[Me]: - Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. If there is a recipe which demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests it would work wonders.
[Guruji]:- Hmn… Go on
[Me]:- But unlike ad hoc security assessments, these recipes should be repeatable, concise, and systematic-perfect for integrating into our regular test suite. Recipes should cover the basics from observing messages between clients and servers to multi-phase tests that script the login and execution of web application features. This will help us build tests pinpointed at Ajax functions, as well as large multi-step tests for the usual suspects: cross-site scripting and injection attacks. Can you help us?
[Guruji]:- If I decipher you right, you want to
· Understand how your application communicates with users, so you can better simulate attacks in your tests
· Choose from many different methods that simulate common attacks such as SQL injection, cross-site scripting, and manipulating hidden form fields
· Make your tests repeatable and using it as starting points for automated tests