Тестирование безопасности веб-сервисов на примере WCF-сервисов

  • Published on
    16-Jun-2015

  • View
    774

  • Download
    0

Embed Size (px)

DESCRIPTION

SQA Days-15. 18-19 , 2014, . www.sqadays.com

Transcript

  • 1. - WCF- Ultra Light

2. web ( wcf ) 2 /18 3. (PCI) CSTA ISTQB Security Testing Expert Level ( 2015) 3 /18 4. ? On Demand . , - . 4 /18 5. ? 5 /18 6. Injections (A1) XSS (A3) Insecure Direct Object References (A4) 6 /18 7. Was ist das? OWASP , . (A1) Injections , . (A2) Access Control , .. , . (A3) XSS . . ( Cross Site Request Forgery, A8) (A4) Insecure Direct Object References . 7 /18 8. WCF 8 /18 9. ? SQL Injections sortField . XSS . () 9 /18 10. SQL Injection 10 /18 11. 11 /18 12. : iframe. 12 /18 13. 13 /18 14. Jquery- , . : HTML http 14 /18 15. / : 15 /18 16. Fin , - . , . . . , . , . , . 16 /18 17. : Acunetix , Burp Suite - , QualysGuard - , VPN Firebug (Fiddler, Wireshark ..) Jquery , WSDLMerge wsdl wsdl 17 /18 18. : OWASP Top10 security risks, 2013(PDF): http://owasptop10.googlecode.com/files/OWASP%20To p%2010%20-%202013.pdf MSDN, How To: Prevent Cross-Site Scripting in ASP.NET - http://msdn.microsoft.com/en-us/library/ff649310.aspx WCF Security Guide (2008) - http://wcfsecurity.codeplex.com/ WSDLMerge: bin: http://code.google.com/p/wsdlmerge/downloads/list Help: http://code.google.com/p/wsdlmerge/wiki/Usage /18 19. DataArt Skype: paul.n.smirnoff Google: paul.n.smirnoff