Chapter 13

Application Security Flaws and Application Testing

Anecdote

When I left consultancy, I was glad to do it. I was even happier when, six months later, a researcher showed me that by entering the classic SQL-injection command string into my former company’s Web site, you could gain access to all manner of information. Sweet.

But application security is like that! Programmers “think inside the box”—the “what if I don’t bother to visit the login page and go straight to the accounts page” scenario seems to defeat so many of them and make the headlines again and again. ...

Get How to Cheat at Managing Information Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.