Testing Web Application Security

2,878 views

Published on

Web applications are commonly used to transmit, accept and store data that is personal, company confidential and sensitive.

More enterprises are spending more time testing web applications, but many still do not integrate security testing into an application's overall test plan.

In this presentation, we explore ways to integrate security testing into an end-to-end test plan, exercise security features in unit tests, integration tests, acceptance tests.

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,878
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
173
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Testing Web Application Security

  1. 1. Testing Web Application Security Integrating and automating security testing Rochester Security Summit Thu, 29 Oct 2009, 2p-3p
  2. 2. Testing Web Application Security Web applications are commonly used to transmit, accept and store data that is personal, company confidential and sensitive. More enterprises are spending more time testing web applications, but many still do not integrate security testing into an application's overall test plan. In this session, we will explore ways to integrate security testing into an end-to-end test plan, exercise security features in unit tests integration tests acceptance tests
  3. 3. http://www.slideshare.net/ted.husted
  4. 4. http://www.slideshare.net/RafalLos/creating-practical-security-testcases-for-web-applications
  5. 5. http://www.slideshare.net/RafalLos/creating-practical-security-testcases-for-web-applications
  6. 6. http://www.slideshare.net/RafalLos/creating-practical-security-testcases-for-web-applications
  7. 7. Bridging the Divide Client-Side Capabilies Server-Side Capabilities Length Filters Input value Numeric Limits Input transfer Character patterns Data access (email, URLs, SKUs) Input field selection Control flow
  8. 8. Open QA Selenium http://selenium.openqa.org/documentation/
  9. 9. Open QA Selenium Selenium is a suite of tools http://selenium.openqa.org/documentation/
  10. 10. Open QA Selenium Selenium is a suite of tools Selenium IDE records and runs tests http://selenium.openqa.org/documentation/
  11. 11. Open QA Selenium Selenium is a suite of tools Selenium IDE records and runs tests Selenium Remote Control runs across multiple platforms http://selenium.openqa.org/documentation/
  12. 12. Open QA Selenium Selenium is a suite of tools Selenium IDE records and runs tests Selenium Remote Control runs across multiple platforms Selenium Grid runs across multiple machines http://selenium.openqa.org/documentation/
  13. 13. f: cd "F:optselenium-remote-control-1.0-beta-2selenium-server-1.0- beta-2" java -jar selenium-server.jar
  14. 14. > java -jar hudson.war
  15. 15. Time for a Test Drive ...
  16. 16. Please complete an evaluation.
  17. 17. Questions?

×