This testing is performed after the web application is developed. The overall process of security testing is usually monitored by a formal report which consists of risks and vulnerabilities. In this article, we will lay on major key aspects that help to overcome from these security shortcomings.
• Understand and identify the security needs of an application • Collect all the information regarding setup that is used for developing the web app and network, such as technology, hardware, etc. • Determine the possible risks and vulnerabilities and make a list • Make a threat profile based on the list • Prepare a test plan according to the identified possible risks and vulnerabilities • Prepare a Traceability Matrix for each risk and vulnerability