Among the tests you perform on web applications, security testing is
perhaps the most important, yet it's often the most neglected. The
recipes in the Web Security Testing Cookbook demonstrate how
developers and testers can check for the most common web security
issues, while conducting unit tests, regression tests, or exploratory
tests. Unlike ad hoc security assessments, these recipes are repeatable,
concise, and systematic-perfect for integrating into your regular test
suite.
Recipes cover the basics from observing messages between clients and
servers to multi-phase tests that script the login and execution of web
application features. By the end of the book, you'll be able to build
tests pinpointed at Ajax functions, as well as large multi-step tests
for the usual suspects: cross-site scripting and injection attacks. This
book helps you:
- Obtain, install, and configure useful-and free-security testing tools
- Understand how your application communicates with users, so you can
better simulate attacks in your tests
- Choose from many different methods that simulate common attacks such
as SQL injection, cross-site scripting, and manipulating hidden form
fields
- Make your tests repeatable by using the scripts and examples in the
recipes as starting points for automated tests
Don't live in dread of the midnight phone call telling you that your
site has been hacked. With Web Security Testing Cookbook and the free
tools used in the book's examples, you can incorporate security coverage
into your test suite, and sleep in peace.