Today every computer network relies on the efficiency of web applications. All customers should be able to access these web applications. Corporations link these applications to their databases. Confidential information such as name and address of customers, product specifications, pricing and order processing details are stored in these databases. To secure this information, organizations employ a web application audit company. Following are some guidelines for web application auditing.
Acquire the Necessary Tools and Plugins
To begin web application auditing process, you are going to need certain set of tools. These tools will attack the web application that is being tested. A browser is the most important one among these tools and ideally every developer should have it. With Firefox, you have multiple free toolbars using which one can launch attacks easily.
Following are some plugins your browser needs to have:
- Web Developer Toolbar: This plugin can modify forms and thus eliminate the restrictions imposed by those. For instance, a string of length more than default value can be entered with the help of this plugin. This way locked fields can be edited.
- SwitchProxy: This tool enables you to switch between proxies, when you are using a proxy browser. Almost every web application audit company makes use of this plugin.
- Hackbar: With this plugin, you can alter attacks such as SQL injection.
- Tamper Data: You can intercept every request and response with the help of this plugin.
- Add N Edit Cookies: This plugin eliminates the need of a complete proxy server. It allows you to edit cookies during run time.
Configure Your Tools
Once you have all tools required for web application audit services at your disposal, the next step is to configure these tools. Manipulate the settings of your browser so that all the hidden fields show up and form limits get ignored.
If you are using Web Developer plugin follow these steps:
- Select “Persist Features” from the Options menu. This way your selections will stick and there will be no need to adjust them for every new page.
- Select both “Show Comments” and “Show Hidden Elements” from Miscellaneous menu.
- Similarly select “Remove Maximum Length” and “Make Form Fields Writable” from Forms menu.