Testing Secure Applications

Chapter 14

Testing Secure Applications

The designers, program managers, and architects have designed a good, secure product, and the developers have written great code now it s time for the testers to keep everyone honest! In this chapter, I ll describe the important role testers play when delivering secure products. I ll also discuss how testers should approach security testing it s different from normal testing. This is a pragmatic chapter, full of information you can really use rather than theories of security testing.

The information in this chapter is based on an analysis of over 100 security vulnerabilities across multiple applications and operating systems, including Microsoft Windows, UNIX, and MacOS. After analyzing the bugs, I spent time working out how each bug could be caught during testing, the essence of which is captured herein.