Java Reference
In-Depth Information
Chapter
11
Security testing for
Web Applications
It is important to design and develop secure Web applications. It is equally important to test them
before they are deployed in a production environment. Testing Web applications for security is a
critical requirement, as it can result in a great deal of oversight for the developers on the security
functionality of the Web application. here may be several errors and vulnerabilities that might
have crept into the Web application during the course of the Software Development Life Cycle,
and only after testing are these errors identiied and subsequently corrected. his chapter explores
the various practices of Web application security testing and details the approach that individu-
als and organizations can take when developing a strong testing procedure for Web application
securit y.
11.1 overview of Security testing for Web Applications
11.1.1 Security Testing for Web Applications—A Primer
We have already explored the criticality of Web applications in the current-day scenario. It is
important that Web applications are developed keeping security as an important consideration.
We have already explored in great detail in Section 2 of this topic the various techniques and prac-
tices that may be used to secure a Web application. However, it is prudent to test any Web applica-
tion before it is deployed in a production environment or customer environment. Traditionally,
applications were only tested for functionality and performance, but with the rising number of
Web applications, it has become an important practice to test Web applications comprehensively
for security as well.
Comprehensive security testing for Web applications can be achieved with a combination of
white-box and black-box testing techniques.
235
Search WWH ::
Custom Search