Privilege/Authorization Security Test: Ruby rails Application

on
  1. Authorization based scenarios.
    1. First Scenario: 
      1. check how urls work each time and try editing them.
    2. Second Scenario: 
      1. Check urls next or inside levels. 
    3. Third Scenario: 
      1. Sometimes application shows the sensitive details but in hidden format. We can try load the same webpage with other format like .php , .json or .jsp
  2. Fourth Scenario: 
    1. Application on ruby sends credentials where mass vulnerability exists. If you add admin condition in same format like username and password then it will let you login with admin user. 
      1. user[admin]=1
      2. user[admin]=True
      3. user[organisation_id]=True or 1

Comments

Post a Comment