Gruyere’s paradise for security testing – Day 20 of 30 Days of Testing

FIND A GOOD PLACE TO PERFORM SOME SECURITY TESTS

In many sources, security testing is called ethical hacking. It means that you create a controlled attack to evaluate the security status of your product.

To familiarize more with the concept of security testing, I read a very detailed tutorial. Then, after some googling, I found a wonderful place to learn more and actually perform security tests: Google’s Gruyere!

Gruyere is not only a great playground for security testing, but it has lessons and challenges to help you find vulnerabilities. If you get stuck, there are hints on how you should proceed.

I have read and tried out first few parts in Gruyere and had a great fun! It feels very nice to find security flaws. For example, I changed my account to be administrator account which enabled option Manage this server. Now I could edit any user.

manageserver

Security testing always looked like a very complex and difficult area to me. I have never performed any security tests before, so this seemed like one of the biggest challenges. However, after actually trying to perform some security tests, I can say that it’s actually not that difficult. It is hacking in a way, but it’s rather knowing the product you are testing really well and trying to think of the ways how to unleash the security flaws. I will definitely come back to this exciting topic and I am very grateful to Gruyere for being such a great place to learn and execute some security tests!

P.S.  Web Application Security Testing Cheat Sheet can come in handy for further learning.

Advertisements

2 thoughts on “Gruyere’s paradise for security testing – Day 20 of 30 Days of Testing

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s