Many methods can be used in testing for injection flaws in web applications.
The following section describes an automated method to test for injection flaws, including
SQL, LDAP, XPath, XQUERY, and OS commands, using iSEC??™s SecurityQA Toolbar. The
SecurityQA Toolbar is a security testing tool for web application security. It is often used
by developers and QA testers to determine an application??™s security both for specific
section of an application as well as the entire application itself. For more information on
the product, visit www.isecpartners.com.
Automated Testing with iSEC??™s SecurityQA Toolbar
The process for testing for injection flaws in web applications can be cumbersome and
complex across a big web application with many forms. To ensure that the web application
gets the proper security attention, iSEC Partners??™ SecurityQA Toolbar provides a feature to
test input fields on a per-page basis rather than having to scan the entire web application.
While per-page testing may take a bit longer, it can produce strong results since the testing
focus is on each page individually and in real time. To test for injection security issues,
complete the following steps.
Pages:
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83