As we stated in Chapter 1, security testing is unlike ordinary application testing the security tester looks for ways to subvert the security of an application prior to its deployment. Effective security testing can significantly reduce the number of security defects in an application and can highlight flaws in the application design. We offer the following advice to assist you in security testing applications:
There is a growing awareness of the value in security testing, and tools have started to emerge to assist in the testing process. The first generation of tools are focused on testing the configuration of an application and the .NET runtime, but work is in progressing on more complex software that will automate applying common types of attack. See the Microsoft .NET home page for information about .NET testing tools in general and some links to security-testing tools.