DRAFT CHEAT SHEET - WORK IN PROGRESS

This page intends to provide quick basic security tips for quality assurance specialists. The goal of the cheat sheet is to act as a starting point for a comprehensive QA Test Plan for security of web applications.

Testing Tools

• WebScarab

Each major security surface in a web application has a known set of vulnerabilities that can be tested for using a set of test cases.

Authentication and Authorization

Session management

Compliance

PCI

HIPPA

Handling data

PHP

Microsoft

Ruby on Rails

Adobe

Java

JavaScript Frameworks

Configuration

Cross Site Request Forgery

Authors and Primary Editors