10.2. The Importance of Security Testing

Millions of dollars are lost each year due to compromised web applications. It's still common to hear of online commerce sites being compromised and credit card information being stolen. Most merchant agreements between the commerce site and credit card processors do not require the commerce site to disclose when credit card information is stolen. Just think of all the sites out there that do not disclose this information. Many of the developers of these compromised systems felt they had created a secure application.

I highly suggest not storing any credit card information. Even when encryption is used, I fear the worst. If the credit card information is not stored, then there is less to fear about the credit card information being stolen.

System vulnerabilities happen for many reasons. Most commonly vulnerabilities are caused by shoddy code because of unrealistic development deadlines, poor communication/requirements of gathering network-level security, or not knowing how to write secure code.

10.2.1. A Whole New World

I grew up in a computer world where hackers such as Captain Crunch and Kevin Mitnick were acclaimed like rock stars. Movies such as Hackers and Swordfish, portray hacking computer systems as the "cool thing to do." Placing hacking in the limelight makes it very appealing to children and young adults who have an abundance of time to learn many types of hacking techniques. Many of these children/young adults fall into the ...

Get Testing ASP.NET Web Applications now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.