Prime objective of security testing [1] is to find out how vulnerable a system may be and to determine whether its data and resources are protected from potential intruders. Online transactions have increased rapidly of late making security testing as one of the most critical areas of testing for such web applications. Now a days, privacy and security play an important role. Software applications need to focus on data and its operations security which requires urgent attention, but it’s ignored. Security resembles the essential feature in software. In fact, our main intention is to focus on the web based testing which is one of the types of application testing with its importance, implementation and its methodologies that has been defined from developer’s point of view which is extremely helpful to the developers. Software Testing is an important process in SDLC [2] which provides assurance for quality to both software developer’s (Company) and users as well. Just like testing the performance of an application, it is also important to perform security testing before the app is open to real users. Security testing is performed to detect vulnerabilities in an application, while ensuring that the data is protected and that the application works as required .Web testing is a software testing practice to test the websites or web applications for potential bugs. It’s a complete testing of web-based applications [3] before making live. A web-based system needs to be checked completely from end-to-end before it goes live for end users [4]. By performing web site testing, an organization can make sure that the web-based system is functioning properly and can be accepted by real-time users. The UI design and functionality are the captains of website testing.

Security Testing, Software Tesing, Web based Testing, Web-based Applications

[1] Gu Tian-yang, Shi Yin-sheng, and Fang You-Yuan, “Research on Software Security Testing”, World Academy of Science, Engineering and Technology, Vol. 70, p 647-651, September 2010.
[2] Qianxiang WANG, Lining QUAN, Fuchen YING, ―Online Testing of Web-Based Applications‖, 0730-3157/04 2004 IEEE.
[3] K.K. Aggarwal, Yogesh Singh, “Software Engineering”, (3rd ed.), Copyright © New Age International Publishers, 01-Jan-2005.
[4] Yu Qi, David Kung and Eric Wong, ―Leveraging User-Session Data to Support Web Application Testing‖, IEEE Transactions on Software Engineering, vol. 31, no. 3, March 2005.
[5] Gencer Erdogan, Ketil Stolen, "Risk-driven Security Testing versus Test-driven Security Risk Analysis", First Doctoral Symposium on Engineering Secure Software and Systems.
[6] Mohd. Ehmer Khan& Farmeena Khan, “A Comparative Study of White Box, Black Box and Grey Box Testing Techniques”, International Journal of Advanced Computer Science and Applications, (IJACSA) Vol. 3, No.6, 2012.
[7] Jovanovich, Irena, “Software Testing Methods and Techniques”.
[8] Ould, M. A. (1999). Managing software quality and business risk. Chichester: John Wiley & Sons.
[9] B. Potter, G. McGraw, “Software Security Testing,” IEEE Security & Privacy, v2, n5, 81-85, Sept.-Oct. 2004.
[10] S. Barnum, G. McGraw, “Knowledge for Software Security”, IEEE Security & Privacy, v3, n2, 74- 78, March-April 2005.
[11] Thompson, H.H., “Why security testing is hard”, IEEE Security & Privacy, v 1, n 4, 83-6, July-Aug. 2003.
[12] DeMarco, T. and T. Lister (2003). Waltzing with Bears: Managing Risk on Software Projects. New York: Dorset.
[13] Bruce Potter & Gary McGraw, “Software Security Testing”, IEEE Security & Privacy, 2004, pp. 32-36.
[14] Suhel Ahmad Khan, Raees Ahmad Khan “Software Security Testing Process”, Proc. of the Intl. Conf. on Recent Trends In Computing and Communication Engineering-- RTCCE 2013, p39-42.
[15] J. Viega and G. McGraw, Building Secure Software: How to Avoid Security Problems the Right Way, Addison Wesley, 2001.
[16] Arora A., Sinha M. ―Web Application Testing: A Review on Techniques, Tools and State of Art‖, International Journal of Scientific & Engineering Research, Volume 3, Issue 2, February-2012 ISSN 2229-5518.
[17] G. McGraw, “Testing for Security During Development: : Why We Should Scrap Penetrate-and-Patch,” IEEE Aerospace and Electronic Systems, Vol. 13, no. 4, 1998, pp 13-15.