Skip to main content

Posts

Showing posts from July, 2013

Web application security testing - A Guardian website example.

When you read a blog post like this, or an article on a website, can you be sure its the 'real thing'? How would you know if it had been doctored?

Lets assume the 'server' is fairly secure and hasn't been hacked into. So the content is going to be OK isn't it?, it looks OK..? So we've checked the location bar at the top of our web browser and it definitely has the right website/company name. No funny-looking misspelled names, possibly meaning I'm reading a fake site.

And to be doubly sure, the browsers location bar states its using HTTPS and even has that reassuring little padlock we've come to look for and trust. OK, so to recap:
The website's server is secured. (Well - for the the purposes of this, lets give them the benefit of the doubt)The logo, words, content and layout all appear to be kosher.We are using the correct website address. (No unusual spellings e.g.: www.goole.com etc) The page is secured using HTTPS. (Warm glow from the on-scre…