Summary

In this chapter, you’ve learned that you need to think like an attacker when it comes to testing your application for security. You use the same steps and tools an attacker would use, including creating a blueprint of your application, analyzing the application to find weak points, and attacking those weak points. Going through this process leads to an application that is more secure and attack resistant. When the attacker receives a copy of your preattacked application, he will find it much more difficult to discover inroads to do damage. A benefit that’s just as important is that your customers will enjoy a higher quality experience because your attack-proofed application will also be more robust. A customer accidentally typing in bad information will be prevented from doing harm.

As part of going through the plan-for-attack and attack process, you learned how to generate test scenarios, test cases associated with those scenarios, and most importantly a system for helping to filter and prioritize the potentially endless number of test cases that you could generate. You learned various strategies for testing your application for security-related bugs, such as writing self-testing code, ad hoc testing, and automated testing. You also learned you can use your Visual Basic .NET expertise to not only create your application, but to create the test tools and test cases needed to verify its safety and quality.

Testing is an important part of the application-development process. Investing some time and planning up front can save you from hardship down the road. If you’re in the middle of developing your application and you have no test plan, put this book down right now….You know what you need to do.