Proposing SQL Statement Coverage Metrics: Difference between revisions

Line 28:

=== 2.1 Testing for Security ===

Web applications are inherently insecure <ref name="a15">] D. Scott and R. Sharp, "Developing secure Web applications," Internet Computing, IEEE, vol. 6, no. 6, pp. 38-45, 2002.</ref> and web applications’ attackers look the same as any other customer to the server <ref name="a12">E. Ogren, "App Security's Evolution," in DarkReading.com, 2007.</ref>. Developers should, but typically do not, focus on building security into web applications <ref name="a10">10</ref>. Security has been added to the list of web application quality criteria <ref name="a11">J. Offutt, "Quality attributes of Web software applications," IEEE Software, vol. 19, no. 2, pp. 25-32, 2002.</ref> and the result is that companies have begun to incorporate security testing (including input validation testing) into their development methodologies <ref name="a3">B. Brenner, "CSI 2007: Developers need Web application security assistance," in SearchSecurity.com, 2007. </ref>. Security testing is contrasted from traditional testing, as illustrated by Figure 2: Functional vs. Security Testing, adapted from <ref name="a17">H. H. Thompson and J. A. Whittaker, "Testing for software security," Dr. Dobb's Journal, vol. 27, no. 11, pp. 24-34, 2002.</ref>.

Web applications are inherently insecure <ref name="a15">] D. Scott and R. Sharp, "Developing secure Web applications," Internet Computing, IEEE, vol. 6, no. 6, pp. 38-45, 2002.</ref> and web applications’ attackers look the same as any other customer to the server <ref name="a12">E. Ogren, "App Security's Evolution," in DarkReading.com, 2007.</ref>. Developers should, but typically do not, focus on building security into web applications <ref name="a10">G. McGraw, Software Security: Building Security in. Upper Saddle River, NJ: Addison-Wesley Professional, 2006.</ref>. Security has been added to the list of web application quality criteria <ref name="a11">J. Offutt, "Quality attributes of Web software applications," IEEE Software, vol. 19, no. 2, pp. 25-32, 2002.</ref> and the result is that companies have begun to incorporate security testing (including input validation testing) into their development methodologies <ref name="a3">B. Brenner, "CSI 2007: Developers need Web application security assistance," in SearchSecurity.com, 2007. </ref>. Security testing is contrasted from traditional testing, as illustrated by Figure 2: Functional vs. Security Testing, adapted from <ref name="a17">H. H. Thompson and J. A. Whittaker, "Testing for software security," Dr. Dobb's Journal, vol. 27, no. 11, pp. 24-34, 2002.</ref>.

== 9. References ==

@@ Line 28: / Line 28: @@
 === 2.1 Testing for Security ===
-Web applications are inherently insecure <ref name="a15">] D. Scott and R. Sharp, "Developing secure Web applications," Internet Computing, IEEE, vol. 6, no. 6, pp. 38-45, 2002.</ref> and web applications’ attackers look the same as any other customer to the server <ref name="a12">E. Ogren, "App Security's Evolution," in DarkReading.com, 2007.</ref>. Developers should, but typically do not, focus on building security into web applications <ref name="a10">10</ref>. Security has been added to the list of web application quality criteria <ref name="a11">J. Offutt, "Quality attributes of Web software applications," IEEE Software, vol. 19, no. 2, pp. 25-32, 2002.</ref> and the result is that companies have begun to incorporate security testing (including input validation testing) into their development methodologies <ref name="a3">B. Brenner, "CSI 2007: Developers need Web application security assistance," in SearchSecurity.com, 2007. </ref>. Security testing is contrasted from traditional testing, as illustrated by Figure 2: Functional vs. Security Testing, adapted from <ref name="a17">H. H. Thompson and J. A. Whittaker, "Testing for software security," Dr. Dobb's Journal, vol. 27, no. 11, pp. 24-34, 2002.</ref>.
+Web applications are inherently insecure <ref name="a15">] D. Scott and R. Sharp, "Developing secure Web applications," Internet Computing, IEEE, vol. 6, no. 6, pp. 38-45, 2002.</ref> and web applications’ attackers look the same as any other customer to the server <ref name="a12">E. Ogren, "App Security's Evolution," in DarkReading.com, 2007.</ref>. Developers should, but typically do not, focus on building security into web applications <ref name="a10">G. McGraw, Software Security: Building Security in. Upper Saddle River, NJ: Addison-Wesley Professional, 2006.</ref>. Security has been added to the list of web application quality criteria <ref name="a11">J. Offutt, "Quality attributes of Web software applications," IEEE Software, vol. 19, no. 2, pp. 25-32, 2002.</ref> and the result is that companies have begun to incorporate security testing (including input validation testing) into their development methodologies <ref name="a3">B. Brenner, "CSI 2007: Developers need Web application security assistance," in SearchSecurity.com, 2007. </ref>. Security testing is contrasted from traditional testing, as illustrated by Figure 2: Functional vs. Security Testing, adapted from <ref name="a17">H. H. Thompson and J. A. Whittaker, "Testing for software security," Dr. Dobb's Journal, vol. 27, no. 11, pp. 24-34, 2002.</ref>.
 == 9. References ==
 <references />