• How To Scope A Web Application Security Test


    One of the most underrated parts of a web application security test but perhaps one of the most important is scoping.  Scoping an application before a security test is designed to provide enough information to all parties to ensure that the test will have the best chance of success.

    (more…)

  • Top 10 Mistakes in Application Security Testing


    For application security testers, there is a ton of great material on the Internet and elsewhere about what to do during a security test. If you want to test for SQL injection, there are a million guides that will walk you through the steps. What I’ve found is that there is a lot less discussion of what you shouldn’t do during a test in order to avoid mistakes or to stay out of trouble.

    (more…)