security testing with securecq

4

Security testing with SecureCQ Tomasz Rękawek Cognifide

Upload: connectwebex

Post on 22-Jul-2015

664 views

Category:

Business

1 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: Security testing with SecureCQ

Security testing with SecureCQ

Tomasz Rękawek

Cognifide

Page 2: Security testing with SecureCQ

Security challenges

• CQ exposes a lot of data – Sling itself is a RESTful HTTP XML/JSON (or WebDAV) interface

to JCR – CQ has additional features, available using appropriate selector,

GET parameter, path, eg.: • .feed selector • ?debug=layout • /libs/shindig/proxy?url=http://www.cqcon.eu in CQ 5.4

• All that is enabled by default • For administrator each feature is a potential security flaw • Administrator needs to know all of that • Security checklists and blog posts come in handy • SecureCQ – automated tool based on security checklists

Page 3: Security testing with SecureCQ

Live demo

Page 4: Security testing with SecureCQ

Downloads

• Package Share

– One-click-install

• http://github.com/Cognifide/SecureCQ

– Sources

– Information on creating new tests

• Blog post on cognifide.com:

Keep your CMS safe with Secure CQ

http://github.com/Cognifide/SecureCQ

http://github.com/Cognifide/SecureCQ

http://www.cognifide.com/blogs/cq/keep-your-cms-safe-with-secure-cq/

Orchestrating Security Testing With Golismero

Manual Testing Training - multisoftsystems.com · Adhoc Testing and Exploratory Testing Security Testing ... In second phase candidate will be introduced with various software testing

Basic Security Testing with Kali Linux

SECURITY TESTING WITH MISUSE CASE MODELING

BDD Mobile security testing with OWASP MASVS, … · BDD Mobile security testing with OWASP MASVS, ... Requirements Design Code Build Test Release Deploy Operate ... Implement BDD

Continuous Application Security Testing and Risk WhiteHat … · 2018-05-14 · Continuous Application Security Testing and Risk Based Remediation Prioritization with RiskSense and

Continuous Security Testing with Devops - OWASP EU 2014

Testing Security Mechanisms with Real-life IT/OT Scenarios

Blind Security Testing - Black Hat...Blind Security Testing An Evolutionary Approach • Blind Security Testing • Blind testing is useful in several areas: baseline testing, audit,

OOPSLA'07 Security Testing with Selenium v107 Security Testing with Sele… · Cross Site Request Forgery (CSRF) The following characteristics are common to CSRF: Involve sites that

Discovering the value of Web Application Security Testing with

Eliminate Surprises with Security Assurance and Testing

Software Security Testing - SecAppDev 2018secappdev.org/handouts/2009/software security testing in the real... · Software Security Testing: Seeking security in an insecure world

Continuous and Visible Security Testing with BDD-Security

Security Testing - The Missing Link in IT Security Color Testing... · security testing as a priority in all project activities. • Continuous security testing in all forms • Strong

Mobile Security with Intuitive Mobile Application Testing Practices

Automated Security Testing - ANZTB · with complete manual testing to get the best penetration testing results. • OWASP Mantra Security Framework Mantra is a web application security

Programme and Challenge - CORDIS...security risk assessment with security testing, the application of compositional and continuous approaches to risk assessment and security testing

The SecuriTy TeSTing improvemenTS profile (STip)...Dynamic Application Security Testing Automated Model-based security testing At this level, security test engineers define and execute

Lab 10: Security Testing – Linux Server - asecuritysite.comasecuritysite.com/pdfs/Lab10.pdf · ASNF Security Testing with BT5– Rich Macfarlane 1 Lab 10: Security Testing – Linux

Automated Mobile Application Security Testing with Mobile ... · Automated Mobile Application Security Testing with ... A FREE and Open Source Security Tool for Mobile ... Some Android

IoT Security Testing - Deloitte United States · IoT Security Testing Benefits of IoT Security Testing Despite a complex IoT product architecture, IoT security testing (IST) is beneficial

Security Testing

Risk-Based Security Testing: Prioritizing Security Testing

Network Security Testing with NMAP Workshop1

Security Testing with Zap

Getting Started with API Security Testing

Software Security & Software Security Testing

Security testing with gauntlt

Sense of Security VoIP Security Testing Training CON 23/DEF CON 23... · Sense of Security . VoIP Security Testing Training . Fatih Ozavci . Christos Archimandritis . ... • Testing

Continuous and Visible Security Testing Stephen de Vries @stephendv with BDD-Security

Security Testing Training With Examples

Jürgen Großmann Combining Security Risk (FhG Fokus) Fredrik … · 2015-06-24 · security testing (2) •starts with the identification of issues by security testing or compliance

Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile Security Framework (MobSF)

Security Testing for Testing Professionals