Web application security testing is a broad process that includes a multitude of processes that enable security testing of a Web application. It is a systematic process that starts from identifying and scoping the entire application, followed by planning multiple tests.
Typically, Web application security testing is performed after the Web application is developed. The Web application undergoes a rigorous testing process that includes a series of fabricated malicious attacks to see how well the Web application performs/responds. The overall security testing process is generally followed by a format report that includes the identified vulnerabilities, possible threats and recommendations for overcoming the security shortfalls.
Some of the processes within the testing process include
Your goals are specific places where you want to end up. One of your goals might be to improve the security of your web applications so the business stops getting negative audit and compliance reports, or for some to stop having malicious intrusions and hack attacks.
Your objectives are sub-goals that you must meet in order to achieve your longer-term goals. One of your objectives might to be to establish a periodic web application security testing plan for the next year, for example every month or every quarter or any time code changes are made to your business web applications.