According to the seventh edition of the World Quality Report, co-sponsored by Capgemini, Sogeti, and HP based on a global market research study conducted with 1,560 senior IT executives and testing leaders from 32 countries:
- Continuous and automated security testing will be a key strategy
- Agile and DevOps will take a front seat in testing
- Predictive Analysis will be a major enabler to ensure on-time and efficient application delivery
Customer and business assurance will be the focus area
Functional Security Tests.
These are essentially the same as automated acceptance tests, but targeted at verifying that security features such as
authentication and logout, work as expected. They can mostly be automated using existing acceptance testing browser automation tools like Selenium/WebDriver.
Specific non-functional tests against known weaknesses.
Includes testing known weaknesses and mis-configurations
SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is notstrongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.