Java Reference
In-Depth Information
Requirements
Maintenance
Design
Development
Deployment
Te sting
Figure 11.1
Phases of the Software Development Life Cycle.
processes. he risk management process is very closely associated with the SDLC to create a secure
SDLC. A secure SDLC is one that takes security into consideration at every step of the SDLC
process, resulting in an application being secure at the outset and maintaining a strong level of
security throughout its life cycle.
Security testing for the Web application, which is an integral part of the SDLC, needs to be
integrated into the process of risk management. Web applications should be tested for security at
various junctures of the SDLC to ensure that the application's security functionality is functioning
as designed. White-box and black-box testing techniques along with periodic audits and assess-
ments will ensure that the application has a robust security implementation. Figure 11.2 illustrates
the relationship between the SDLC and the risk management process.
11.2 Designing an effective Web Application
Security testing Practice
11.2.1 Approach to Web Application Security Testing
Like everything else in information security, testing Web applications for security requires a
methodical approach to ensure that it is comprehensive and efective. Testing should be performed
based on a documented testing procedure that incorporates a combination of testing techniques,
resulting in an efective and all-encompassing testing activity for the Web application. hese activ-
ities should be performed at diferent stages of the SDLC to ensure a complete coverage of the Web
application. he activities are as follows:
Search WWH ::
Custom Search