Professional, Intermediate, Novice User Guide for all of Us

Trinity of Trouble

July 23rd, 2008 chris

Security nowadays is more of a necessity than a luxury. Due to the influx of networks and the internet, every system is a sitting duck for the predator. There are three trends that have a great influence on the growth and evolution of the security problem. They are called the Trinity of Trouble and they are the following:

  1. Connectivity
  2. Extensibility
  3. Complexity

Posted in Software Security

The Test Plan Document

July 23rd, 2008 chris

The Test Plan Document describes the scope, approach, resources, and schedule of the testing activities.

It is composed of the following 16 Sections:

  1. Test plan identifier
  2. Introduction
  3. Test items
  4. Features to be tested
  5. Features not to be tested
  6. Approach
  7. Item pass/fail criteria
  8. Suspension criteria and resumption requirements
  9. Test deliverables
  10. Testing tasks
  11. Environmental needs
  12. Responsibilities
  13. Staffing and training needs
  14. Schedule
  15. Risks and contingencies
  16. Approvals

Posted in Software Testing

Software Testing Documents

July 23rd, 2008 chris

Eight documents that can be used in software testing according to IEEE Standard for Software Test Documentation

  1. Test plan
  2. Test design specification
  3. Test case specification
  4. Test procedure specification
  5. Test item transmittal report
  6. Test log
  7. Test incident report
  8. Test summary report

Posted in Software Testing

Security Issues on Shared Hosting

July 23rd, 2008 chris

The following are the five issues to watch for on Shared Hosting

  1. Exposed Source Code
  2. Exposed Session Data
  3. Session Injection
  4. Filesystem Browsing
  5. Safe Mode

Posted in Software Security

Security Issues on Authentication and Authorization

July 23rd, 2008 chris

The following are the four issues to watch for on Authentication and Authorization

  1. Brute Force Attacks
  2. Password Sniffing
  3. Replay Attacks
  4. Persistent Logins

Posted in Software Security

Security Issues on Files and Commands

July 23rd, 2008 chris

The following are the three issues to watch for on Files and Commands

  1. Transversing the Filesystem
  2. Remote File Risks
  3. Command Injection

Posted in Software Security

Security Issues on Includes

July 23rd, 2008 chris

The following are the four issues to watch for on Includes

  1. Exposed Source Code
  2. Backdoor URLs
  3. Filename Manipulation
  4. Code Injection

Posted in Software Security

Security Issues on Sessions and Cookies

July 23rd, 2008 chris

The following are the four issues to watch for on Sessions and Cookies

  1. Cookie Theft
  2. Exposed Session Data
  3. Session Fixation
  4. Session Hijacking

Posted in Software Security

Security Issues on Database and SQL

July 23rd, 2008 chris

The following are the three issues to watch for on Database and SQL

  1. Exposed Access Credentials
  2. SQL Injection
  3. Exposed Data

Posted in Software Security

Security Issues on Forms and URLs

July 23rd, 2008 chris

The following are the seven issues to watch for on Forms and URLs

  1. Forms and Data
  2. Semantic URL Attacks
  3. File Upload Attacks
  4. Cross-Site Scripting
  5. Cross-Site Request Forgeries
  6. Spoofed Form Submission
  7. Spoofed HTTP Request

Posted in Software Security

« Previous Entries