all right. Next. And really the final section off Web application Security is security testing. Like we said, no matter how brilliant you're planning, you need to test for security. Now, we've talked about security testing a couple of other places. We've talked about how important
input validation is and making sure
that your applications
do check for they do validate input if you'll remember that term fuzzing from a while back from one of the earlier chapters, we talked about fuzzing making sure their input. We try that again, making sure that our applications properly validate input here, though just some different types of testing
static applications, security testing fast.
the, uh we're looking at the code. The application is not running. We are examining the code code review doing this early and throughout the life cycle.
Dynamic application security testing is while the APP is running itself right, So we're not just looking at coach. We're looking at the actual testing process, so, you know, knowing the difference there and then there's also a term called rasp.
You know, this just kind of throwing this in. Their many applications have self protective mechanisms
being able to terminate like an intrusion prevention system, being able to terminate an attack
while it's while it's happening. Those would be rasp Service's and really, you know, it's kind of based on knowledge, either based on rules or sometimes artificial intelligence or you know who based learning
but ultimately being able to recognize. Hey, this is an attack. This isn't legitimate. Let's terminate. Let's stop responding. Let's throw an error message or shut down or however we may determine that to work.
All right, so just a couple of little last ideas on application security test.