In this chapter, we discussed the challenging topic of web application testing; we could fill an entire book with this topic. We have chosen to provide a number of examples, so you can explore the topic on your own.

We explored the Burp Suite and OWASP-zap tools; using these tools we scanned a number of sites. With the Burp Suite tool, we introduced the attack components Intruder and Sequencer. Both tools can work as a proxy and intercept requests to and from applications; this is one of the areas that we use to determine how well the developer does input validation.

Following this, we looked at the challenges that a Web Application Firewall (WAF) can add to our testing. We explored the deployment of the dotDefender tool and attempted to ...