Abstract
The purpose of web application security testing is to find any security weaknesses or vulnerabilities within an application and its environment, to document the vulnerabilities, and to explain how to fix or remediate them. The business drivers behind the testing may be requirements of corporate policy, security requirements mandated by the corporate financial auditors or an internal audit department, compliance requirements for PCI or other industry standards, or compliance with regulatory standards such as Sarbanes-Oxley or HIPAA. An evidentiary type of audit report, which contains evidence to back up claims of vulnerabilities, is even better, as the report will stand the test of time, and, over the years, explanations and thoughts about how the vulnerabilities were found may fade from people’s memories.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2014 Ron Lepofsky
About this chapter
Cite this chapter
Lepofsky, R. (2014). Types of Web Application Security Testing. In: The Manager’s Guide to Web Application Security:. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-0148-0_2
Download citation
DOI: https://doi.org/10.1007/978-1-4842-0148-0_2
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-0149-7
Online ISBN: 978-1-4842-0148-0
eBook Packages: Professional and Applied ComputingApress Access BooksProfessional and Applied Computing (R0)