Entries from November 2008 ↓

This is guest article by “Inder P Singh”

Introduction

As more and more vital data is stored in web applications and the number of transactions on the web increases, proper security testing of web applications is becoming very important. Security testing is the process that determines that confidential data stays confidential (i.e. it is not exposed to individuals/ entities for which it is not meant) and users can perform only those tasks that they are authorized to perform (e.g. a user should not be able to deny the functionality of the web site to other users, a user should not be able to change the functionality of the web application in an unintended way etc.).

Some key terms used in security testing

Before we go further, it will be useful to be aware of a few terms that are frequently used in web application security testing:

What is “Vulnerability”?
This is a weakness in the web application. The cause of such a “weakness” can be bugs in the application, an injection (SQL/ script code) or the presence of viruses.
Continue reading →

This is a white paper written by ‘Huw Price‘. With over 20 years experience, Huw Price has been the lead technical architect for several US and European software companies. His new venture Grid-tools is specialized in test data management techniques. Thank you Jessica for providing this white paper for our readers.

How to improve testing by maximizing code coverage – A practical approach.

Article Summary:

As a white box tester your first goal should be maximizing code coverage!

Increasing code coverage is the route to improved testing. Code coverage is always a critical testing path and creating good test data for maximum code coverage is another difficult task.

Testers need to balance the need for complete coverage with only limited time to test. The key challenge here is to be more efficient and more effective.

Should 100% code coverage be the testing goal?

Continue reading →