Among the tests you perform on web applications,
security testing is perhaps the most important, yet it's
often the most neglected. The recipes in the Web
Security Testing Cookbook demonstrate how developers and
testers can check for the most common web security
issues, while conducting unit tests, regression tests,
or exploratory tests. Unlike ad hoc security
assessments, these recipes are repeatable, concise, and
systematic-perfect for integrating into your regular
test suite. Recipes cover the basics from observing
messages between clients and servers to multi-phase
tests that script the login and execution of web
application features. By the end of the book, you'll be
able to build tests pinpointed at Ajax functions, as
well as large multi-step tests for the usual suspects:
cross-site scripting and injection attacks.This book
helps you: * Obtain, install, and configure useful-and
free-security testing tools * Understand how your
application communicates with users, so you can better
simulate attacks in your tests * Choose from many
different methods that simulate common attacks such as
SQL injection, cross-site scripting, and manipulating
hidden form fields * Make your tests repeatable by using
the scripts and examples in the recipes as starting
points for automated tests Don't live in dread of the
midnight phone call telling you that your site has been
hacked. With Web Security Testing Cookbook and the free
tools used in the book's examples, you can incorporate
security coverage into your test suite, and sleep in
peace. |
|