Tip

Web Security Testing Cookbook sample recipe



As a registered member of SearchSoftwareQuality.com, you're entitled to a complimentary copy of one of the security testing recipes in "Web Security Testing Cookbook" written by Paco Hope and Ben Walther and published by O'Reilly. This recipe, "Uploading Malicious File Contents,"

    Requires Free Membership to View

explains how to test how your application handles files with malicious content.


Book description:
Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the "Web Security Testing Cookbook" demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.

Recipes cover the basics from observing messages between clients and servers to multi-phase tests that script the login and execution of web application features. By the end of the book, you'll be able to build tests pinpointed at Ajax functions, as well as large multi-step tests for the usual suspects: cross-site scripting and injection attacks. This book helps you do the following:

  • Obtain, install, and configure useful-and free-security testing tools

  • Understand how your application communicates with users, so you can better simulate attacks in your tests

  • Choose from many different methods that simulate common attacks such as SQL injection, cross-site scripting, and manipulating hidden form fields

  • Make your tests repeatable by using the scripts and examples in the recipes as starting points for automated tests

Don't live in dread of the midnight phone call telling you that your site has been hacked. With "Web Security Testing Cookbook" and the free tools used in the book's examples, you can incorporate security coverage into your test suite, and sleep in peace.

>> Read "Uploading Malicious File Contents" now.

>> Buy the book





This was first published in November 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.