Web applications are everywhere and in every industry. From retail to banking to human resources to gambling, everything is on the web. Everything from trivial personal blogs to mission critical financial applications is built on some kind of web application now. If we are going to successfully move applications to the web and build new ones on the web, we must be able to test those applications effectively. Gone are the days when functional testing is sufficient, however. Today web applications face an omnipresent and ever growing security threat from hackers, insiders, criminals, and others.

This book is about how we test web applications, especially with an eye towards security. We are developers, testers, architects, quality managers, and consultants who need to test web software. Regardless of what quality or development methodology we follow, the addition of security to our test agenda requires a new way of approaching testing. We also need specialized tools that facilitate security testing. Throughout the recipes in this book, we’ll be leveraging the homogenous nature of web applications. Wherever we can we will take advantage of things that we know are uniformly true, or frequently true, about web applications. This commonality makes the recipes in this book versatile and likely to work for you. Moreover, it means that you will develop versatile testing tools that are likely capable of testing more than just one application.