Testing Web Security: Assessing the Security of Web Sites and Applications

  • 6h 31m
  • Steven Splaine
  • John Wiley & Sons (US)
  • 2002

It’s only a matter of time before an unscrupulous would-be intruder decides to attack your organization’s Web site. If they’re successful, you could lose confidential customer information, intellectual property, or e-commerce revenue. Fortunately, this unique book describes a set of security tests that you can perform to ensure your Web site is hack-resistant. Web testing expert Steven Splaine offers a straightforward, easy-to-follow approach to security testing that can be used to check your Web site’s vulnerabilities. Through examples and dozens of testing checklists, you’ll learn how to develop and document a test plan to test the security of a Web site and conduct a risk analysis to help determine which tests should be given the highest priority.

Following a straightforward, accessible approach, this book will take you step-by-step through the process of testing the security of your Web sites and applications. Whether you’re a software tester, system administrator, developer, manager, Web master, or security engineer, you’ll find valuable information on how to use testing as a security measure. In this informative book, Steven Splaine covers:

  • Planning the security testing effort: strategies, teams, and tools
  • How to define the scope of the project
  • Testing network security and system software configurations
  • Checking for security vulnerabilities in Web applications
  • Evaluating how well-prepared an organization is against assailants who use social engineering, dumpster diving, inside accomplices, or physical methods of attack
  • The unique challenges of testing defenses designed to confuse an intruder
  • Using a risk analysis to focus the testing effort on the areas that present the greatest threats to the organization

About the Author

Steven Splaine is a chartered software engineer with more than twenty years of experience in project management, software testing, and product development. He is a regular speaker at software testing conferences and lead author of The Web Testing Handbook.

In this Book

  • Introduction
  • Test Planning
  • Network Security
  • System Software Security
  • Client-Side Application Security
  • Server-Side Application Security
  • Sneak Attacks: Guarding Against the Less-Thought-of Security Threats
  • Intruder Confusion, Detection, and Response
  • Assessment and Penetration Options
  • Risk Analysis
  • Epilogue
  • Additional Resources


Rating 4.8 of 16 users Rating 4.8 of 16 users (16)
Rating 4.3 of 17 users Rating 4.3 of 17 users (17)
Rating 4.6 of 1765 users Rating 4.6 of 1765 users (1765)