Security testing is most
essential aspect of software testing. The developed software that is
not able to protect the sensitive data inside it, and is not
able to sustain the data as per the requirement is of no use. Penetration testers use different kind of approaches to evaluate the security of web applications. some testers totally relay on automated tools and some uses manual testing methods.
Automated testing is
where a one piece of software is used to test another piece of
software in compiled or source code form. On the other hand, manual
testing is the process where a person is performing the tests
directly by hand.
There are number of advantages and disadvantages in both approaches. Manual test done by real thinking person and he can made different set of test cases which suite for the application under test. Therefore the quality of the test tends to be better. This approach is not much suitable for the large scale applications
Additionally, manual tests often provide
inconsistent and difficult to verify results.
Automated test are consistent and suit well with larger applications. Those results are easy to reproducible and easy to verify the results. The disadvantage of automated testing practices is that the rate of
false-positives may be high and therefore the outcome of the test may
not be particularly useful.
The best approach is often to combine automated and manual tests. Automated tests are very useful at the initial stages where the requirement is to cover as much area as possible. The results from the test are analyzed and manual investigation is performed in the areas that seem critical. The process can be repeated until a satisfactory level of coverage is reached.