Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Using SDLC Checklists and Reviews to Avert Security Flaws ppt
#1

Using SDLC Checklists and Reviews to Avert Security Flaws

[attachment=18063]
Do you know?

75% of attacks today happen at the Application (Gartner). Desktop augmented by Network and then Web Application Security.

Many easy hacking recipes published on web.

3 out of 4 vendor apps we tested had serious SQL Injection bugs!

The cost of correcting code in production increases up to 100 times as compared to in development..
(1) MSDN (November, 2005) Leveraging the Role of Testing and Quality Across the Lifecycle to Cut Costs and Drive IT/Business Responsiveness

Web File Query

A hacker tests for HTTP (80) or HTTPS (443)
Does a View Source on HTML file to detect directory hierarchy
Checks for directory listings or enumeration
Can view sensitive information inadvertently left by system administrators or programmers
Database passwords in /include files
Data files with SSNs in /data directories

SQL Injection Attacks

SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of dynamically-generated string literals embedded in SQL statements. (Wikipedia)
Reply



Forum Jump:


Users browsing this thread:
1 Guest(s)

Powered By MyBB, © 2002-2024 iAndrew & Melroy van den Berg.