Security Testing

Testing Authentication Apps

What is 2FA? 2FA is two-factor authentication and means you are using two of the three standard authentication methods (a password or similar, an authentication token or app, a fingerprint/face or other biometric factor) This provides a more secure access to your account. What is 2SV? [...]

Basic Security Testing

High profile websites being hacked is nothing new nowadays - we hear about a different hack every week, if not every day. Hackers will use many different techniques to break into high profile websites and systems - including targeting weaknesses in the website's security, social engineering [...]

Website Security Testing training – Module 11

As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 11 - Web Services Module 11 covers Web Services, including an introduction to Web Services, their possible vulnerabilities and attacks that hackers may carry out. It covers the [...]

Website Security Testing training – Module 10

As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 10 - Common Vulnerabilities Module 10 covers common vulnerabilities including some of the OWASP Top 10 Security Risks, plus a wide range of different security threats. It covers [...]

Website Security Testing training – Module 9

As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 9 - HTML5 & New Frontiers Module 9 covers the attack vectors and weaknesses introduced in HTML5 and other new standards and protocols. It covers the following: Cross [...]

Website Security Testing training – Module 8

As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 8 - Authentication Module 8 covers Authentication, including the most common authentication mechanisms, their weaknesses and the related attacks. It covers the following: Single-factor Authentication Two-factor Authentication Credentials [...]

Website Security Testing training – Module 7

As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 7 - Flash Security & Attacks Module 7 covers Flash Security and possible security breaches within web applications using Flash. It covers the Flash Security model and its [...]

Website Security Testing training – Module 6

As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 6 - Session Security & Attacks Module 6 covers the use of the Session Identifier, various methods of Session Hijacking and also how it can be prevented. It [...]

Website Security Testing training – Module 5

As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 5 - SQL Injection Module 5 covers SQL Injection, where malicious SQL queries can be used to access the database and data that are used to run a [...]

Website Security Testing training – Module 4

As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 4 - Cross Site Scripting (XSS) Module 4 covers XSS, one of the oldest types of hacks which is still top of the OWASP Top 10. XSS is [...]

Website Security Testing training – Module 3

As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 3 - Information Gathering Module 3 covers the Information Gathering process. This is where the security tester gains an understanding of the web application and collects useful information [...]

Website Security Testing training – Module 2

As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 2 - The Penetration Testing Engagement Module 2 covers the overall process of a Penetration Test - from pre-engagement to reporting. A Penetration Test is a complex process [...]

Website Security Testing training – Module 1

As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 1 - Web Application Essentials Module 1 is an Introduction to the subject, covering Web Application Essentials. It covers the following: HTTP Protocol - HTTP Requests - HTTP [...]

Website Security Testing

Later this year, I plan to add Website Security Testing to the services I offer. I've already got some knowledge in this area, and have been adding to it via various sources, such as books and websites. To take this plan forward, I've also started an [...]