I always recommend testing as a typical user, as an untrusted outsider and as a user with all the possible privileges within the application. This includes requirements for testing any specific user roles. It must be clear which applications, network systems and code you need to test how you will test them and what your specific expectations are for the deliverables. And you need to get all the right people on board. You may have your own internal requirements or you may have to follow the requirements of a business partner or customer. The scope of your security assessment is extremely important. The following information lays out the what, when, why and how of most web application security testing scenarios, including figuring out what systems you need to test, which tools are best suited for the task, the use of vulnerability scanners and scanner validation, and additional manual checks. So how do you go about fully vetting your application environment to make sure you have no big security flaws in your critical applications? It's doable for even the most complex environments.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |