Testing Web Security: Assessing the Security of Web Sites and Applications

  • 6h 31m
  • Steven Splaine
  • John Wiley & Sons (US)
  • 2002

It’s only a matter of time before an unscrupulous would-be intruder decides to attack your organization’s Web site. If they’re successful, you could lose confidential customer information, intellectual property, or e-commerce revenue. Fortunately, this unique book describes a set of security tests that you can perform to ensure your Web site is hack-resistant. Web testing expert Steven Splaine offers a straightforward, easy-to-follow approach to security testing that can be used to check your Web site’s vulnerabilities. Through examples and dozens of testing checklists, you’ll learn how to develop and document a test plan to test the security of a Web site and conduct a risk analysis to help determine which tests should be given the highest priority.

Following a straightforward, accessible approach, this book will take you step-by-step through the process of testing the security of your Web sites and applications. Whether you’re a software tester, system administrator, developer, manager, Web master, or security engineer, you’ll find valuable information on how to use testing as a security measure. In this informative book, Steven Splaine covers:

  • Planning the security testing effort: strategies, teams, and tools
  • How to define the scope of the project
  • Testing network security and system software configurations
  • Checking for security vulnerabilities in Web applications
  • Evaluating how well-prepared an organization is against assailants who use social engineering, dumpster diving, inside accomplices, or physical methods of attack
  • The unique challenges of testing defenses designed to confuse an intruder
  • Using a risk analysis to focus the testing effort on the areas that present the greatest threats to the organization

About the Author

Steven Splaine is a chartered software engineer with more than twenty years of experience in project management, software testing, and product development. He is a regular speaker at software testing conferences and lead author of The Web Testing Handbook.

In this Book

  • Introduction
  • Test Planning
  • Network Security
  • System Software Security
  • Client-Side Application Security
  • Server-Side Application Security
  • Sneak Attacks: Guarding Against the Less-Thought-of Security Threats
  • Intruder Confusion, Detection, and Response
  • Assessment and Penetration Options
  • Risk Analysis
  • Epilogue
  • Additional Resources


Rating 4.5 of 84 users Rating 4.5 of 84 users (84)
Rating 4.3 of 43 users Rating 4.3 of 43 users (43)