This is undoubtedly the most important chapter of the book. As developers, we all try our best to write beautiful, usable, and secure code. We have all experienced the thrill of a great idea and the rush to see it working. We also have crazy schedules and deadlines. So bugs happen and testing for bugs is a natural part of any coding lifecycle.
Most of the test cases today focus on usability, functionality, and stress testing. In most cases, test engineers are at a loss when it comes to testing for security. When compliance and security is overlooked, sometimes the application needs to be redesigned or implemented again. Take the case of creating a message digest for integrity purposes. A developer may decide to go with SHA-1 that creates a digest of 160 bits. On the server side, the database is designed to accommodate 160 bit data. A non-ethical hacker breaks into the application. When the security review is performed, it is decided that SHA-1 was not strong...