This chapter is about learning various aspects of web application security. We will be gaining skills for assessing web applications from a security perspective and uncovering potential flaws using both automated and manual techniques.
We will cover the following topics in this chapter:
- Importance of web application security testing
- Application profiling
- Common web application security testing tools
- Authentication
- Authorization
- Session management
- Input validation
- Security misconfiguration
- Business logic flaws
- Auditing and logging
- Cryptography
- Testing tools