StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
10752285
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2012-05-25T09:55:43.743
FavoriteCount
0
LastActivityDate
2012-05-25T10:00:57.577
LastEditDate
2012-05-25T10:00:57.577
LastEditorUserId
529337
OwnerUserId
529337
ParentId
10751737
PostTypeId
2
Score
2
ViewCount
0
LastEditorDisplayName
text
Body
You should use a combination of automated tools (which can cover off simpler vulnerability assessments very quickly) and manual testing (which is much more time consuming, but allows you to make intelligent dicisions about how to identify issues) Have you looked yet at Metasploit? It is not necessarily the best tool to learn with, but can carry out a wide range of attacks. You can look at the scripted attacks to understand more how each one works. In terms of specific guidance, the tests you must carry out are those listed in the <a href="https://www.owasp.org/index.php/Category%3aOWASP_Top_Ten_Project" rel="nofollow">OWASP top ten</a> as these are the most common attacks of web applications. Becoming an expert in this area is a very long process, and even then it is such a wide field that you will really only be able to focus on one or two areas to become an 'expert' in. I have been in the infosec industry for over 16 years, and I would say that while I have a great deal of experience in infrastructure, Unix and wireless security testing, and have tested web applications in the past, it changes so fast that these days I let my team members who specialise in this area carry out the work. Nowadays I focus on strategy and architecture, as well as governance and compliance. A good first start would be to visit <a href="http://Security.stackexchange.com">Security.stackexchange.com</a>, where we have a wide range of questions and answers on this exact topic, and some very knowledgeable professionals who are active members of the community. I would also recommend getting involved with <a href="https://www.owasp.org/index.php/Main_Page" rel="nofollow">OWASP</a> or having a look at <a href="http://www.isaca.org" rel="nofollow">ISACA</a>, <a href="http://www.instisp.org" rel="nofollow">IISP</a>, <a href="http://www.sans.org" rel="nofollow">SANS</a>, <a href="http://www.crest-approved.org/" rel="nofollow">CREST</a> and other respected bodies.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POGuidance for Security Testing of Web applications
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USRory Alsop
UserOwnerUserId
1. USRory Alsop
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POGuidance for Security Testing of Web applications
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.