Web Applications Testing
If your company has a Web site, hackers will inevitably attack it.
In How to Break Web Software: Functional and Security Testing of Web Applications and Web Services, authors Mike Andrews and James Whittaker detail the myriad Web software exploits that attackers will attempt to carry out. The tools and techniques that can be used to fight against them are also detailed.
The book also includes a companion CD that contains all of the source code referenced in the book in addition to a number of testing tools. The authors include software code from an insecure Web site, which helps the reader get a real-world feel for the topics involved.
The authors conclude with a look at the last 50 years of software defects, showing that developers are not learning from the mistakes.
The authors are of the opinion that software quality is no better today than it was decades ago. And in some cases, it is worse.
The book helps drive home the importance of having developers think about writing secure code and testing it for flaws. It is a recommended read for IT professionals.
The book, published by Addison-Wesley Professional, lists for $34.99 but is available at amazon.com for about $23.00.
Review by Ben Rothke, CISSP (Certified Information Systems Security Professional), who is a security director with a financial services firm. He is a member of ASIS International.