Summary
Web applications may be technically sound, but if the developers are not accurately and precisely executing the intent of the company operating the portals, applications, or services, risks abound. These business logic issues are evasive but important. Customers will often cringe at the overhead required to test for them in production. This fear or anxiety should help us drive home the need for integrating penetration testing within the SDLC, and help us to justify well organized and up-to-date documentation of all elements in the application and supporting environment. Testing after the fact is costly and time-consuming, and any issues found after the fact often cause a complete redesign of that portion of a portal or the workflows ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access