Testing Web Security: Assessing the Security of Web Sites and Applications

  • 6h 31m
  • Steven Splaine
  • John Wiley & Sons (US)
  • 2002

It’s only a matter of time before an unscrupulous would-be intruder decides to attack your organization’s Web site. If they’re successful, you could lose confidential customer information, intellectual property, or e-commerce revenue. Fortunately, this unique book describes a set of security tests that you can perform to ensure your Web site is hack-resistant. Web testing expert Steven Splaine offers a straightforward, easy-to-follow approach to security testing that can be used to check your Web site’s vulnerabilities. Through examples and dozens of testing checklists, you’ll learn how to develop and document a test plan to test the security of a Web site and conduct a risk analysis to help determine which tests should be given the highest priority.

Following a straightforward, accessible approach, this book will take you step-by-step through the process of testing the security of your Web sites and applications. Whether you’re a software tester, system administrator, developer, manager, Web master, or security engineer, you’ll find valuable information on how to use testing as a security measure. In this informative book, Steven Splaine covers:

  • Planning the security testing effort: strategies, teams, and tools
  • How to define the scope of the project
  • Testing network security and system software configurations
  • Checking for security vulnerabilities in Web applications
  • Evaluating how well-prepared an organization is against assailants who use social engineering, dumpster diving, inside accomplices, or physical methods of attack
  • The unique challenges of testing defenses designed to confuse an intruder
  • Using a risk analysis to focus the testing effort on the areas that present the greatest threats to the organization

About the Author

Steven Splaine is a chartered software engineer with more than twenty years of experience in project management, software testing, and product development. He is a regular speaker at software testing conferences and lead author of The Web Testing Handbook.

In this Book

  • Introduction
  • Test Planning
  • Network Security
  • System Software Security
  • Client-Side Application Security
  • Server-Side Application Security
  • Sneak Attacks: Guarding Against the Less-Thought-of Security Threats
  • Intruder Confusion, Detection, and Response
  • Assessment and Penetration Options
  • Risk Analysis
  • Epilogue
  • Additional Resources
SHOW MORE
FREE ACCESS

YOU MIGHT ALSO LIKE

Course Certified in Cybersecurity (CC): Data Security & System Hardening
Rating 4.4 of 17 users Rating 4.4 of 17 users (17)
Course OWASP Top 10: A04:2021-Insecure Design
Rating 4.5 of 219 users Rating 4.5 of 219 users (219)
Course Testing in Postman: Security Testing
Rating 4.3 of 4 users Rating 4.3 of 4 users (4)