Dieses Dokuwiki verwendet ein von Anymorphic Webdesign erstelltes Thema.

Razlike

Slijede razlike između dviju inačica stranice.

Poveznica na ovu usporedbu

Starije izmjene na obje strane Starija izmjena
Novija izmjena 		Starija izmjena
racfor_wiki:dinamicka_analiza_sigurnosti_aplikacija [2021/01/16 17:54]
smatesic [Dynamic testing tools] 		racfor_wiki:dinamicka_analiza_sigurnosti_aplikacija [2023/06/19 18:17] (trenutno)
Redak 3: Redak 3:
 ===== Summary ===== ===== Summary =====
  
-Security testing is crucial to ensuring minization of data breaches which bring financial losses, +Security testing is crucial to ensuring minimization of data breaches which bring financial losses, 
 losses of private data and to some - loss of reputation. Costs of testing are non-negligible, however  losses of private data and to some - loss of reputation. Costs of testing are non-negligible, however 
 the cost of data breaches in total is even greater.  the cost of data breaches in total is even greater. 
Redak 55: Redak 55:
  
 The target URL will be http://localhost/mutillidae. Mutillidae is a web application which includes vulnerabilities on purpose so that penetration testers can practice. The application is run locally.  The target URL will be http://localhost/mutillidae. Mutillidae is a web application which includes vulnerabilities on purpose so that penetration testers can practice. The application is run locally. 
 +{{:racfor_wiki:scan_results.png?400|}}
  
-===== Zaključak =====+Scan results are shown in the image above. As the image shows, ZAP can provide information on the most common and dangerous vulnerabilities. 
 +===== Conclusion =====
  
-Even though certain drawbacks keep it from being the ultimate security testing method in all cases, dynamic testing still presents a valuable method of testing in most cases, and even the best in some scenarios. To utilize its potential to the fullest, a combination of manual testing and automated tool-based testing is recommended. Many very good tools exist, some of which are open source, so that even the penetration-testing enthusiasts can test their applications to improve upon their development. Other, commercial tools, serve to improve professional testing quality and reduce costs which can help mitigate a lot of threats to data security which are present because testing bears a greater price than many would accept. +Even though certain drawbacks keep it from being the ultimate security testing method in all cases, dynamic testing still presents a valuable method of testing in most cases, and even the best in some scenarios. To utilize its potential to the fullest, a combination of manual testing and automated tool-based testing is recommended. 
 +Many very good tools exist, some of which are open source, so that even the penetration-testing enthusiasts can test their applications to improve upon their development. Other, commercial tools, serve to improve professional testing quality and reduce costs which can help mitigate a lot of threats to data security which are present because testing bears a greater price than many would accept. 
 +To make sure a system is secure in a broader set of scenarios, a hybrid method should be used - a combination of dynamic and static testing. 
 +This would allow for a tester to assess the full security profile of a system.  
 + 
  
-===== Literatura =====+===== Sources =====
  
 [1] IBM, Cost of a Data Breach Study Report highlights, https://www.ibm.com/security/data-breach, accessed on 14.1.2021 [1] IBM, Cost of a Data Breach Study Report highlights, https://www.ibm.com/security/data-breach, accessed on 14.1.2021
racfor_wiki/dinamicka_analiza_sigurnosti_aplikacija.1610816093.txt.gz · Zadnja izmjena: 2023/06/19 18:14 (vanjsko uređivanje)
Dieses Dokuwiki verwendet ein von Anymorphic Webdesign erstelltes Thema.
CC Attribution-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0