Building a website includes the testing phase where you cross-browser test, validate code and eye-ball each page scrupulously then similarly test the backend. But one aspect that is often overlooked is security testing, and, this is where the Web Security Testing Cookbook comes in with examples of how developers and testers can check for the most common web security issues, while conducting other testing.
The authors, Paco Hope and Ben Walther, have a lot of expertise in this area. Paco Hope works for Cigitel specializing in analyzing the security of software, software systems, and software development processes, amongst other things. While Ben Walther, who also works for Cigital, designs and executes security tests on a daily basis. Enough expertise to ward off fears of opening up your browser and finding that your website has been hacked.
So, what's on offer in this book? Around 260 odd pages of good solid information and examples of security testing with the focus on HOW TO rather than WHY TO. Opting for the use of free tools, the authors, select your basic tool kit and then begin testing. Existing methodologies are used but in the case of AJAX, which is new, the book offers ways to tamper with the code so that what to test becomes obvious.
So, if you're looking to incorporate security testing into your procedures then this book is a great starting point. With the author's recommendations on what free tools to use and the adverse effects that could be incurred there was information a plenty. The text has a great and easy to read writing style, a definite keeper.