Chapter 9: Testing for Attack- Resistant Code


Overview

Key concepts in the chapter are:

  • Creating a security test plan using a hacker’s perspective

  • Generating test scenarios, testing cases, and prioritizing them

  • Running a test tool example to view hidden fields in Web applications

  • Avoiding common testing mistakes

Many factors determine the success or failure of software or a software project, including project management, cost, feature design, ease-of-use, documentation, product marketing, product performance, market conditions, press reviews, and product quality, to name several. You have more direct control or influence over some of these factors than others. Product quality is one factor directly in your control. If you’re a Microsoft Visual Basic .NET developer, it’s your responsibility to write high-quality, secure code and verify that your code works as advertised. Only by trying out your code and testing it can you verify that it works. Even having a tester assigned to testing your code does not give you a free pass to shrug off all your testing and quality code-writing responsibilities. Techniques are presented later in this chapter that show how you can write and test your code before handing it off to someone else for final verification, without you having to become a full-time tester. If you are a full-time tester, your job is to think like an attacker and attempt to break the application the developer has created.

High-quality code implies secure code. You should not treat the need for security as a feature you choose to add or omit. It’s an important factor that reflects the overall quality of your application. An application that has a slick user interface (UI) and easy-to-use features but can be manipulated to return private credit card information is not a quality application—just as a comfortable, slick-looking automobile that veers unexpectedly into the oncoming lane of traffic every 1,000 miles would not be considered a quality vehicle.

Testing is critical to ensure high-quality, secure code. In testing for security, you must attempt to break your application like an attacker would to see how the application responds. To help coordinate your attack, you need a plan. This chapter shows you how to formulate a plan of attack (a test plan), how to determine what tests to include in your test plan, and how to attack your application (execute your test plan) to verify that it’s secure. Let’s start with the test plan.




Security for Microsoft Visual Basic  .NET
Security for Microsoft Visual Basic .NET
ISBN: 735619190
EAN: N/A
Year: 2003
Pages: 168

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net