 |
Web-Based
Issue Tracking
Free 30-Day Trial - Click
Here |
 |
Top Web
Articles |
LocalBrit
Search Built In 24 Hours
Rome may not have been built in a day, to quote an obvious saying, but the search
engine at LocalBrit.co.uk moved from scratch to launch in that time.
YouTube
Has Huge One-Week Growth Spurt
It's no secret anymore that YouTube is a gangbuster of an online property. Though
not surprising, it is still enough to set one back on his heels to learn that
traffic to the online video-sharing site spiked 75 percent in one week.
Amazon
Leaks Video Download Plans
Seeking a less crowded and dominated market to exploit, Amazon is reported to
be launching an iTunes-esque video download service in mid-August.
Technorati
Gets "Major Update"
Technorati founder and CEO Dave Sifry made a big entry on the site's Weblog today
to celebrate its third birthday and announce a number of updates. A lot of the
changes appear to reflect users' suggestions, and he noted, "This is just
a start - there's more to come."
Microsoft
Officially Opens Expo
The company set up the Expo.org domain to make it easier to remember, and implemented
some feature tweaks and updates to the site.
Yahoo
Appoints New Data Mining Expert
Doctor Raghu Ramakrishnan will leave the land of badgers and Big Ten football
for the opportunity to serve as a research fellow in Yahoo! Research.
IT
Job Future In Talking, Not Coding
Prospective college computer majors have been fleeing to other majors, since the
real skills associated with a future in information technology look less like
those one needs from a four-year or longer computer science program.
|
|
|
07.25.06
Web Application Security Testing In Your QA Process
 By
Ryan English
Many companies are under the impression that testing for Web application security
simply involves a cursory check for easy-to-guess usernames and passwords.
Yet application security testing can and should involve more complex checks, such as testing for SQL injection and Cross-Site Scripting. Often this sort of review does not happen until the Web application is in production, when it is too late to stop a hacker or a malicious program from attacking and much more expensive to remediate the vulnerability.
Quality assurance departments have traditionally focused on functional testing - making sure that an application works properly and performs all of its necessary tasks seamlessly. However, as Web application security becomes more important, your QA department is more likely to be a critical participant in application security testing.
Getting Your QA Department Involved
There are three ways that your Quality Assurance department may become involved
with Web application security testing:
Web-Based
Issue Tracking
Free 30-Day Trial - Click
Here |
|
- Your company's Web security experts request that application security testing be done by the QA group to ensure that all fixes have been implemented and no security holes exist prior to releasing the product to production.
- Your compliance officer, facing concerns about SOX, HIPAA, PCI, and so on, requests that further application security testing be performed during the QA process.
- Your QA department themselves request involvement with testing for Web application security, because an application that has security holes in it is not going to be perceived as high-quality by users.
No matter how the department gets involved, certain steps will need to be taken
to establish the application security testing process. It will need to be determined
whether there will be specific, dedicated staff members who will be performing
Web application security testing, or whether the task will be dispersed throughout
your entire QA group. In addition, the timing of Web application security testing
during the Quality Assurance process will need to be managed.
Ideally, application security testing will be performed as early as possible,
so that developers can fix any security issues in a timely manner, without compromising
the project's schedule. Finally, the right software for application security testing
will need to be selected and implemented.
Choosing the Right Tool for Web Application Security Testing
The QA department will need application security testing software that is able
to perform three different types of testing: as a non-authenticated user, an authenticated
user, and an administrative user, to determine the vulnerabilities inherent in
each user class. Additionally, the Web application security tool should be able
to perform both automated and manual crawling/spidering of your Web application.
Read
the Full Article
About
the Author:
Ryan English is the group product manager for SPI Dynamics, where he oversees product strategy and direction for the company’s QAInspect Quality Assurance Security testing product line. |
