[Me]: - Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. If there is a recipe which demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests it would work wonders.
[Guruji]:- Hmn… Go on
[Me]:- But unlike ad hoc security assessments, these recipes should be repeatable, concise, and systematic-perfect for integrating into our regular test suite. Recipes should cover the basics from observing messages between clients and servers to multi-phase tests that script the login and execution of web application features. This will help us build tests pinpointed at Ajax functions, as well as large multi-step tests for the usual suspects: cross-site scripting and injection attacks. Can you help us?
[Guruji]:- If I decipher you right, you want to
· Understand how your application communicates with users, so you can better simulate attacks in your tests
· Choose from many different methods that simulate common attacks such as SQL injection, cross-site scripting, and manipulating hidden form fields
· Make your tests repeatable and using it as starting points for automated tests
Vinay Jagtap
A hard core Technocrat with over a decade of extensive experience in heading complex test projects coupled with real time experience of project management and thought leadership. Extensive experience in Performance, Security and Automation Testing and development of automation frameworks and ability to setup and execute Global service centers and Center of Excellences for testing.
