A case study on web application security testing with tools and manual testing

Web application security has become a big issue because of common vulnerabilities found in web applications. This paper illustrates a case study on conducting security testing on an example application, Tunestore. The example application was tested using a number of tools such as Paros, WebScarab, JBroFuzz, Acunetix, and Fortify. Manual testing was also conducted. The testing results of different tools and manual testing are compared and discussed. Our case study shows manual testing is very important since some vulnerability types can only be found through manual testing and tester´s observations, and it is important to utilize a variety of tools as well as conduct careful manual testing in order to find the most number of vulnerabilities in a web application. Based on this case study, hands-on labs can be developed for teaching web security, software security testing, and other topics.