January 11th, 2005, 01:45 PM
Application Level Security Testing
I hope I am not repeating earlier questions... I have tried to search through the forums, but nothing seemed to be appropriate. It's a tricky concept to word, however, so I may be duplicating the idea referred to by a different phrase.
My challenge is thus: I work for a software testing department for a software company. We produce software that goes to end users, middle-tier operators and our own internal teams.
While our IT department handles our network-level security (rather efficiently) at all tiers, our produced applications get a fairly cursory test from a security perspective.
Most sites/books/tutorials/etc deal expressly with network-level security testing (with possibly the exception of web forms)... it would appear that application-level testing is a new and growing specialisation within the field. I am aware that there are tools specifically designed to test applications fro security flaws, but I have also been assured that they are not worth teh disk space they occupy.
Would anyone have any further comments, or sources that I might peruse for more information on this shard of security testing?