Sadaf Kazi
Nilesh Dasharathi |
The success of a web application penetration testing project is directly proportional to the quality of its execution cycle. Executing a penetration testing project is very different from executing a functional testing project given the fundamentally different goals and challenges of penetration testing and vulnerability analysis. It is therefore surprising that very little published work deals with the unique challenges of the practical aspects of penetration testing projects.
Our experience with penetration testing for a number of web applications has helped us extract a set of Best Practices for penetration test execution for web applications, which we present.
This paper is intended for Engineers, Test Leads and Managers who undertake security testing projects.
This paper throws light on the practical aspects of penetration testing and vulnerability analysis of web applications. It helps focus efforts on overcoming the key challenges involved in penetration testing and vulnerability analysis of web applications. |
Speaker Profiles:
Sadaf Kazi, presently works with Aztecsoft iTest as a Security Testing Engineer. She is responsible for R&D and Training, in the area of Web Application Security Testing. She has a Bachelor’s degree in Information Technology from Pune University, India.
Nilesh Dasharathi, presently works as a Test Analyst at Aztecsoft iTest. In this role, he is responsible for R&D, Training, sales support and delivery in the area of Web Application Security Testing. Prior to joining the iTest Practice group he worked in the area of Quality Assurance, Information Security, and Manual Testing in Aztecsoft. He has a Master´s degree in Computer Management from Pune University, India and a Bachelor´s degree in Commerce. He is a Certified Information Systems Auditor (CISA). He has 5.5 years of experience in the software industry. |
