What do you think?
Rate this book
How to Break Web Software: Functional and Security Testing of Web Applications and Web Services
Since its early days as an information exchange tool limited to academe, researchers, and the military, the web has grown into a commerce engine that is now omnipresent in all facets of our lifes. More websites are created daily and more applications are developed to allow users to learn, research, and purchase online. As a result, web development is often rushed, which increases the risk of attacks from hackers. Furthermore, the need for secure applications has to be balanced with the need for usability, performance, and reliability. In this book, Whittaker and Andrews demonstrate how rigorous web testing can help prevent and prepare for such attacks. They point out that methodical testing must include identifying threats and attack vectors to establish and then implement the appropriate testing techniques, manual or automated.
336 pages, Kindle Edition
First published February 2, 2006
13 people are currently reading
161 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 10 of 10 reviews
June 2, 2023
Functional testing is an area that I've been deeply involved in throughout my software development journey. As many of you would agree, it's a vital part of ensuring that our applications perform as they are intended to, checking each functionality against specified requirements.
Having done this hands-on, I can testify that it involves detailed, painstaking work. However, the payoff when you catch a potential problem early, before it gets to the users, is definitely worth it.
What's changed the game for me in recent years is automation. Functional test automation can accelerate the process while reducing the risk of human error. It can be a bit daunting to implement, but that's where considering 'test automation as a service' comes in handy.
In this context, I recently discovered Scimus's services (https://thescimus.com/automation-qa-t...), and their approach seems quite comprehensive. They offer a variety of QA testing services, including functional testing and test automation, which seems promising.
What are your experiences with functional testing? How has automation changed your testing processes? Looking forward to your insights!
Having done this hands-on, I can testify that it involves detailed, painstaking work. However, the payoff when you catch a potential problem early, before it gets to the users, is definitely worth it.
What's changed the game for me in recent years is automation. Functional test automation can accelerate the process while reducing the risk of human error. It can be a bit daunting to implement, but that's where considering 'test automation as a service' comes in handy.
In this context, I recently discovered Scimus's services (https://thescimus.com/automation-qa-t...), and their approach seems quite comprehensive. They offer a variety of QA testing services, including functional testing and test automation, which seems promising.
What are your experiences with functional testing? How has automation changed your testing processes? Looking forward to your insights!
March 29, 2025
This almost 20-year-old book describes the then-most common weaknesses of Internet software. Although some of the referenced technologies are outdated, a majority of the principles are still relevant in 2025. SQL injection, cross-site scripting, and the need to sanitize input parameters remain hot issues in web security for developers. Other items bring eye rolls to developers who have been around the bush – Internet Explorer, to name one.
Although this book isn’t going to suddenly hop up the sales charts, it provides a nice set of history to someone who wants to better understand the history of the field. I certainly would have benefitted from reading it when it came out in 2006, but even now, after I’ve spent most of my career developing for the Internet, this book shows me where we’ve been – and perhaps, a bit of where we might go together.
Although this book isn’t going to suddenly hop up the sales charts, it provides a nice set of history to someone who wants to better understand the history of the field. I certainly would have benefitted from reading it when it came out in 2006, but even now, after I’ve spent most of my career developing for the Internet, this book shows me where we’ve been – and perhaps, a bit of where we might go together.
April 8, 2025
As others have pointed out this book is dated but provides a good introduction to some of the common security issues prevalent in the software industry particularly with web applications. Still a good read in 2025 for anyone wanting to brush up their knowledge.
October 24, 2018
Very informative but a bit old.
September 16, 2022
A little dated but still useful
November 7, 2013
Overall a really great book on testing web software. It is simple enough that I was able to learn a lot from it (I have barely done any web programming), but thorough enough that I understand cross-site-scripting (XSS) better than I did from my college security course. I would recommend this book to developers and testers alike.
November 12, 2012
An excellent, practical introduction into the elements of security testing on Web applications. Introduces SQL Injection, cross-site scripting (xss) and recommends tools and techniques to turn you into a junior security analyst.
December 19, 2007
This book comes with a cd that has some testing tools which are very hard to find these days. Highly recommended.
August 24, 2009
Good, but nothing outstanding
April 1, 2014
Good overview for people new to web application security.
Displaying 1 - 10 of 10 reviews