The presentation devote to security testing for web applications. And it contains methods and steps for detection of the most common security vulnerabilities in technical environment, web server configuration and a client-side code. We will consider vulnerabilities on the real large projects, which attackers can use to the detriment of business (of course, to the beginning of the presentation all vulnerabilities will be fixed). The presentation look as a check-list for conveniently practical use: vulnerability description, example of attack, method of the testing and criticality status.
Information can be useful for QA-engineers and web developers. In my experience, even a professional developers could make mistakes in security and QA-engineers are last hope for business.
Тестирование уязвимостей веб приложений from Vlad Orlikov on Vimeo.