Linux Journal: Assessing the Security of Your Web Applications

“An outline of key test areas to identify security issues in a
web application and provide measures to minimize them.

“Web sites are moving away from static HTML to dynamic
interactive web applications. It is the dynamic, interactive web
application that is making the Internet the universal medium. Web
applications bring a new level of risk to web sites. Security of
these web applications is paramount to the security of the

“Awareness of security threats from the Internet is increasing
the adoption of secure technologies… firewalls do little to
protect against inbound malicious requests to legitimate
applications. Web-based applications are very popular due to the
ubiquity of the Internet. Providing access to customer information,
user profiles, financial records and health records are common
examples of services that web applications can provide. Most often,
these applications access a back end database to serve dynamically
generated content to the users. Applications designed without
security in mind may result in loss of data integrity,
availability, confidentiality and loss of privacy.”

“Most web-application testing can be classified as static or
dynamic. Static testing involves manually inspecting the source
code and automatically testing for dangerous constructs. On the
other hand, the dynamic testing involves executing the web
application to detect for anomalous behavior on unexpected inputs.
The focus of this article is on dynamic testing.”