Web security testing using Burp and Firebug STC 2012 - QAI

More documents

Recommendations

Info

Web security testing using FirebugPicture shows an application wherelogged in user is not having enoughpermissions to view other ownersdata and hence owner field isdisabled for this logged in user.User is already installed Firebug atclient side and hence after rightclicking on any field “Inspect element”appears.18ETT | 12/10/2012 | © Robert Bosch Engineering and Business Solutions Limited 2012. All rights reserved, also regarding any disposal,exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Web security testing using FirebugOnce user selects Inspect elementoption, Firebug opens up in a windowintegrated with Firefox browser anddisplays html code related to disabledowner field and high light with bluebackground.By deleting the “Read-only” attributefrom owner’s HTML code user canmake this field editable and cansearch for the data related to otherowners which is not at all acceptablefrom security aspects.19ETT | 12/10/2012 | © Robert Bosch Engineering and Business Solutions Limited 2012. All rights reserved, also regarding any disposal,exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Page 3 and 4: DECISION MODIFICATIVE N° 1 - BP 20
Page 5 and 6: Web security testing using BurpProx
Page 7 and 8: Web security testing using BurpIntr
Page 9 and 10: Web security testing using BurpPayl
Page 11 and 12: Web security testing using BurpRepe
Page 13 and 14: Web security testing using BurpRepe
Page 15 and 16: Web security testing using BurpComp
Page 17: Web security testing using FirebugF
Page 21: Web security testing using Burp and

Web security testing using Burp and Firebug STC 2012 - QAI

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?