Web Security Testing 101
March 16, 2018 · 2 min read
➥ Coauthor(s)
Understanding how vulnerable your website is can be quite a hard task. And over the past few years we have witnessed how cyber security is not only an IT problem but a business risk as well.
So I am positive that you want to make sure that your code is not vulnerable, so that you are not the next company in the headlines for a bad reason. There are several examples of companies that went bankrupt after a successful attack, and not too long ago, we witnessed one of the largest and most devastating breaches in history. But if you are reading this, you want to take a first step towards improving your security, which is good. So let’s start.
The problem is that dynamic web sites, or web applications, are subject to certain types of vulnerabilities or security issues. The Open Web Application Security Project (better known as OWASP), releases a Top 10 of the most critical web application security risks, every 3 or 4 years. You’ve probably heard the terms SQL Injection or XSS, but there are many many more (at least a few hundred of them).
So what can you do to prevent this sort of thing happening? Well, there are three popular potential pathways you can take to test the security of your web application: Pentesting, Bug Bounties and Automatic Scanning. If you want to learn more about these, I’ve written an article explaining each of them individually and how they can be integrated into your cyber security strategy effectively.
Hearing about these three pathways begs the question: “So, where do I start?” I truly believe that you should start by using a web vulnerability scanner to scan your web app. Why? There are two main reasons:
- It’s a quick win: you launch the scanner, sit back, relax, and wait for the results;
- It’s by far the most affordable option (more affordable than pentesting, bug bounties or training your devs).
If the scanner provides instructions on how to fix the findings, you may also learn a few things about web security on the way. That’s the case with Probely.
You can use Probely to scan your web application and to learn how to fix the findings. If your development team uses Continuous Integration, you can also integrate Probely into your automated tests whenever you deploy on your QA environment, for instance. Take a look at our API to learn how to do that — https://developers.probely.com/.
To start all this, just create your free trial here and go from there.
Happy Hacking!
P.S. Don’t hesitate to reach out to us if you have any further questions!