Goal of the book
Our primary focus in this book is on security testing of
applications. We share here our experience of testing more
than a hundred banking applications. A structured approach
to testing is much more effective and reliable. The chances
of finding the maximum number of holes increases with a
systematic and structured approach.
In the later chapters, we will discuss the approach to be
taken for security testing. We will also look at the checklist
used for testing, discuss different banking applications and
see how they can be tested effectively.
Chapter 1 focuses on the structured approach to testing.
Here we explain the logic of the approach and explain each
step in detail. We show how an exhaustive threat profile
and test plan make testing easier and more reliable.
Chapter 2 discusses the common attacks and vulnerabilities
found in banking applications. We discuss some of these in
detail and also throw light on the solution for each.
Chapter 3 is all about the tools of the trade. We lay bare our
toolbox and explain how each one works.
Chapter 4 is what makes up most of this book. This chapter
describes how to test different types of application. Based
on our experience, we have looked in detail at some of the
important banking applications and the threats they face.
Chapter 5 is a quick outline of the emerging themes in