Thursday, March 02, 2006

Basics of Web Security Testing

Exposing systems to the internet increases the risk that security weaknesses in those systems will be leveraged to compromise the system or the underlying data. It is therefore necessary to examine the actual business risks this brings, understand the basic difficulties in implementing "secure systems2, and adequately test internet applications for security, as well as functionality and load performance, before they are exposed to the net.

Most organisations now have some of their corporate IT infrastructure connected to the internet. This may vary from allowing users to surf the web and recieve email, to fully funtional internet banking systems. For some organisations, compromise or failure of these sytems would have significant business impact.

Software testing is becoming an accepted part of the development and maintenance cycle. Internet solutions are often required to be implemented extremely quickly. Functional, usability and load testing are all as appropriate for internet as conventional client-server solutions, however the requirement to test security is more emphatic for the internet, due to the much wider connectivity - to the incompetent, nosy or malicious - the internet brings.


Post a Comment

<< Home