Appendix E. A Tester’s Security Checklist
The following checklist, available as a softcopy in the Security Templates folder in the book’s companion content, is a minimum set of items a tester should ask herself as she is testing the product. Consider this document to be completed as a sign-off requirement for the application design phase.
Check |
Category |
Chapter |
o |
List of attack points derived from threat model decomposition process |
4 |
o |
Comprehensive data mutation tests in place |
19 |
o |
Comprehensive SQL and XSS tests in place |
12, 19 |
o |
Application tested with SafeDllSearchMode registry setting set to 2 on Windows XP or tested on the default install of Microsoft Windows .NET Server 2003 |
11 |
o |
Competitor’s vulnerabilities analyzed to ... |
Get Writing Secure Code now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.