Testing Web Application Security
Integrating and automating security testing
Rochester Security Summit
Thu, 29 Oct 2009, 2p-3p

Testing Web Application Security
Web applications are commonly used to transmit, accept and store
data that is personal, company confidential and sensitive.
More enterprises are spending more time testing web applications, but
many still do not integrate security testing into an application's overall
test plan.
In this session, we will explore ways to
integrate security testing into an end-to-end test plan,
exercise security features in
unit tests
integration tests
acceptance tests

http://www.slideshare.net/ted.husted

http://www.slideshare.net/RafalLos/creating-practical-security-testcases-for-web-applications

http://www.slideshare.net/RafalLos/creating-practical-security-testcases-for-web-applications

http://www.slideshare.net/RafalLos/creating-practical-security-testcases-for-web-applications

Bridging the Divide
Client-Side Capabilies Server-Side Capabilities
Length Filters
Input value Numeric Limits
Input transfer Character patterns
Data access (email, URLs, SKUs)
Input field selection
Control flow

Open QA Selenium
http://selenium.openqa.org/documentation/

Open QA Selenium
Selenium is a suite of tools
http://selenium.openqa.org/documentation/

Open QA Selenium
Selenium is a suite of tools
Selenium IDE
records and runs tests
http://selenium.openqa.org/documentation/

Open QA Selenium
Selenium is a suite of tools
Selenium IDE
records and runs tests
Selenium Remote Control
runs across multiple platforms
http://selenium.openqa.org/documentation/

Open QA Selenium
Selenium is a suite of tools
Selenium IDE
records and runs tests
Selenium Remote Control
runs across multiple platforms
Selenium Grid
runs across multiple machines
http://selenium.openqa.org/documentation/

f:
cd "F:optselenium-remote-control-1.0-beta-2selenium-server-1.0-
beta-2"
java -jar selenium-server.jar

> java -jar hudson.war

Time for a Test Drive ...

Please complete
an evaluation.

Questions?