Steps to Testing Web Applications

Topics: Computer security, Risk, Security Pages: 3 (803 words) Published: December 11, 2012
Web applications need to be designed with security in mind. A step-by-step guideline allows the developer to keep important security topics in mind. Testing and getting results then testing again to get more results allows us to see if there is consistency or if there is changes. Vulnerability studies have shown that with the reaction time of attackers worldwide, the typical window of vulnerability does not provide enough time for patch installation, since the time between a vulnerability being uncovered and an automated attack against it being developed and released is decreasing every year. The first step is conducting a penetration test. Penetration testing has been a common technique used to test network security for many years. It is also commonly known as black box testing or ethical hacking. Penetration testing is essentially the art of testing a running application remotely, without knowing the inner workings of the application itself, to find security vulnerabilities. Typically, the penetration test team would have access to an application as if they were users. The tester acts like an attacker and attempts to find and exploit vulnerabilities. In many cases the tester will be given a valid account on the system. When penetration testing is performed on networks and operating systems, the majority of the work is involved in finding and then exploiting known vulnerabilities in specific technologies. As web applications are almost exclusively bespoke, penetration testing in the web application arena is more akin to pure research. Penetration testing tools have been developed that automate the process, but, again, with the nature of web applications their effectiveness is usually poor. Many people today use web application penetration testing as their primary security testing technique. Gary McGraw summed up penetration testing well when he said, “If you fail a penetration test you know you have a very bad problem indeed. If you pass a penetration test you...

References: Gary McGraw, Beyond the Badness-ometer.
SEI, Carnegie Mellon, Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
S. Payne, A Guide to Security Metrics.
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • testing Research Paper
  • Web Server Application Attacks Essay
  • Collaborative Testing of Web Services Essay
  • Web Application Attacks Prevention Essay
  • An Application to Action Research Steps Essay
  • Web Application Development Essay
  • Essay about Web Application Security
  • Web or Mobile Application Paper

Become a StudyMode Member

Sign Up - It's Free