Case study – Security Testing a Web Application for a leading
telecom company
-
Objective
1. To ensure that the Web Application is secured against different malicious client side attacks, based on ‘OWASP Top 10 vulnerabilities’ & ‘WASC Threat Classification’
2. To validate that the Web Application protects data and maintains functionality as indented by ensuring confidentiality, integrity, authentication, authorization, and availability
Anzen's Solution
1 Define security check-points and perform security code review
2 As a part of functional manual testing, identify security test scenarios simulating attacks from a disgruntled employee or a malicious user perspective to validate client-side security
3 Test against security vulnerability attacks using security testing tool to perform the tests from all possible identified attacks
4 Perform parameter tampering tests manually to exploit server-side security and capture server response to analyze and recommend suitable countermeasures
Highlights
1 Number of test Iterations – 3
2 Functional security test scenarios identified – 100
3 Number of tests performed through tool – 50000 (approx)
4 Defect Removal efficiency For security issues– 90 %
Tools Used
1 IBM Rational AppScan