Vulnerability testing in ASP.NET MVC -


i have been involved in test based development on asp.net mvc , asp.net webapi using nmock unit test, of unit tests write revolve around testing functionality.

from point of view of unit testing :

are there frameworks test vulnerability of access points actions on controllers (or other components)

from point of view automated/manual qa testing

are there (prefer open source) tools testing vulnerability of website built on asp.net mvc , manual or automatic , can used quality assurance ?

i go testing asp.net mvc application in same manner test other web application built on other platform.

essentially attack vectors web pages , server(s) hosting application. think attackers point of view. have no way see code in controllers , models can following.

  • scan server(s) os version , web server version, db version may contain vulnerabilities.
  • scan webpages vulnerable javascript, input forms, query string parameters, etc.
  • attempt exploit web application through discovered vulnerabilities

you can use number of applications test site xss, csrf, sql injection, etc. place start owasp https://www.owasp.org/index.php/main_page familiar top 10 https://www.owasp.org/index.php/category:owasp_top_ten_project

also check out post regarding open source web vulnerabilities scanners https://stackoverflow.com/questions/2995143/open-source-web-site-vulnerability-scanners

remember 2 main attack vectors user input , server configuration.

i recommend taking @ nmap , metasploit. nmap can used finding open ports on server , metasploit framework exploiting vulnerabilities.


Comments

Post a Comment

Popular posts from this blog

c# - DetailsView in ASP.Net - How to add another column on the side/add a control in each row? -

i have detailsview control on page used edit various fields of record, works in respect. i looking way add 1 column (and if works, why not more) right, absolutely read-only, show same fields of record comparison purposes. i aware there no obvious way such thing out of box detailsview . have looked other controls (transposed gridview , recommended formview , listview ), nothing satisfies. have special data binding setup using detailsview , can't out of without losing features. anyone on how "hack in" additional columns (for display only) on detailsview ? the solution have now, use second detailsview , visible set false in aspx. in code, make sure databind hidden detailsview hosts data third column first, initial detailsview named itemdetails . and in item created event, pass third column html rendering of hidden controls (in last code block) : protected void itemdetails_itemcreated(object sender, eventargs e) { if (dataite
Read more

javascript - firefox memory leak -

i have following script (i use raphaeljs also) draws circle, waits 1 second, draws circle again, etc (you can copy paste - functional, need include raphael raphaeljs.com): <div id="holder"> </div> <script src="raphael.js" type="text/javascript"></script> <script> var paper = raphael(10, 50, 320, 200); var rad = math.pi / 180; var finangle = 0; function sector(cx, cy, r, startangle, endangle, params) { var x1 = cx + r * math.cos(-startangle * rad), x2 = cx + r * math.cos(-endangle * rad), y1 = cy + r * math.sin(-startangle * rad), y2 = cy + r * math.sin(-endangle * rad); return ["m", cx, cy, "l", x1, y1, "a", r, r, 0, +(endangle - startangle > 180), 0, x2, y2]; } var path = sector(100,100,50,0,180); var arc = paper.path(path); function draw() { path = sector(100,100,50,0,finangle);
Read more

Trying to import CSV file to a SQL Server database using asp.net and c# - can't find what I'm missing -

i student , quite new programming, , given task using asp.net , c#, without being taught either. plan learn teach ourselves. the task stuck on making website import csv file sql server database of last year's room bookings around campus. the table has following columns: request_id; priority; module_id; day; start_time; length; park; students; room_code; status; semester_id; linked_request; week_1; week_2; week_3; week_4; week_5; week_6; week_7; week_8; week_9; week_10; week_11; week_12; week_13; week_14; week_15; ) in code, try make work 3 columns (request_id,priority,module) starters. when press import button, want read .csv file (with fixed name @ fixed directory) eg "1,2,3" - comma separating fields [delimiter] - , import sql server datab
Read more