Web Security Testing Cookbook gives developers and testers the tools they need to make security testing a regular part of their development lifecycle. You'll find recipes related to manual, exploratory testing as well as recipes for automated security testing that you can make part of your regression cycle.

The recipes cover the basics like observing messages between clients and servers, to multi-phase tests that script the login and execution of web application features. This book provides developers the techniques they need to consider security in their unit tests. Testers will find a wealth of techniques for building web security test cases and executing them.

Web Security Testing Cookbook also leverages free tools, and not only because they save you considerable expense. In security, perhaps more than in any other specialized discipline, the best tools tend to be free. The book offers recipes in four different sections to help you:

• Learn basics concepts to develop tests, and obtain and set up the tools you'll use
• Automate tools and scripts to test a web application in a systematic way
• Learn methods to bypass client side input validation for various purposes, such as SQL injection, cross-site scripting, and manipulating hidden form fields
• Focus on the session by finding identifiers, analyzing how predictable they are, and manipulating them with tools

This practical book focuses on how to test web applications -- not what web security consists of or why developers should test. Leverage the recipes to add significant security coverage to your testing without adding significant time and cost to your effort.

See larger cover