Websites, and the delivery of services from those sites, are particularly complex. Typically, services are delivered to the end user using a multi-tiered architecture with web servers that are accessible to the public internet, while communicating with backend servers and databases located on the network.
The complexity is increased by several additional factors that must be taken into account during testing, which include the following:
- Network architecture, including security controls (firewalls, IDS/IPS, and honeypots), and configurations such as load balancing
- Platform architecture (hardware, operating system, and additional applications) of systems that host web services
- Applications, middleware, and final-tier databases, which may employ different platforms (Unix or Windows), vendors, programming languages, and a mix of commercial...
