2015
Coffee@DBG - TechBites Sept 2015Deepu S Nath
 
Tech bites
Tech bitesTech bites
Tech bitesDeepu S Nath
 
Exploring Node.jS
Exploring Node.jSExploring Node.jS
Exploring Node.jSDeepu S Nath
 
Saa s
Saa sSaa s
Saa sDeepu S Nath
 
Front end workflow Presentation at Coffee@DBG by Praveen Vijayan
Front end workflow Presentation at Coffee@DBG by Praveen VijayanFront end workflow Presentation at Coffee@DBG by Praveen Vijayan
Front end workflow Presentation at Coffee@DBG by Praveen VijayanDeepu S Nath
 
SEO For Developers
SEO For DevelopersSEO For Developers
SEO For DevelopersDeepu S Nath
 
Coffee@DBG - TechBites March 2016
Coffee@DBG - TechBites March 2016Coffee@DBG - TechBites March 2016
Coffee@DBG - TechBites March 2016Deepu S Nath
 
Advanced visualization
Advanced visualizationAdvanced visualization
Advanced visualizationDeepu S Nath
 
Coffee@DBG - New CSS3 properties
Coffee@DBG - New CSS3 propertiesCoffee@DBG - New CSS3 properties
Coffee@DBG - New CSS3 propertiesDeepu S Nath
 
What’s new for Android Developers in 2015 - Material Design, Android Studio, ...
What’s new for Android Developers in 2015 - Material Design, Android Studio, ...What’s new for Android Developers in 2015 - Material Design, Android Studio, ...
What’s new for Android Developers in 2015 - Material Design, Android Studio, ...Deepu S Nath
 
Microsoft ALM Support - Testing Perspective
Microsoft ALM Support - Testing PerspectiveMicrosoft ALM Support - Testing Perspective
Microsoft ALM Support - Testing PerspectiveDeepu S Nath
 
Pantallas escaneo Sitio Web
Pantallas escaneo Sitio WebPantallas escaneo Sitio Web
Pantallas escaneo Sitio Webandres1422
 
T04505103106
T04505103106T04505103106
T04505103106IJERA Editor
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingInMobi Technology
 
FORENSIC PRESTTN
FORENSIC PRESTTNFORENSIC PRESTTN
FORENSIC PRESTTNRufa'i Mustapha
 
Xss 101
Xss 101Xss 101
Xss 101n|u - The Open Security Community
 
Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthanRaghunath G
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxAjayKumar73315
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSSMike Crabb
 
04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encodingEoin Keary
 
ieee
ieeeieee
ieeeRadheshyam Dhakad
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
vulnerability scanning and reporting tool
vulnerability scanning and reporting toolvulnerability scanning and reporting tool
vulnerability scanning and reporting toolBhagyashri Chalakh
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar
 

More Related Content

Viewers also liked

Front end workflow Presentation at Coffee@DBG by Praveen Vijayan
Front end workflow Presentation at Coffee@DBG by Praveen VijayanFront end workflow Presentation at Coffee@DBG by Praveen Vijayan
Front end workflow Presentation at Coffee@DBG by Praveen VijayanDeepu S Nath
 
SEO For Developers
SEO For DevelopersSEO For Developers
SEO For DevelopersDeepu S Nath
 
Coffee@DBG - TechBites March 2016
Coffee@DBG - TechBites March 2016Coffee@DBG - TechBites March 2016
Coffee@DBG - TechBites March 2016Deepu S Nath
 
Advanced visualization
Advanced visualizationAdvanced visualization
Advanced visualizationDeepu S Nath
 
Coffee@DBG - New CSS3 properties
Coffee@DBG - New CSS3 propertiesCoffee@DBG - New CSS3 properties
Coffee@DBG - New CSS3 propertiesDeepu S Nath
 
What’s new for Android Developers in 2015 - Material Design, Android Studio, ...
What’s new for Android Developers in 2015 - Material Design, Android Studio, ...What’s new for Android Developers in 2015 - Material Design, Android Studio, ...
What’s new for Android Developers in 2015 - Material Design, Android Studio, ...Deepu S Nath
 
Microsoft ALM Support - Testing Perspective
Microsoft ALM Support - Testing PerspectiveMicrosoft ALM Support - Testing Perspective
Microsoft ALM Support - Testing PerspectiveDeepu S Nath
 

Viewers also liked (9)

Exploring Node.jS
Exploring Node.jSExploring Node.jS
Exploring Node.jS
 
Saa s
Saa sSaa s
Saa s
 
Front end workflow Presentation at Coffee@DBG by Praveen Vijayan
Front end workflow Presentation at Coffee@DBG by Praveen VijayanFront end workflow Presentation at Coffee@DBG by Praveen Vijayan
Front end workflow Presentation at Coffee@DBG by Praveen Vijayan
 
SEO For Developers
SEO For DevelopersSEO For Developers
SEO For Developers
 
Coffee@DBG - TechBites March 2016
Coffee@DBG - TechBites March 2016Coffee@DBG - TechBites March 2016
Coffee@DBG - TechBites March 2016
 
Advanced visualization
Advanced visualizationAdvanced visualization
Advanced visualization
 
Coffee@DBG - New CSS3 properties
Coffee@DBG - New CSS3 propertiesCoffee@DBG - New CSS3 properties
Coffee@DBG - New CSS3 properties
 
What’s new for Android Developers in 2015 - Material Design, Android Studio, ...
What’s new for Android Developers in 2015 - Material Design, Android Studio, ...What’s new for Android Developers in 2015 - Material Design, Android Studio, ...
What’s new for Android Developers in 2015 - Material Design, Android Studio, ...
 
Microsoft ALM Support - Testing Perspective
Microsoft ALM Support - Testing PerspectiveMicrosoft ALM Support - Testing Perspective
Microsoft ALM Support - Testing Perspective
 

Similar to Security testing addons

Pantallas escaneo Sitio Web
Pantallas escaneo Sitio WebPantallas escaneo Sitio Web
Pantallas escaneo Sitio Webandres1422
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingInMobi Technology
 
Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthanRaghunath G
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxAjayKumar73315
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSSMike Crabb
 
04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encodingEoin Keary
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
vulnerability scanning and reporting tool
vulnerability scanning and reporting toolvulnerability scanning and reporting tool
vulnerability scanning and reporting toolBhagyashri Chalakh
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar
 
xss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfxss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfyashvirsingh48
 
Attackers Vs Programmers
Attackers Vs ProgrammersAttackers Vs Programmers
Attackers Vs Programmersrobin_bene
 
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Yuji Kosuga
 
AtlasCamp 2010: Securing your Plugin - Penny Wyatt
AtlasCamp 2010: Securing your Plugin - Penny WyattAtlasCamp 2010: Securing your Plugin - Penny Wyatt
AtlasCamp 2010: Securing your Plugin - Penny WyattAtlassian
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
香港六合彩
香港六合彩香港六合彩
香港六合彩baoyin
 

Similar to Security testing addons (20)

Pantallas escaneo Sitio Web
Pantallas escaneo Sitio WebPantallas escaneo Sitio Web
Pantallas escaneo Sitio Web
 
T04505103106
T04505103106T04505103106
T04505103106
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site Scripting
 
FORENSIC PRESTTN
FORENSIC PRESTTNFORENSIC PRESTTN
FORENSIC PRESTTN
 
Xss 101
Xss 101Xss 101
Xss 101
 
Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthan
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSS
 
04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encoding
 
ieee
ieeeieee
ieee
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
vulnerability scanning and reporting tool
vulnerability scanning and reporting toolvulnerability scanning and reporting tool
vulnerability scanning and reporting tool
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
 
xss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfxss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdf
 
Attackers Vs Programmers
Attackers Vs ProgrammersAttackers Vs Programmers
Attackers Vs Programmers
 
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
 
AtlasCamp 2010: Securing your Plugin - Penny Wyatt
AtlasCamp 2010: Securing your Plugin - Penny WyattAtlasCamp 2010: Securing your Plugin - Penny Wyatt
AtlasCamp 2010: Securing your Plugin - Penny Wyatt
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 

More from Deepu S Nath

Design Thinking, Critical Thinking & Innovation Design
Design Thinking, Critical Thinking & Innovation DesignDesign Thinking, Critical Thinking & Innovation Design
Design Thinking, Critical Thinking & Innovation DesignDeepu S Nath
 
GTECH ATFG µLearn Framework Intro
GTECH ATFG µLearn Framework IntroGTECH ATFG µLearn Framework Intro
GTECH ATFG µLearn Framework IntroDeepu S Nath
 
Future of learning - Technology Disruption
Future of learning - Technology DisruptionFuture of learning - Technology Disruption
Future of learning - Technology DisruptionDeepu S Nath
 
Decentralized Applications using Ethereum
Decentralized Applications using EthereumDecentralized Applications using Ethereum
Decentralized Applications using EthereumDeepu S Nath
 
How machines can take decisions
How machines can take decisionsHow machines can take decisions
How machines can take decisionsDeepu S Nath
 
Artificial Intelligence: An Introduction
Artificial Intelligence: An Introduction Artificial Intelligence: An Introduction
Artificial Intelligence: An IntroductionDeepu S Nath
 
FAYA PORT 80 Introduction
FAYA PORT 80 IntroductionFAYA PORT 80 Introduction
FAYA PORT 80 IntroductionDeepu S Nath
 
How machines can take decisions
How machines can take decisionsHow machines can take decisions
How machines can take decisionsDeepu S Nath
 
Simplified Introduction to AI
Simplified Introduction to AISimplified Introduction to AI
Simplified Introduction to AIDeepu S Nath
 
Mining Opportunities of Block Chain and BitCoin
Mining Opportunities of Block Chain and BitCoinMining Opportunities of Block Chain and BitCoin
Mining Opportunities of Block Chain and BitCoinDeepu S Nath
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOpsDeepu S Nath
 
REACT.JS : Rethinking UI Development Using JavaScript
REACT.JS : Rethinking UI Development Using JavaScriptREACT.JS : Rethinking UI Development Using JavaScript
REACT.JS : Rethinking UI Development Using JavaScriptDeepu S Nath
 
Life Cycle of an App - From Idea to Monetization
Life Cycle of an App - From Idea to Monetization Life Cycle of an App - From Idea to Monetization
Life Cycle of an App - From Idea to Monetization Deepu S Nath
 
Uncommon Python - What is special in Python
Uncommon Python - What is special in PythonUncommon Python - What is special in Python
Uncommon Python - What is special in PythonDeepu S Nath
 
Techbites July 2015
Techbites July 2015Techbites July 2015
Techbites July 2015Deepu S Nath
 
Apple Watch - Start Your Developer Engine
Apple Watch - Start Your Developer EngineApple Watch - Start Your Developer Engine
Apple Watch - Start Your Developer EngineDeepu S Nath
 
Greetings & Response - English Communication Training
Greetings & Response - English Communication TrainingGreetings & Response - English Communication Training
Greetings & Response - English Communication TrainingDeepu S Nath
 
Hybrid Mobile App Development - Xamarin
Hybrid Mobile App Development - XamarinHybrid Mobile App Development - Xamarin
Hybrid Mobile App Development - XamarinDeepu S Nath
 
Internet of Things - The new Paradigmn
Internet of Things - The new ParadigmnInternet of Things - The new Paradigmn
Internet of Things - The new ParadigmnDeepu S Nath
 
Comparing Swift features with Objective C
Comparing Swift features with Objective CComparing Swift features with Objective C
Comparing Swift features with Objective CDeepu S Nath
 

More from Deepu S Nath (20)

Design Thinking, Critical Thinking & Innovation Design
Design Thinking, Critical Thinking & Innovation DesignDesign Thinking, Critical Thinking & Innovation Design
Design Thinking, Critical Thinking & Innovation Design
 
GTECH ATFG µLearn Framework Intro
GTECH ATFG µLearn Framework IntroGTECH ATFG µLearn Framework Intro
GTECH ATFG µLearn Framework Intro
 
Future of learning - Technology Disruption
Future of learning - Technology DisruptionFuture of learning - Technology Disruption
Future of learning - Technology Disruption
 
Decentralized Applications using Ethereum
Decentralized Applications using EthereumDecentralized Applications using Ethereum
Decentralized Applications using Ethereum
 
How machines can take decisions
How machines can take decisionsHow machines can take decisions
How machines can take decisions
 
Artificial Intelligence: An Introduction
Artificial Intelligence: An Introduction Artificial Intelligence: An Introduction
Artificial Intelligence: An Introduction
 
FAYA PORT 80 Introduction
FAYA PORT 80 IntroductionFAYA PORT 80 Introduction
FAYA PORT 80 Introduction
 
How machines can take decisions
How machines can take decisionsHow machines can take decisions
How machines can take decisions
 
Simplified Introduction to AI
Simplified Introduction to AISimplified Introduction to AI
Simplified Introduction to AI
 
Mining Opportunities of Block Chain and BitCoin
Mining Opportunities of Block Chain and BitCoinMining Opportunities of Block Chain and BitCoin
Mining Opportunities of Block Chain and BitCoin
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
REACT.JS : Rethinking UI Development Using JavaScript
REACT.JS : Rethinking UI Development Using JavaScriptREACT.JS : Rethinking UI Development Using JavaScript
REACT.JS : Rethinking UI Development Using JavaScript
 
Life Cycle of an App - From Idea to Monetization
Life Cycle of an App - From Idea to Monetization Life Cycle of an App - From Idea to Monetization
Life Cycle of an App - From Idea to Monetization
 
Uncommon Python - What is special in Python
Uncommon Python - What is special in PythonUncommon Python - What is special in Python
Uncommon Python - What is special in Python
 
Techbites July 2015
Techbites July 2015Techbites July 2015
Techbites July 2015
 
Apple Watch - Start Your Developer Engine
Apple Watch - Start Your Developer EngineApple Watch - Start Your Developer Engine
Apple Watch - Start Your Developer Engine
 
Greetings & Response - English Communication Training
Greetings & Response - English Communication TrainingGreetings & Response - English Communication Training
Greetings & Response - English Communication Training
 
Hybrid Mobile App Development - Xamarin
Hybrid Mobile App Development - XamarinHybrid Mobile App Development - Xamarin
Hybrid Mobile App Development - Xamarin
 
Internet of Things - The new Paradigmn
Internet of Things - The new ParadigmnInternet of Things - The new Paradigmn
Internet of Things - The new Paradigmn
 
Comparing Swift features with Objective C
Comparing Swift features with Objective CComparing Swift features with Objective C
Comparing Swift features with Objective C
 

Recently uploaded

Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 

Recently uploaded (20)

Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 

Security testing addons

  • 1. Essential Security Testing Addons Sreenath
  • 2. 3 Essential Security Add-ons for Devs v HackSearch v XSS Me v SQL inject Me
  • 3. HackSearch v  Unwanted pages crawled by Google bot v  Backlinks v  Exposed Data v  Exposed FilesExposed Emails v  Whois v  DNS (Health and Information) v  Antivirus site approval v  Builtwith Technologies
  • 4. XSSMe v  XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS). It does NOT currently test for stored XSS.rnrn v  The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack.rnrn. v  The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. v  There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.rnrn v  You can think of the work done by the tool as the same as the QA testers for the site manually entering all of these strings into the form fields.
  • 5. SQL Inject Me v  SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities. v  The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack. v  The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page. v  The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool. v  You can think of the work done by the tool as the same as the QA testers for the site manually entering all of these strings into the form fields.