Hi all,
I am looking for SW that allow me to test web applications from a security point of view so that potential vulnerabilities can be detected and tracked. I will be testing against a prepared environment so I don't have any source code to analyze.
Any ideas / suggestions will be much appreciated!
Kind regards!
Security testing is in many ways similar to functional testing. You identify a risk, define what the expected behavior should be, and then perform some testing to mitigate that risk by demonstrating that the unexpected does not happen. For example, say the system under test is an internet-facing web application, backed by a database. A risk could be that an attacker somewhere on the internet could use the front-end and gain access to sensitive data stored in the back-end (this is called SQL injection).
read more here: http://www.qatestingtools.com/article/security-testing-on-web-application