Hardly a day goes by without a major security breach. While intrusions at giant organizations make headlines, the truth is all companies are at risk. With all that’s at stake, why does security take a back seat to other forms of testing? In this free whitepaper, we'll show you how to effectively and safely test the security of your web and mobile apps. Other topics include:
What Makes Security Unique?
To quote software security guru James Whittaker: “Software can be correct without being secure. Indeed, software can meet every requirement and perform every specified action flawlessly yet still be exploited by a malicious user. This is because security bugs are different from traditional bugs. In order to locate security bugs, testers have to think differently too.” Though he was writing for an audience of software testers, the same applies to companies large and small: In order to improve the security of your application, you need to accept the fact that security testing is a much different animal. In this section, we'll address the many ways in which security testing differs from other QA processes like ...continue reading...
How to Think Like a Hacker
The first stage of intrusion testing is to assume the role of a kid with his nose pressed against the glass window of a candy store. You are determining your motives. Why would you want to break into this site, if you were an intruder? Certainly, the motives of anarchy and revenge are always appropriate. But is there financial gain available? Is there sensitive information that might be used to embarrass or blackmail the company? You need to understand motivation, so that you can explain why security is important to your application. Often times (and this is especially true with start-up companies), a company won't understand...continue reading...
Security Testing Tools
The list of security threats is exhaustive, but some are more prevalent than others. In this section, we cover some basic tools you'll need to uncover security exploits such as cross-site scripting; SQL injection, spoofing, buffer overflows, denial of service, social engineering and others. We'll also address the motives behind each attack, including those around confidentiality, integrity, authentication, availability and others. It should be noted that all the tools discussed in this section are 100% free. When selecting a tool for security testing purposes, be careful not to over-invest. A free tool is something can be freely abandoned, whereas an expensive tool becomes ...continue reading...Get the rest of the story >>>