CHAPTER 1: APPROACH TO SECURITY TESTING

We’ve seen how important banking applications are and the kind of threats they are faced with. The most effective approach to securing them would be to follow a secure development lifecycle and take care of security right from the design and code level. This would work for future applications; but what about the thousands of applications already in use? How do we secure them before an attacker gets to them? How can we predict an attacker’s actions? We can’t do this without becoming attackers ourselves. That’s what application penetration testing is all about – first (with the application owner’s formal, documented permission) attack the application in all possible ways and then fix the weaknesses found. ...

Get Security Testing Handbook for Banking Applications now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.