Proposing SQL Statement Coverage Metrics: Difference between revisions

Line 26:

=== 2.1 Testing for Security ===

Web applications are inherently insecure [[#scottSharp|[4]]] and web applications’ attackers look the same as any other customer to the server [[#Ogren|[5]]]. Developers should, but typically do not, focus on building security into web applications [[#6|[~~mcgraw~~]]]. Security has been added to the list of web application quality criteria [[#offutt|[7]]] and the result is that companies have begun to incorporate security testing (including input validation testing) into their development methodologies [[#brenner|[8]]]. Security testing is contrasted from traditional testing, as illustrated by Figure 2: Functional vs. Security Testing, adapted from [[#9|[~~thompson~~]]].

Web applications are inherently insecure [[#scottSharp|[4]]] and web applications’ attackers look the same as any other customer to the server [[#Ogren|[5]]]. Developers should, but typically do not, focus on building security into web applications [[#mcgraw|[6]]]. Security has been added to the list of web application quality criteria [[#offutt|[7]]] and the result is that companies have begun to incorporate security testing (including input validation testing) into their development methodologies [[#brenner|[8]]]. Security testing is contrasted from traditional testing, as illustrated by Figure 2: Functional vs. Security Testing, adapted from [[#thompson|[9]]].

[[File:Sess-figure-2.png|thumb|'''Figure 2. Intended vs. Actual Behavior, (adapted from [[#thompson|[9]]])''']]

@@ Line 26: / Line 26: @@
 === 2.1 Testing for Security ===
-Web applications are inherently insecure <sup>[[#scottSharp|[4]]]</sup> and web applications’ attackers look the same as any other customer to the server <sup>[[#Ogren|[5]]]</sup>. Developers should, but typically do not, focus on building security into web applications <sup>[[#6|[mcgraw]]]</sup>. Security has been added to the list of web application quality criteria <sup>[[#offutt|[7]]]</sup> and the result is that companies have begun to incorporate security testing (including input validation testing) into their development methodologies <sup>[[#brenner|[8]]]</sup>. Security testing is contrasted from traditional testing, as illustrated by Figure 2: Functional vs. Security Testing, adapted from <sup>[[#9|[thompson]]]</sup>.
+Web applications are inherently insecure <sup>[[#scottSharp|[4]]]</sup> and web applications’ attackers look the same as any other customer to the server <sup>[[#Ogren|[5]]]</sup>. Developers should, but typically do not, focus on building security into web applications <sup>[[#mcgraw|[6]]]</sup>. Security has been added to the list of web application quality criteria <sup>[[#offutt|[7]]]</sup> and the result is that companies have begun to incorporate security testing (including input validation testing) into their development methodologies <sup>[[#brenner|[8]]]</sup>. Security testing is contrasted from traditional testing, as illustrated by Figure 2: Functional vs. Security Testing, adapted from <sup>[[#thompson|[9]]]</sup>.
 [[File:Sess-figure-2.png|thumb|'''Figure 2. Intended vs. Actual Behavior, (adapted from <sup>[[#thompson|[9]]]</sup>)''']]