Previous Chapter

17. Getting Required Training

About the Author

Index

Symbols

/ (forward slash), Specifying Web Application Threats
; (semicolon), Developing a Content Security Policy (CSP)
\ (backslash), Specifying Web Application Threats

A

Accellion (cloud services), Dealing with Cloud Storage
accessibility issues, Making Interfaces Flexible, Defining the Accessibility Issues-Defining the Accessibility Issues
AES (Advanced Encryption Standard), Specifying Web Application Threats, Devising Tests for JavaScript Issues
AirGap sandbox solution, Using an Off-the-Shelf Solution
AJAX (Asynchronous JavaScript and XML), Relying on server controls
alert() function, Extending JavaScript with Libraries
alt attribute, Providing User Aids
Amazon APIs, Defining the Use of APIs
analyzing applications
- about, Performing the Required Analysis
- constraint aspect, Constraint
- data aspect, Data
- interface aspect, Interface
- logic aspect, Logic
AngularJS framework, Differentiating Between Libraries and Frameworks
API aggregation, Using Other Vendors’ Sandboxes
API mashups, Using Other Vendors’ Sandboxes
API safety zones
- about, Creating an API Safety Zone-Understanding the Concept of an API Safety Zone
- defining need for, Defining the Need for an API Safety Zone-Keeping the API Safe from Hackers
- developing with sandboxes, Developing with an API Sandbox-Using Other Vendors’ Sandboxes
- virtual environments and, Considering Virtual Environments-Relying on Application Virtualization
API virtualization, Integrating using API virtualization-Integrating using API virtualization
APIs (application programming interfaces)
- accessing safely from JavaScript, Accessing APIs Safely from JavaScript-Coding Defensively
- creating testing scripts for, Creating Testing Scripts for APIs
- differentiating libraries and, Differentiating Between APIs and Libraries-Defining the Differences in Usage
- differentiating microservices and, Calling into Microservices, Differentiating Microservices and APIs
- examples of, Accessing APIs
- extending JavaScript with, Extending JavaScript Using APIs-Creating a Simple Example
- load testing, Verifying the API Behaves Under Load
- locating, Locating Appropriate APIs
- packaged solutions issues, Dealing with External APIs-Dealing with External APIs
- sandboxing and, Coding Defensively
- security threats posed by, Defining the Security Threats Posed by APIs-Suffering from Shellshock
- testing external, Testing External APIs, Dealing with third-party API and microservice updates
- testing internal, Testing Internal APIs, Developing in-house API and microservice updates
- updating, Working Through API and Microservice Updates-Developing in-house API and microservice updates
- usage considerations, Defining the Use of APIs, Accessing APIs, Using APIs with Care
- verifying security, Verifying API Security
Applause tester, Relying on User Testing
application downtime, Verifying Updates Address Threats
application environment
- allowing access by others, Allowing Access by Others
- cloud storage and, Dealing with Cloud Storage-Dealing with Cloud Storage
- CRUD acronym, Defining the Application Environment
- endpoint defense essentials, Considering Endpoint Defense Essentials-Remediating Broken Software
- external code and resources, Using External Code and Resources-Accessing External Data
- language-specific issues, Delving into Language-Specific Issues-Defining the Key JavaScript Issues
- Software Security Assistance, Understanding Software Security Assurance (SSA)-Constraint
- user needs and expectations, Making the Application Easy to Use-Keeping Security in Perspective
- web application threats and, Specifying Web Application Threats-Specifying Web Application Threats
application virtualization, Relying on Application Virtualization
AppScan tool, Understanding testing limitations
arrays (JSON), Transmitting Data Using JSON
Ashley Madison hack, Developing a User View of the Application
assert() function, Creating a Test Harness for Libraries, Devising Tests for JavaScript Issues
ASTQB (American Software Testing Qualifications Board), Ensuring the Third Party Is Legitimate
authentication
- hardcoded, Specifying Web Application Threats
- missing or incorrect, Specifying Web Application Threats
- SSL, Verifying API Security
- tokens and, Implementing a Token Strategy
- two-factor, Using Biometric Solutions
authorization, missing or incorrect, Specifying Web Application Threats
automatic updates, Accepting Automatic Updates
automatically generated reports, Using Automatically Generated Reports

B

backdoors, hackers uploading, Specifying Web Application Threats
backslash (\), Specifying Web Application Threats
BeEF (Browser Exploitation Framework), Avoiding SQL Injection Attacks
biometric password alternatives, Using Biometric Solutions-Using Biometric Solutions
blind testing, Developing Team Protocols
Bobby Approved icon, Defining the Accessibility Issues
bottom up testing model, Performing Integration Testing
breach response teams, Detecting Security Breaches
breaches
- Community Health Systems, Leaking Your Most Important Information with Heartbleed
- defining most common sources, Defining the Most Common Breach Sources
- detecting, Detecting Security Breaches
- preventing, Preventing Security Breaches-Preventing Security Breaches
browser and browser plug-ins
- accessability testing and, Defining the Accessibility Issues
- content security policy for, Developing a Content Security Policy (CSP)
- customized, Using Custom Browsers-Using Custom Browsers
- error object support, Creating a Test Harness for Libraries
- essence of attacks on, Devising Tests for JavaScript Issues
- HTML5-specific input types, Providing Controlled Choices-Providing Controlled Choices
- key security issues, Defining the Key JavaScript Issues
- sandbox features, Developing with an API Sandbox
- strict mode and, Enabling Strict Mode-Enabling Strict Mode
- verifying code compatibility, Verifying Code Compatibility Issues
buffer overflow, Specifying Web Application Threats
bug fixes, cost of, Implementing testing principles
Burp Proxy tool, Understanding testing limitations
Button Maker tool, Working with CSS Controls
BYOA (bring your own application), Testing in a BYOD Environment
BYOD (bring your own device) issues
- about, Considering Bring Your Own Device (BYOD) Issues
- custom browsers and, Using Custom Browsers-Using Custom Browsers
- hackers and, Thinking Like a Hacker
- handling frequent device updates, Handling Nearly Continuous Device Updates
- native app issues, Considering Native App Issues
- sensitive data and, Specifying Report Uses
- testing in, Testing in a BYOD Environment-Dealing with Really Ancient Equipment and Software
- verifying code compatibility, Verifying Code Compatibility Issues-Verifying Code Compatibility Issues
- web-based application security, Understanding Web-Based Application Security

C

Cameo environment, Relying on Application Virtualization
Capterra review site, Discovering Third-Party Security Solutions
CAS (cross-application scripting), Checking for Cross-Application Hacks
CDN (content delivery network), Verifying Code Compatibility Issues
cdnjs site, Verifying Code Compatibility Issues
Check My Colours site, Letting the User Run Amok
checkboxes, Providing Controlled Choices
click event, Enhancing CSS with Libraries
client-side controls, Relying on client controls
Cloner microservice, Considering Microservices
cloud computing
- Cloud Security Alliance, Discovering Third-Party Security Solutions
- cloud storage in, Dealing with Cloud Storage-Dealing with Cloud Storage, Considering Cloud Storage
- data repositories, Understanding Data Repositories-Understanding Data Repositories
- file sharing services, Dealing with File Sharing Issues-Dealing with File Sharing Issues
- hacking, Considering Cloud Security Solutions
- security solutions in, Considering Cloud Security Solutions-Considering Cloud Storage
cloud tiering , Dealing with File Sharing Issues
code injection, Specifying Web Application Threats, Defining the Key HTML Issues
code review, Considering Goals and Objectives
coding practices
- applying, Applying Successful Coding Practices
- building reliable code, Building Reliable Code-Calling into Microservices
- coding defensively, Coding Defensively
- developing successful interfaces, Developing Successful Interfaces
- developing with API sandbox, Developing with an API Sandbox-Using Other Vendors’ Sandboxes
- incorporating libraries, Incorporating Libraries
- using APIs with care, Using APIs with Care-Coding Defensively
- using microservices, Considering the Use of Microservices
- verifying code compatibility issues, Verifying Code Compatibility Issues-Verifying Code Compatibility Issues
The Color Contrast Checker, Defining the Accessibility Issues
color input type (HTML5), Providing Controlled Choices
command injection (OS), Specifying Web Application Threats
Community Health Systems breach, Leaking Your Most Important Information with Heartbleed
Content-Security-Policy header, Developing a Content Security Policy (CSP)
Content-Type header, Defining the Security Threats Posed by Libraries
controls (see entry controls)
cosmic rays and computers, Creating a Lessons Learned Feedback Loop
Coursera Signature Track, Using Biometric Solutions
cross-application resource access (XARA), Checking for Cross-Application Hacks
cross-application scripting (CAS), Checking for Cross-Application Hacks
cross-site request forgery (CSRF), Defining the Key JavaScript Issues, Defending against cross-site request forgery
cross-site scripting (XSS), Specifying Web Application Threats, Defining the Key JavaScript Issues, Defining the Security Threats Posed by Libraries, Understanding Cross-Site Scripting
CRUD acronym, Defining the Application Environment
CSA (Cloud Security Alliance), Discovering Third-Party Security Solutions
CSIAC site, Developing Team Protocols
CSP (content security policy), Developing a Content Security Policy (CSP)
CSRF (cross-site request forgery), Defining the Key JavaScript Issues, Defending against cross-site request forgery
CSS (Cascading Style Sheets)
- enhancing with libraries, Enhancing CSS with Libraries-Enhancing CSS with Libraries
- key security issues, Defining the Key CSS Issues
- testing language-specific issues, Devising Tests for CSS Issues
- working with controls, Working with CSS Controls-Working with CSS Controls
CSS Lint tool, Devising Tests for CSS Issues
CSS shaders, Defining the Key CSS Issues
css() function, Enhancing CSS with Libraries
Cucumis framework, Devising Tests for JavaScript Issues
custom reports, Using Custom Reports-Developing reports from readily available data sources
CVE site, Checking Security Sites
CVSS (Common Vulnerability Scoring System), Defining the Most Common Breach Sources

D

The Daily Egg site, Letting the User Run Amok
DAST (Dynamic Application Security Testing), Understanding testing limitations
data categorization, Categorizing Data and Resources
data repositories, Understanding Data Repositories-Understanding Data Repositories
data types
- validating supported ranges, Allowing Specific Input Only
- verifying input, Allowing Specific Input Only
data validation (see validating data input)
date input type (HTML5), Providing Controlled Choices
datetime input type (HTML5), Providing Controlled Choices
datetime-local input type (HTML5), Providing Controlled Choices
DDoS (distributed denial-of-service) attacks, Creating Alternate Microservice Paths, Verifying the API Behaves Under Load, Verifying Updates Address Threats
Deepface facial recognition, Using Biometric Solutions
Deploy Hooks microservice, Considering Microservices
developer collaboration tools, Handling Unexpected Testing Issues
DevOps development method, Developing a User View of the Application
dialog boxes, Extending JavaScript with Libraries
direct responses, Relying on direct results
DNS (Domain Name System) requests, Considering Endpoint Defense Essentials
documentation
- combining training with written guides, Combining Training with Written Guides
- reliability and security, Developing Team Protocols
Dojo framework, Working with Frameworks
DOM (Document Object Model), Defining the Security Threats Posed by Libraries
DoS (denial-of-service) attacks, Tackling Denial-of-Service Issues
Download Builder, Incorporating Libraries, Keeping Library Size Small and Content Focused
downtime, application, Verifying Updates Address Threats
drag-and-drop functionality, Making Interfaces Flexible
Dropbox (cloud storage), Dealing with Cloud Storage, Dealing with File Sharing Issues
Dynamic Drive site, Working with CSS Controls
dynamic scripts, Looking for Sneaky Inputs
Dynamic System Domains, Developing with an API Sandbox
dynamic testing, Implementing testing principles

E

eBay API, Using Other Vendors’ Sandboxes-Using Other Vendors’ Sandboxes
ECC (error-correcting code), Defining Upgrade Criticality
ECMAScript 5, Enabling Strict Mode-Enabling Strict Mode
ECMAScript Language test262 site, Devising Tests for JavaScript Issues
email input type (HTML5), Providing Controlled Choices
emergency updates, Performing Emergency Updates-Creating a Permanent Update Schedule
encryption
- cloud security and, Considering Cloud Security Solutions
- missing or incorrect, Specifying Web Application Threats
- SSL, Verifying API Security
endpoints
- about, Considering Endpoint Defense Essentials
- detecting security breaches, Detecting Security Breaches
- preventing security breaches, Preventing Security Breaches-Preventing Security Breaches
- remediating broken software, Remediating Broken Software
entry controls
- client-side, Relying on client controls
- common choices, Providing Controlled Choices
- CSS supported, Working with CSS Controls-Working with CSS Controls
- HTML supported, Implementing Standard HTML Controls
- HTML5-specific, Providing Controlled Choices
- JavaScript-created, Creating Controls Using JavaScript
- server-side, Relying on server controls
Ergo Lock Screen App, Using Biometric Solutions
error absence myth, Implementing testing principles
error object, Creating a Test Harness for Libraries
eval() function, Defining the Security Threats Posed by Libraries, Considering the dangers of eval()
Evalaze environment, Relying on Application Virtualization
external code and resources (see third-party solutions)

F

Facebook Deepface feature, Using Biometric Solutions
facial recognition, Using Biometric Solutions
failure points, Creating a Lessons Learned Feedback Loop
false positives, Avoiding Security Holes in Reliable Code
fast response teams, Creating a Fast Response Team
feature bloat, Interface
feedback loop, lessons learned, Creating a Lessons Learned Feedback Loop-Creating a Lessons Learned Feedback Loop
file sharing services, Dealing with File Sharing Issues-Dealing with File Sharing Issues
file uploads (security threats), Specifying Web Application Threats
Find My iPhone service, Losing Your Device with Find My iPhone
forced browsing attacks, Nipping Predictable Resource Location
forward slash (/), Specifying Web Application Threats
frameworks
- differentiating libraries and, Working with Frameworks, Differentiating Between Libraries and Frameworks-Differentiating Between Libraries and Frameworks
- packaged solutions issues, Working with Frameworks-Working with Frameworks
- templating, Differentiating Between Libraries and Frameworks
Function() function, Defining the Security Threats Posed by Libraries
future-proofing applications, Developing Team Protocols
Fx.Accordion feature, Working with Frameworks

G

GData API Directory, Locating Appropriate APIs
GetMap() function, Creating a Simple Example-Creating a Simple Example
GIF (Graphic Interchange Format), Working with CSS Controls
GoDaddy site, Defining a Need for Web Security Scans
Google APIs
- dealing with external libraries, Dealing with External APIs-Dealing with External APIs
- encoded keys and, Keeping Data Localized and Secure
- listing for, Locating Appropriate APIs
- verifying security, Verifying API Security
Google Maps API, Extending JavaScript Using APIs-Creating a Simple Example, Testing Inputs and Outputs
GTMetrix tool, Letting the User Run Amok

H

hackers
- BYOD and, Thinking Like a Hacker
- improving skills, Developing Team Protocols
- web application threats and, Specifying Web Application Threats-Specifying Web Application Threats
heartbeat feature, Leaking Your Most Important Information with Heartbleed
Heartbleed vulnerability, Leaking Your Most Important Information with Heartbleed
hint interface, Interface
HTML
- implementing controls, Implementing Standard HTML Controls
- input types supported, Providing Controlled Choices-Providing Controlled Choices
- key security issues, Defining the Key HTML Issues
- libraries interacting with, Interacting with HTML Using Libraries-Interacting with HTML Using Libraries
- testing language-specific issues, Devising Tests for HTML Issues
- verifying code compatibility, Verifying Code Compatibility Issues
html5shiv (JavaScript workaround), Verifying Code Compatibility Issues
HTML5test site, Using Custom Browsers, Verifying Code Compatibility Issues
HTTPS protocol, Defining Transport Layer Security
Hydra operating system, Developing with an API Sandbox

I

IDG Research Services , Understanding Web-Based Application Security
input controls (see entry controls)
integration testing
- API virtualization and, Integrating using API virtualization-Integrating using API virtualization
- mocking for, Mocking for integration testing-Mocking for integration testing
- phased approach, Performing Integration Testing
- problem with, Certifying the Best Possible Integration
- sandboxing and, Sandboxing integration testing
- sequence in testing plan, Checking Libraries and APIs for Holes
- for software upgrades, Performing the Required Integration Testing
- virtual environments and, Virtualizing integration testing
integrity checking, Developing Team Protocols
interfaces
- accessing user interface, Assessing the User Interface-Defining the Accessibility Issues
- analyzing, Interface
- choosing user interface solution level, Choosing a User Interface Solution Level-Relying on server controls
- developing successful, Developing Successful Interfaces
- expecting the unexpected, Expecting the Unexpected
- providing controlled choices, Providing Controlled Choices-Providing Controlled Choices
- validating the input, Validating the Input-Using Both Client-Side and Server-Side Validation
International Software Certifications Board, Ensuring the Third Party Is Legitimate
IoT (Internet of Things), Understanding Software Security Assurance (SSA), Defining the Differences in Usage
ISECOM (Institute for Security and Open Methodologies), Managing the Project
ISPs (Internet service providers), Specifying Web Application Threats

J

Jasmine testing framework, Devising Tests for JavaScript Issues
JavaScript
- accessing APIs safely from, Accessing APIs Safely from JavaScript-Coding Defensively
- code injection and, Specifying Web Application Threats
- creating controls, Creating Controls Using JavaScript
- cross-site scripting and, Specifying Web Application Threats
- extending with APIs, Extending JavaScript Using APIs-Creating a Simple Example
- extending with libraries, Extending JavaScript with Libraries-Extending JavaScript with Libraries
- HTML5 add-ins, Verifying Code Compatibility Issues
- key security issues, Defining the Key JavaScript Issues
- microservice calls using, Making Microservice Calls Using JavaScript-Creating a Microservice Using Node.js and Seneca
- storing libraries, Differentiating Between Internally Stored and Externally Stored Libraries
- strict mode, Enabling Strict Mode-Enabling Strict Mode
- testing language-specific issues, Devising Tests for JavaScript Issues-Devising Tests for JavaScript Issues
JavaScript Obfuscator/Encoder, Working with Libraries
join() function, Interacting with HTML Using Libraries
jQuery library
- about, Defining the Use of Libraries, Working with Frameworks
- creating interfaces, Creating a Clear Interface
- Google Maps API and, Creating a Simple Example-Creating a Simple Example
- security issues, Testing External Libraries
jQuery UI library
- creating accordion effect, Dealing with External Libraries
- creating interfaces, Creating a Clear Interface
- customized versions, Incorporating Libraries, Keeping Library Size Small and Content Focused
- dialog box functionality, Extending JavaScript with Libraries
- Google Maps API and, Creating a Simple Example-Creating a Simple Example
JScrambler , Working with Libraries
JSLint, Defining the Security Threats Posed by Libraries
JSON (JavaScript Object Notation)
- data forms supported, Transmitting Data Using JSON
- data input and, Differentiating Microservices and Libraries
- HTML example, Interacting with HTML Using Libraries-Interacting with HTML Using Libraries
- transferring data, Specifying Microservice Characteristics
- transmitting data, Transmitting Data Using JSON

K

key cards, Relying on Key Cards
kill switches, Using Custom Browsers
Kirk, Jeremy, Reading Security-Related Articles by Experts
Knight Capital Group, Building Reliable Code
KVM (keyboard, video, and mouse) switch, Configuring the System

L

language suites
- creating supported language list, Creating a Supported Language List-Creating a Supported Language List
- defining testing requirements, Defining the Special Requirements for Language Support Testing
- ensuring data correctly formatted, Ensuring Data Appears in the Correct Format
- obtaining reliable language specialists, Obtaining Reliable Language Specialists
- updating, Updating Language Suites
- verifying language-specific prompts, Verifying the Language-Specific Prompts Work with the Application
language-specific issues
- key CSS issues, Defining the Key CSS Issues
- key HTML issues, Defining the Key HTML Issues
- key JavaScript issues, Defining the Key JavaScript Issues
- testing for, Testing for Language-Specific Issues-Devising Tests for JavaScript Issues
latitude and longitude, Creating a Simple Example
lessons learned feedback loop, Creating a Lessons Learned Feedback Loop-Creating a Lessons Learned Feedback Loop
libraries
- building test suite for, Performing the Required Testing
- content focused, Keeping Library Size Small and Content Focused-Keeping Library Size Small and Content Focused
- defining precise uses, Defining the Precise Library Uses
- differentiating APIs and, Differentiating Between APIs and Libraries-Defining the Differences in Usage
- differentiating frameworks and, Working with Frameworks, Differentiating Between Libraries and Frameworks-Differentiating Between Libraries and Frameworks
- differentiating microservices and, Differentiating Microservices and Libraries
- enhancing CSS with, Enhancing CSS with Libraries-Enhancing CSS with Libraries
- examples of, Working with Libraries
- extending JavaScript with, Extending JavaScript with Libraries-Extending JavaScript with Libraries
- incorporating safely, Incorporating Libraries Safely
- interacting with HTML, Interacting with HTML Using Libraries-Interacting with HTML Using Libraries
- internally versus externally stored, Differentiating Between Internally Stored and Externally Stored Libraries
- packaged solutions issues, Dealing with External Libraries-Dealing with External Libraries
- researching fully, Researching the Library Fully
- sandboxing and, Incorporating Libraries Safely
- security threats posed by, Defining the Security Threats Posed by Libraries-Developing a Content Security Policy (CSP)
- speed considerations, Incorporating Libraries
- templating, Differentiating Between Libraries and Frameworks-Differentiating Between Libraries and Frameworks
- testing external, Testing External Libraries, Dealing with third-party library updates
- testing internal, Testing Internal Libraries, Developing in-house library updates
- updating, Working Through Library Updates-Developing in-house library updates
- usage considerations, Defining the Use of Libraries-Defining the Use of Libraries, Working with Libraries, Incorporating Libraries-Extending JavaScript with Libraries
LinkTiger tool, Devising Tests for HTML Issues
list boxes, Providing Controlled Choices
listen() function, Creating a Microservice Using Node.js and Seneca
load testing APIs, Verifying the API Behaves Under Load
LoadUI tool, Verifying the API Behaves Under Load
LOC (lines of code), Considering Microservices
LocalStorage (HTML5), Defining the Key HTML Issues
longdesc attribute, Providing User Aids
longitude and latitude, Creating a Simple Example
LOT Polish airlines, Defining the Most Common Breach Sources
Lynx browser, Defining the Accessibility Issues

M

MailPoet blogging software plug-in, Ruining Your Good Name with MailPoet
maintenance cycle
- considering need for reports, Considering the Need for Reports-Determining the Usability of User Feedback
- considering update options , Considering Update Options-Creating an Update Testing Schedule
- defining upgrade cycles, Clearly Defining Upgrade Cycles-Moving an Upgrade to Production
malicious intent, Developing Team Protocols
man-in-the-middle attacks, Defining the Differences in Usage, Defining the Security Threats Posed by Microservices, Testing External APIs, Devising Tests for JavaScript Issues
Mars Climate Orbiter, Developing Team Protocols
Mashable site, Letting the User Run Amok
max attribute, Providing Controlled Choices, Defining the Roles of Reliability and Security
McAfee site, Getting the Tools
MDM (mobile device management), Configuring a Remote Access Zone
medical devices, security holes in, Avoiding Security Holes in Reliable Code
menus, Providing Controlled Choices
Microservice Architecture , Defining the Use of Microservices
microservices
- creating, Creating a Microservice Using Node.js and Seneca-Creating a Microservice Using Node.js and Seneca
- creating alternate paths, Creating Alternate Microservice Paths
- differentiating APIs and, Calling into Microservices, Differentiating Microservices and APIs
- differentiating libraries and, Differentiating Microservices and Libraries
- examples of, Considering Microservices
- making calls using JavaScript, Making Microservice Calls Using JavaScript-Creating a Microservice Using Node.js and Seneca
- packaged solutions issues, Calling into Microservices
- politics of using, Considering Microservice Politics-Considering Microservice Politics
- security threats posed by, Defining the Security Threats Posed by Microservices-Defining Transport Layer Security
- specifying characteristics, Specifying Microservice Characteristics-Specifying Microservice Characteristics
- testing, Creating a Microservice Using Node.js and Seneca, Extending Testing to Microservices, Extending Testing Strategies to Microservices, Dealing with third-party API and microservice updates
- updating, Working Through API and Microservice Updates-Developing in-house API and microservice updates
- usage considerations, Defining the Use of Microservices-Defining the Use of Microservices, Considering Microservices, Considering the Use of Microservices
microservices API, Developing in-house API and microservice updates
min attribute, Providing Controlled Choices, Defining the Roles of Reliability and Security
MIT Technology Review , Discovering Third-Party Security Solutions
mobile devices and security (see BYOD issues)
mocked results, Relying on mocked results
mocking
- for integration testing, Mocking for integration testing-Mocking for integration testing
- testing internal APIs, Testing Internal APIs
- testing internal libraries, Testing Internal Libraries
model checking, Considering Goals and Objectives
month input type (HTML5), Providing Controlled Choices
MooTools framework, Working with Frameworks-Working with Frameworks
MTBF (mean time between failures), Creating a Lessons Learned Feedback Loop-Creating a Lessons Learned Feedback Loop
mustache-security site, Differentiating Between Libraries and Frameworks-Differentiating Between Libraries and Frameworks

N

native app issues, Considering Native App Issues
NDA (non-disclosure agreement), Using Outside Security Testers, Keeping Internal Data Secure
NetMarketShare, Dealing with Really Ancient Equipment and Software
new keyword, Enabling Strict Mode
NFC (Near Field Communication), Devising Password Alternatives, Using Biometric Solutions
NIS (Network Information System), Overcoming Unintentional Information Disclosure
NIST Webmetrics Tool Suite, Defining the Accessibility Issues
Node.js environment, Considering the Use of Microservices, Making Microservice Calls Using JavaScript, Creating a Microservice Using Node.js and Seneca-Creating a Microservice Using Node.js and Seneca, Devising Tests for JavaScript Issues
Norton Ghost, Configuring the System
NPM (Node Package Manager), Making Microservice Calls Using JavaScript
number input type (HTML5), Providing Controlled Choices, Providing Controlled Choices
numbers (JSON), Transmitting Data Using JSON
Nymi wristband, Using Biometric Solutions

O

OAD (Open Access Directory), Understanding Data Repositories
objects (JSON), Transmitting Data Using JSON
onActive event, Working with Frameworks
onBackground event, Working with Frameworks
OOP RPC, Dealing with External APIs
Opera browser, Defining the Accessibility Issues
operating system command injection, Specifying Web Application Threats
ORDER BY clause (SQL), Avoiding SQL Injection Attacks
OSSAP (OWASP Security Software Assurance Process), Considering the OSSAP-Considering the OSSAP
OSSTMM (Open Source Security Testing Methodology), Managing the Project
OSVDB site, Checking Security Sites
OWASP (Open Web Application Security Project), Considering the OSSAP, Defining a Need for Web Security Scans, Defining the Most Common Breach Sources

P

packaged solutions (see third-party solutions)
parameter manipulation, Specifying Web Application Threats
Paros tool, Understanding testing limitations
password alternatives
- biometric solutions, Using Biometric Solutions-Using Biometric Solutions
- devising , Devising Password Alternatives
- key cards, Relying on Key Cards
- NFC as, Devising Password Alternatives, Using Biometric Solutions
- passphrases, Working with Passphrases
- token strategy, Implementing a Token Strategy
- USB keys, Relying on USB Keys
penetration testing, Considering the Penetration Testing Company
performance testing, Testing performance
PhantomCSS tool, Devising Tests for CSS Issues
phishing attacks, Ruining Your Good Name with MailPoet
PIN (personal identification number), Understanding Web-Based Application Security, Relying on Key Cards
Ponemon Institute, Preventing Security Breaches
POS (point-of-sale) terminals , Preventing Security Breaches
privacy and security, Specifying Web Application Threats
proofs (testing), Considering Goals and Objectives
Puppet environment, Implementing Virtualization
Python language, Defining the Virtual Environment

Q

quality software and MTBF, Creating a Lessons Learned Feedback Loop
QUnit testing framework, Devising Tests for JavaScript Issues

R

radio buttons, Providing Controlled Choices
range input type (HTML5), Providing Controlled Choices, Providing Controlled Choices
rapid development, Enabling Rapid Development-Enabling Rapid Development
Rational Functional Tester, Devising Tests for HTML Issues
RC4 encryption, Devising Tests for JavaScript Issues
ReadyAPI! (SmartBear), Integrating using API virtualization
Registry of Research Data Repositories, Accessing External Data
regular expressions, Allowing Specific Input Only
reliability and security
- application functionality and, Focusing on Application Functionality
- avoiding security holes in code, Avoiding Security Holes in Reliable Code-Avoiding Security Holes in Reliable Code
- business failures from lack of, Building Reliable Code
- defining requirements, Developing Team Protocols
- defining roles of, Defining the Roles of Reliability and Security-Defining the Roles of Reliability and Security
- developing team protocols, Developing Team Protocols-Developing Team Protocols
- differentiating, Differentiating Reliability and Security-Focusing on Application Functionality
- lessons learned feedback loop, Creating a Lessons Learned Feedback Loop-Creating a Lessons Learned Feedback Loop
- packaged solutions issues, Considering Issues of Packaged Solutions-Calling into Microservices
- as performance elements, Testing performance
- relationship between, Building Reliable Code
- training programs, Developing Team Protocols
Reliability Consulting Services, Developing Team Protocols
remote access zones, Configuring a Remote Access Zone
remote code inclusion, Specifying Web Application Threats
reports
- about, Considering the Need for Reports
- automatically generated, Using Automatically Generated Reports
- avoiding useless, Avoiding Useless Reports-Avoiding Useless Reports
- creating consistent, Creating Consistent Reports
- custom, Using Custom Reports-Developing reports from readily available data sources
- externally generated, Relying on Externally Generated Reports
- internal, Creating Internal Reports-Specifying Report Uses
- for penetration testing, Getting the Report
- for specific application tasks, Using Reports to Perform Specific Application Tasks
- from third-party testing, Enumerating the Test Output and Reporting Requirements, Using the Resulting Reports-Acting on Testing Recommendations, Considering the Need for Reports
- timing to upgrades and updates, Timing Reports to Upgrades and Updates
- user feedback and, Providing for User Feedback-Determining the Usability of User Feedback
- verifying data on, Obtaining Completed Reports from Third Parties
require() function, Creating a Microservice Using Node.js and Seneca
resizing interface elements, Making Interfaces Flexible
REST (Representational State Transfer)
- cross-site request forgery and, Defending against cross-site request forgery
- microservices and, Specifying Microservice Characteristics, Understanding the Role of REST in Communication
- mock support, Mocking for integration testing-Mocking for integration testing
RFID (radio frequency identification ), Devising Password Alternatives
RhinoUnit testing framework, Devising Tests for JavaScript Issues
risk management, Defining the Need for an API Safety Zone-Ensuring Your API Works
rowhammering, Using Third-Party Testing, Avoiding Information Overload

S

SAAS (Software-As-A-Service), Defining a Need for Web Security Scans
Sandboxie sandbox solution, Using an Off-the-Shelf Solution
sandboxing
- about, Incorporating Libraries Safely, Coding Defensively, Developing with an API Sandbox
- API virtualization and, Integrating using API virtualization-Integrating using API virtualization
- benefits to using, Understanding the Concept of an API Safety Zone
- developing with API sandbox, Developing with an API Sandbox-Using Other Vendors’ Sandboxes
- ensuring APIs work, Ensuring Your API Works
- integration testing and, Sandboxing integration testing
- load testing APIs, Verifying the API Behaves Under Load
- rapid development and, Enabling Rapid Development
- testing APIs with, Keeping the API Safe from Hackers
- third-party solutions, Using an Off-the-Shelf Solution-Using Other Vendors’ Sandboxes
- vendor sandboxes and, Using Other Vendors’ Sandboxes-Using Other Vendors’ Sandboxes
- virtual environments versus, Enabling Rapid Development, Differentiating Virtual Environments and Sandboxing
sandwich testing model, Performing Integration Testing
SANS Institute, Checking Security Sites
SC Magazine review site, Discovering Third-Party Security Solutions
SCADA (supervisory control and data acquisition), Defining the Differences in Usage
ScriptGard, Defining the Security Threats Posed by Libraries
SDLC (Software Development Lifecycle), Considering the OSSAP
search input type (HTML5), Providing Controlled Choices
Section 508 checklist, Defining the Accessibility Issues
Secura Key site, Relying on Key Cards
Security Focus site, Checking Security Sites
security plans
- application environment, Defining the Application Environment-Allowing Access by Others
- avoiding hype, hysteria, helplessness, Tracking Current Security Threats
- avoiding information overload, Avoiding Information Overload
- sources for security threat information, Developing Sources for Security Threat Information-Getting Input from Consultants
- third-party solutions, Getting Third-Party Assistance-Considering Microservices
- for upgrades based on threats, Creating a Plan for Upgrades Based on Threats-Defining an Upgrade Plan
- user needs and expectations, Embracing User Needs and Expectations-Keeping Security in Perspective
security resources
- getting required training, Getting Required Training-Holding Training Effectiveness Checks
- tracking security threats, Tracking Current Security Threats-Asking for Updates from Third Parties
Security Shepherd (OWASP), Getting the Required Training
security sites, checking, Checking Security Sites-Checking Security Sites
SELECT clause (SQL), Avoiding SQL Injection Attacks
Selenium tool, Devising Tests for HTML Issues
semicolon (;), Developing a Content Security Policy (CSP)
Seneca toolkit, Considering the Use of Microservices, Making Microservice Calls Using JavaScript, Creating a Microservice Using Node.js and Seneca-Creating a Microservice Using Node.js and Seneca
server-side controls, Relying on server controls
session hijacking, Specifying Web Application Threats
setInnerHtml() function, Defining the Security Threats Posed by Libraries
setInnerText() function, Defining the Security Threats Posed by Libraries
setInterval() function, Defining the Security Threats Posed by Libraries
setTimeout() function, Defining the Security Threats Posed by Libraries
Shellshock (security bugs), Suffering from Shellshock
SIEM (security information and event management) software , Remediating Broken Software
Signature Track (Coursera), Using Biometric Solutions
SmartBear site, Integrating using API virtualization
Snapchat service, Developing a Picture of the Snappening
SOAP (Simple Object Access Protocol), Understanding the Role of REST in Communication, Mocking for integration testing-Mocking for integration testing
Software Security Assurance (see SSA )
software updates (see updates)
sorting data, Making Interfaces Flexible
sourceforge.net, Understanding Data Repositories
special characters
- data validation and, Allowing Specific Input Only
- hidden or restricted files and directories, Specifying Web Application Threats
speed considerations
- addressing security threats, Verifying Updates Address Threats
- library usage and, Incorporating Libraries
Spoon.net sandbox solution, Using an Off-the-Shelf Solution
SQL injection attacks, Specifying Web Application Threats, Specifying Web Application Threats, Looking for Sneaky Inputs, Avoiding SQL Injection Attacks
SSA (Software Security Assurance)
- about, Understanding Software Security Assurance (SSA)
- alternative security strategy, Defining SSA Requirements
- categorizing data and resources, Categorizing Data and Resources
- defining requirements, Defining SSA Requirements
- OSSAP and, Considering the OSSAP-Considering the OSSAP
- performing required analysis, Performing the Required Analysis-Constraint
SSL (Secure Sockets Layer), Leaking Your Most Important Information with Heartbleed, Verifying API Security
static analysis, Considering Goals and Objectives
static testing, Implementing testing principles, Testing External Libraries, Developing in-house library updates, Developing in-house API and microservice updates
step attribute, Providing Controlled Choices
storage
- cloud computing and, Dealing with Cloud Storage-Dealing with Cloud Storage, Considering Cloud Storage
- internal versus external libraries, Differentiating Between Internally Stored and Externally Stored Libraries
strict mode (JavaScript), Enabling Strict Mode-Enabling Strict Mode
strings (JSON), Transmitting Data Using JSON
Sucuri scanner, Defining a Need for Web Security Scans-Defining a Need for Web Security Scans
SUNDR (Secure Untrusted Data Repository), Understanding Data Repositories
Symantec Security Response, Checking Security Sites

T

tabs() function, Creating a Clear Interface
tainted inputs, Defining the Key HTML Issues
team protocols, developing, Developing Team Protocols-Developing Team Protocols
tel input type (HTML5), Providing Controlled Choices
templating libraries, Differentiating Between Libraries and Frameworks
test harness
- about, Checking Libraries and APIs for Holes
- creating for libraries, Testing Internal Libraries, Creating a Test Harness for Libraries
- creating for upgrades, Checking Upgrades for Issues
test systems
- configuring, Configuring the System
- creating right environment, Creating the Right Environment
- getting required training, Getting the Required Training
- getting the tools, Getting the Tools
- restoring, Restoring the System
- usage considerations, Considering the Test System Uses
- virtual machines and, Using Virtual Machines
testing outside the box, Checking Libraries and APIs for Holes
testing plans
- about, Creating a Testing Plan
- defining alternatives, Considering Goals and Objectives
- defining goals, Defining the goals
- defining third-party goals, Specifying the Third-Party Goals in Testing
- enumerating reporting requirements, Enumerating the Test Output and Reporting Requirements
- enumerating test output, Enumerating the Test Output and Reporting Requirements
- for language-specific issues, Testing for Language-Specific Issues-Devising Tests for JavaScript Issues
- generating written, Generating a Written Test Plan
- goals and objectives, Considering Goals and Objectives
- implementing testing principles, Implementing testing principles-Implementing testing principles
- for language suites, Defining the Special Requirements for Language Support Testing
- test performance requirements, Considering Test Requirements
- testing external APIs, Testing External APIs, Dealing with third-party API and microservice updates
- testing external libraries, Testing External Libraries, Dealing with third-party library updates
- testing internal APIs, Testing Internal APIs, Developing in-house API and microservice updates
- testing internal libraries, Testing Internal Libraries, Developing in-house library updates
- testing microservices, Creating a Microservice Using Node.js and Seneca, Extending Testing to Microservices, Dealing with third-party API and microservice updates
- testing performance, Testing performance
- testing platform type, Testing platform type
- testing usability, Testing usability
- third-party testing and, Creating a Testing Plan-Handling Unexpected Testing Issues
- understanding limitations of, Understanding testing limitations
testing principles, Implementing testing principles-Implementing testing principles
testing strategies
- accessibility testing sites, Defining the Accessibility Issues
- BYOD and, Testing in a BYOD Environment
- checking libraries and APIs for holes, Checking Libraries and APIs for Holes-Devising Tests for JavaScript Issues
- creating API safety zones, Creating an API Safety Zone-Relying on Application Virtualization
- custom browsers and, Using Custom Browsers
- hardware considerations, Enabling Rapid Development
- for inputs and outputs, Testing Inputs and Outputs
- for libraries, Performing the Required Testing
- for microservices, Extending Testing Strategies to Microservices
- for reliability goals, Developing Team Protocols
- relying on tools to fill gaps, Understanding testing limitations
- for software updates, Differentiating Between Upgrades and Updates, Creating an Update Testing Schedule
- for software upgrades, Creating Test Scenarios-Performing the Required Integration Testing, Differentiating Between Upgrades and Updates
- thinking like a hacker, Thinking Like a Hacker-Getting the Report
- third-party testing, Using Third-Party Testing-Acting on Testing Recommendations
text cases, Implementing testing principles
textboxes, Creating a Simple Example
thinking like hackers
- about, Thinking Like a Hacker
- building test systems, Building a Testing System-Restoring the System
- defining common breach sources, Defining the Most Common Breach Sources
- need for web security scans, Defining a Need for Web Security Scans-Defining a Need for Web Security Scans
- relying on user testing, Relying on User Testing-Giving the User a Voice
- testing in BYOD environment, Testing in a BYOD Environment-Dealing with Really Ancient Equipment and Software
- using outside security testers, Using Outside Security Testers-Getting the Report
third-party solutions
- about, Using External Code and Resources, Getting Third-Party Assistance
- accessing external data from, Accessing External Data
- allowing access by others, Allowing Access by Others
- APIs in, Defining the Use of APIs, Accessing APIs, Dealing with External APIs-Dealing with External APIs, Dealing with third-party API and microservice updates
- benefits to using, Choosing Between Product Types
- cloud security in, Considering Cloud Security Solutions-Considering Cloud Storage
- cloud storage in, Dealing with Cloud Storage-Dealing with Cloud Storage, Considering Cloud Storage
- data repositories, Understanding Data Repositories-Understanding Data Repositories
- file sharing services, Dealing with File Sharing Issues-Dealing with File Sharing Issues
- frameworks in, Working with Frameworks-Working with Frameworks
- getting input from consultants, Getting Input from Consultants
- libraries in, Defining the Use of Libraries-Defining the Use of Libraries, Working with Libraries, Dealing with External Libraries-Dealing with External Libraries, Dealing with third-party library updates
- microservices in, Defining the Use of Microservices-Defining the Use of Microservices, Considering Microservices, Calling into Microservices, Dealing with third-party API and microservice updates
- packaged solutions issues, Considering Issues of Packaged Solutions-Calling into Microservices
- product type considerations, Choosing Between Product Types-Considering Microservices
- sandboxes, Using an Off-the-Shelf Solution-Using Other Vendors’ Sandboxes
- security solutions in, Discovering Third-Party Security Solutions-Discovering Third-Party Security Solutions
- training for developers, Obtaining Third-Party Training for Developers-Relying on Training Centers
third-party testing
- about, Using Third-Party Testing
- creating testing plans, Creating a Testing Plan-Considering Test Requirements
- defining range of services, Considering the Range of Possible Testing Services-Considering the Range of Possible Testing Services
- defining reasons for hiring, Defining the Reasons for Hiring the Third Party-Defining the Reasons for Hiring the Third Party
- ensuring third party is legitimate, Ensuring the Third Party Is Legitimate
- implementing testing plans, Implementing a Testing Plan-Handling Unexpected Testing Issues
- interviewing third party, Interviewing the Third Party
- locating services, Locating Third-Party Testing Services-Performing Tests on a Test Setup
- performing limited demo, Performing Tests on a Test Setup
- resulting reports from, Enumerating the Test Output and Reporting Requirements, Using the Resulting Reports-Acting on Testing Recommendations, Considering the Need for Reports
this statement, Enabling Strict Mode
thread safety, Testing for Language-Specific Issues
3DES (Triple Data Encryption Standard), Specifying Web Application Threats
time input type (HTML5), Providing Controlled Choices
title attribute, Providing User Aids
TLDs (top-level domains), Creating a Supported Language List
TLS (Transport Layer Security), Defining Transport Layer Security, Devising Tests for JavaScript Issues
token strategy as password alternative, Implementing a Token Strategy
top down testing model, Performing Integration Testing
training plans
- alternative security reminders, Creating and Using Alternative Security Reminders
- creating, Creating an In-House Security Training Plan
- defining needed training, Defining Needed Training
- monitoring results, Monitoring the Results-Monitoring the Results
- setting reasonable goals, Setting Reasonable Goals
- using in-house trainers, Using In-House Trainers
training programs
- about, Getting Required Training
- creating training plans, Creating an In-House Security Training Plan-Monitoring the Results
- MTBF and, Creating a Lessons Learned Feedback Loop
- reliability and security, Developing Team Protocols
- third-party training for developers, Obtaining Third-Party Training for Developers-Using Local Colleges and Universities
- ensuring users are security aware, Ensuring Users Are Security Aware
- training effectiveness checks, Holding Training Effectiveness Checks
two-factor authentication, Using Biometric Solutions
typing technique, Using Biometric Solutions

U

unit testing
- for APIs, Creating Testing Scripts for APIs, Dealing with third-party API and microservice updates
- for libraries, Testing Internal Libraries, Developing in-house library updates
- for microservices, Dealing with third-party API and microservice updates
- sequence in testing plan, Checking Libraries and APIs for Holes
- for software upgrades, Performing the Required Pre-Testing
update testing schedule, Creating an Update Testing Schedule
updates
- about, Considering Update Options
- to APIs, Working Through API and Microservice Updates-Developing in-house API and microservice updates
- creating permanent schedule, Creating a Permanent Update Schedule
- creating plans based on threats, Creating a Plan for Updates Based on Threats-Asking for Updates from Third Parties
- creating testing schedule, Creating an Update Testing Schedule
- deciding between upgrades and, Deciding Between an Upgrade or an Update-Deciding Between an Upgrade or an Update
- determining when to apply, Determining When to Update-Developing in-house API and microservice updates
- differentiating upgrades and, Differentiating Between Upgrades and Updates
- emergency, Performing Emergency Updates-Creating a Permanent Update Schedule
- to language suites, Updating Language Suites-Defining the Special Requirements for Language Support Testing
- to libraries, Working Through Library Updates-Developing in-house library updates
- to microservices, Working Through API and Microservice Updates
- timing reports to, Timing Reports to Upgrades and Updates
upgrade cycle plans
- based on threats, Creating a Plan for Upgrades Based on Threats
- checking upgrades for issues, Checking Upgrades for Issues-Checking Upgrades for Issues
- creating, Developing a Detailed Upgrade Cycle Plan-Developing a Detailed Upgrade Cycle Plan
- creating test scenarios, Creating Test Scenarios
- defining, Defining an Upgrade Plan
- defining criticality, Defining Upgrade Criticality-Defining Upgrade Criticality
- determining requirements, Determining Upgrade Requirements-Determining Upgrade Requirements
- implementing changes, Implementing the Changes
- looking for upgrades, Looking for Upgrades
upgrade cycles
- about, Clearly Defining Upgrade Cycles
- creating testing schedule, Creating an Upgrade Testing Schedule-Moving an Upgrade to Production
- developing detailed plans, Developing a Detailed Upgrade Cycle Plan-Implementing the Changes
- moving upgrades to production, Moving an Upgrade to Production-Moving an Upgrade to Production
upgrade testing schedule
- creating, Creating an Upgrade Testing Schedule
- required integration testing, Performing the Required Integration Testing
- required pre-testing, Performing the Required Pre-Testing-Performing the Required Pre-Testing
upgrades
- deciding between updates and, Deciding Between an Upgrade or an Update-Deciding Between an Upgrade or an Update
- emergencies and, Creating a Fast Response Team
- timing reports to, Timing Reports to Upgrades and Updates
url input type (HTML5), Providing Controlled Choices
US-CERT site, Checking Security Sites
usability testing, Testing usability
USB keys, Relying on USB Keys
use strict directive, Enabling Strict Mode
user feedback, Providing for User Feedback-Determining the Usability of User Feedback
user interface
- assessing, Assessing the User Interface
- choosing solution level, Choosing a User Interface Solution Level-Relying on server controls
- creating clear interfaces, Creating a Clear Interface-Creating a Clear Interface
- defining accessibility issues, Defining the Accessibility Issues-Defining the Accessibility Issues
- making interfaces flexible, Making Interfaces Flexible-Making Interfaces Flexible
- providing user aids, Providing User Aids
user needs and expectations
- about, Embracing User Needs and Expectations
- BYOD issues, Considering Bring Your Own Device (BYOD) Issues-Handling Nearly Continuous Device Updates
- developing user view of applications, Developing a User View of the Application-Developing a User View of the Application
- devising password alternatives, Devising Password Alternatives-Implementing a Token Strategy
- focusing on, Focusing on User Expectations-Keeping Security in Perspective
user testing, Relying on User Testing-Giving the User a Voice
User Testing site, Relying on User Testing
user tracking, Defining the Key HTML Issues
μTorrent exploit, Defending against cross-site request forgery

V

Vagrant environment, Implementing Virtualization
validating data input
- allowing specific input only, Allowing Specific Input Only
- client-side, Relying on client controls, Using Both Client-Side and Server-Side Validation
- important assumptions, Validating the Input
- looking for sneaky inputs, Looking for Sneaky Inputs
- requesting new input, Requesting New Input
- server-side, Using Both Client-Side and Server-Side Validation
value (JSON), Transmitting Data Using JSON
value attribute, Providing Controlled Choices, Providing Controlled Choices
vendor sandboxes, Using Other Vendors’ Sandboxes-Using Other Vendors’ Sandboxes
VeraCode analyzer, Devising Tests for JavaScript Issues
VirtServer (SmartBear), Integrating using API virtualization
virtual environments
- about, Considering Virtual Environments
- application virtualization, Relying on Application Virtualization
- benefits to using, Understanding the Concept of an API Safety Zone
- defining, Defining the Virtual Environment
- ensuring APIs work, Ensuring Your API Works
- implementing, Implementing Virtualization
- integration testing and, Virtualizing integration testing
- rapid development and, Enabling Rapid Development
- sandboxing versus, Enabling Rapid Development, Differentiating Virtual Environments and Sandboxing
- testing APIs with, Keeping the API Safe from Hackers
VMs (virtual machines)
- role of, Considering the Role of the Virtual Machine
- test systems and, Using Virtual Machines
VMWare , Using Virtual Machines
Vmyths site, Checking Security Sites
Vow.js framework, Devising Tests for JavaScript Issues
VPNs (virtual private networks), Dealing with File Sharing Issues, Configuring a Remote Access Zone

W

W3C (World Wide Web Consortium)
- CSS Validation Service, Devising Tests for CSS Issues
- HTML Validation Service, Defining the Accessibility Issues
- Markup Validation Service, Devising Tests for HTML Issues
- web development standards, Devising Password Alternatives
W3Schools.com, Verifying Code Compatibility Issues
Web Application Security Consortium, Defining a Need for Web Security Scans
web applications (see application environment)
Web Design Group HTML Validator, Defining the Accessibility Issues
web security scans, Defining a Need for Web Security Scans-Defining a Need for Web Security Scans
WebAIM site, Defining the Accessibility Issues, Defining the Accessibility Issues
WebGoat application, Getting the Required Training
WebInspect tool, Understanding testing limitations
WebLight tool, Devising Tests for HTML Issues
Webmetrics Tool Suite (NIST), Defining the Accessibility Issues
webroot directory, Specifying Web Application Threats
WebSockets (HTML5), Defining the Key HTML Issues
week input type (HTML5), Providing Controlled Choices
WHO (World Health Organization) site, Accessing External Data
WinZIP, Suffering from Shellshock
with statement, Enabling Strict Mode

X

XARA (cross-application resource access), Checking for Cross-Application Hacks
XML.com, Defining the Accessibility Issues
XSRF (cross-site request forgery), Defining the Key JavaScript Issues, Defending against cross-site request forgery
XSS (cross-site scripting), Specifying Web Application Threats, Defining the Key JavaScript Issues, Defining the Security Threats Posed by Libraries, Understanding Cross-Site Scripting

Y

Yahoo!, Suffering from Shellshock

Z

zero-day attacks, Dealing with External Libraries, Ruining Your Good Name with MailPoet, Determining Whether the Threat Is an Emergency

Previous Chapter

17. Getting Required Training

About the Author