CONTENTS

 

Introduction 

The threat landscape 

Defences employed 

Goal of the book 

Chapter 1:  Approach to Security Testing 

Preparing the threat profile 

Preparing the test plan 

Chapter 2:  Basic Tests and Techniques 

SQL injection 

Cross-site scripting (XSS) 

Cross-site request forgery (CSRF) 

Directory brute forcing/Searching for defaults 

Weak authorisations 

Weak session management 

Sensitive data in browser cache 

Over-reliance on client-side validation 

Unencrypted traffic 

Unhardened database 

Weak password policies 

Poor error-handling mechanisms 

Chapter 3:  The Tools of the Trade 

Web applications 

Thick-client applications 

Terminal ...

Get Security Testing Handbook for Banking Applications now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.

Start your free trial