Security is an exercise in risk management, risk analysis, especially at the design level, can help us identify potential security problems and their impact. Once identiļ¬ed and ranked, software risks can then help guide software security testing. We can find out software security hole using SQL injection and XSS command.
sql injection
example: Click below link
http://pastebin.com/D2v21Mxh
try this sql injection on password field. sometimes it work for vulnerable webpage. Now question is how its work?
see below link:
http://pastebin.com/DZVByABg
when it get 1=1 portion its return true and injection work.
try this sql injection on password field. sometimes it work for vulnerable webpage. Now question is how its work?
see below link:
http://pastebin.com/DZVByABg
when it get 1=1 portion its return true and injection work.
XSS Command (Cross site scripting)
Try below link any XSS command in a text filed which give output depend on that input, for example: registration page. if it is showing that command then it is sure there is a whole in that application.
No comments:
Post a Comment