Application security testing - now, more than ever

More than ever before, the requirement for application security testing is assuming significance. This happens particularly in the context of the current breed of applications like social networking sites, blogs, wikis, service oriented architecture, dynamic web content, mobile application stores, etc., that impact the way business is done. While application security testing has now become an integral part of enterprise testing strategy enterprises are still faced with the challenges of implementing security testing efficiently and effectively.

Though security communities like Open Web Application Security Project (OWASP) and SANS have provided plenty of resources in terms of security testing best practices, enterprise application security testing still has a long way to go. Developing a framework to establish and support security testing of ever-changing application landscape,  will provide guidance in creating a sustainable framework to plan and execute a testing strategy for enterprises to support security testing of new and emerging applications.

While the industry is in agreement on the fact that it is impossible to have an all encompassing standard security testing platform, it is imperative that professionals establish a common framework in creating repeatable and reproducible approach/methodology, planning and execution strategy, a basis to calculate metrics and determine impact, which will help increase the effectiveness and efficiency of security testing.