Protect your company’s Web site from hack attacks with this guide to proven security-testing techniques
It’s only a matter of time before an unscrupulous would-be intruder decides to attack your organization’s Web site. If they’re successful, you could lose confidential customer information, intellectual property, or e-commerce revenue. Fortunately, this unique book describes a set of security tests that you can perform to ensure your Web site is hack-resistant. Web testing expert Steven Splaine offers a straightforward, easy-to-follow approach to security testing that can be used to check your Web site’s vulnerabilities. Through examples and dozens of testing checklists, you’ll learn how to develop and document a test plan to test the security of a Web site and conduct a risk analysis to help determine which tests should be given the highest priority.
Following a straightforward, accessible approach, this book will take you step-by-step through the process of testing the security of your Web sites and applications. Whether you’re a software tester, system administrator, developer, manager, Web master, or security engineer, you’ll find valuable information on how to use testing as a security measure. In this informative book, Steven Splaine covers:
- Planning the security testing effort: strategies, teams, and tools
- How to define the scope of the project
- Testing network security and system software configurations
- Checking for security vulnerabilities in Web applications
- Evaluating how well-prepared an organization is against assailants who use social engineering, dumpster diving, inside accomplices, or physical methods of attack
- The unique challenges of testing defenses designed to confuse an intruder
- Using a risk analysis to focus the testing effort on the areas that present the greatest threats to the organization
About the Author STEVEN SPLAINE is a chartered software engineer with more than twenty years of experience in project management, software testing, and product development. He is a regular speaker at software testing conferences and lead author of The Web Testing Handbook.