Combining Reusable Test Cases and Continuous Security Testing for Reducing Web Apps Security Risks

In network communication age, information technology is being at the continuous and rapid evolution process. Network access equipment, information system and Web Apps must rapidly and continuously update to meet the user interested requirements. Major challenge of Web Apps frequent changes is the security of user personal data and transactions information. Vulnerability scanning and penetration testing are the routine methods to improve the security of Web App. However, these two ways not only timeconsuming, but also require too many resources. For coping the continuous changes, in the limited resources, security testing not only need to be timely completed, but also should concern testing quality. Otherwise, every change maintenance cannot avoid to cause the security risk of new version App. Based on reusable test cases, this paper proposes the continuous security testing procedure (CSTP), using test cases reusability to increase security test efficiency. In Web Apps maintenance process of limited resources, CSTP can timely handle security testing and quickly identify Web Apps vulnerabilities and defects. Assisting Apps maintainer effectively repair security defects and concretely improve the security of user personal data and transaction information.