... good measure of web application security testing! You see, many “tests” devised by security experts for web app testing are not carriedout with any testing rigor. It turns out that testing is its ... don’t live on the Web. That’s why I think of myself as asoftware security person and not a Web application security person.In any case, Web application security and software security do share ... re-gression testing, coverage, and unit testing built right in. In my experience, testing people are much better at testing than security people are. Used properly, this bookcan transform security...