This is an interesting overview but it explains more the process followed by the author when a worked example might be more helpful to others.
If you found the author's post interesting and would like to see some practical examples of how to test for application security vulnerabilities, then the following will help get you up to speed:
Is there a no-JavaScript version of this? I had to cancel the body {display: none} setting in order to see the site (usability failure), and I cannot imagine why it was necessary they hide the content like that.
Hi iuguy, thanks for your insight. I should have known that OWASP would have more complete documentation on this already. You are absolutely correct in your thoughts that this article was explaining my process (as opposed to THE process). Thanks for the links, I'll be reading them myself
If you found the author's post interesting and would like to see some practical examples of how to test for application security vulnerabilities, then the following will help get you up to speed:
http://www.owasp.org/index.php/Category:OWASP_Testing_Projec...
http://www.owasp.org/index.php/Category:OWASP_Code_Review_Pr...