Web Security Testing Cookbook is a hands-on, recipe-style reference for web software developers and testers. The recipes show how to check for the most common web security issues, during unit tests, regression tests, and exploratory tests. The book covers a broad range of techniques, from basics like observing messages between clients and servers, to multi-phase tests that script the login and execution of web application features.
Recipes from Web Security Testing Cookbook demonstrate how to:
- Obtain, install, and configure useful and free security testing tools
- Understand how the application communicates with users, to better simulate attacks in tests
- Choose from many different methods that simulate common attacks such as SQL injection, cross-site scripting, and manipulating hidden form fields
- Make tests repeatable by using the scripts and examples in the recipes as starting points for automated tests
About the Authors:
Paco Hope is a Technical Manager with Cigital. His areas of expertise include software security, security testing, and online casino gaming. He specializes in analyzing the security of software, software systems, and software development processes.
Ben Walther is a consultant at Cigital, with a hand in both normal Quality Assurance and Software Security. He designs and executes tests on a daily basis—so he understands the need for simple recipes in the hectic QA world.