Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What should I check before I release a web application?

Tags:

debugging

testing

I am nearly finished a web application. I need to test it and find the security issues before it release. Is there any methods / guideline to do this kind of testing? Or is there any tools to help me check my application is ready to go online? Thank you.  

like image 758
Tattat Avatar asked Jun 25 '10 01:06

Tattat

2 Answers

I would say:

  1. check that there are no warnings or errors even in strict mode (error report).
  2. In case you store any sensitive data (as passwords, credit cards, etc.) be sure they are encrypted with non-standard algorithms. Use SSL and try to be somehow paranoid with it.
  3. Set your database with specific accesses by action and hosts, and do not use root account.
  4. Perform exhaustive testing (use unit test when possible). Involve as many people you can.
  5. Test it under the main browsers (Firefox, Chrome, Opera, Safari, IE) and if have time in others.
  6. Validate all your HTML/CSS against standards (W3C). (recommendable)
  7. Depends on the platform you are using, there are profilers which can help you identify bottlenecks in your code. (can be done in later stages).
  8. Tune settings for your web server / script language.
  9. Be sure it is search-engine friendly.
  10. Pray once is online :)

This is not a complete list as it depends in:

  • which language/platform/web server you are using.
  • what kind of application you developed (social, financial, management, etc.)
  • who will use that application (the entirely world, an specific company, your family or just you).
  • are you going to sell it? then you must have at least most of the previous points.
  • is your application using very sensitive information (as credit cards)? if so, you should pay for some professional (company?) to check your code, settings and methods.

This is just my opinion, take it as it is. I would also like to hear what other people suggests.

Good Luck

like image 134
lepe Avatar answered Oct 10 '22 10:10

lepe

As well as what's already been suggested, depending on what type of application it is, you can use a vulnerability scanner to scan your application for any vulnerabilities that could lead to hackers gaining entry.

There are quite a few good scanners out there, but note when using them that the results may or may not be 100%. It's hard to say.

For a list of scanners, commercial and free, see: http://projects.webappsec.org/Web-Application-Security-Scanner-List

For more information on scanners: http://en.wikipedia.org/wiki/Web_Application_Security_Scanner

Good luck.

like image 20
Jason Lewis Avatar answered Oct 10 '22 10:10

Jason Lewis
Sign in to Comment

Related questions

Find element with Enzyme in nested React component
Automated Testing with Databases
How does Clojure spec differ from property-based testing libraries, such as Haskell QuickCheck?
PHPUnit: local VS global install
How to set visibility of the textview using android espresso test
Does androidTest support flavors and build type variants?
How can I set the ng test code-coverage directory?
Options or setting up a test environment in Azure
Cypress: how to run code once before all tests on tests start
Is there a way to bail the suite if a certain test fails?
Testing Undefined Behavior
Test that an AWS EventBridge (or CloudWatch) Event Was Fired
Run only tests which depend on the change
In which cases do you test against an In-Memory Database instead of a Development Database?
What Unit Test would you start with?
Should I write rails tests with the def or test keyword?
How much do I need to test Moose- and MooseX::FollowPBP-generated methods?
Does anyone know what causes this error? VC++ with VisualAssert
What is the way to go to fake my database layer in a unit test?
After a junit test case ran, should I delete the test data related with this test case?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!