In-built vulnerabilities weaken the security of applications. Since a majority of these vulnerabilities are found in the application layer, there is an increased weight on application security testing. Security testing is now being rapidly integrated with mainstream quality assurance (QA) activities.
The core factors of security testing is to check an applications ability:
Tolerate attacks that cannot be resisted.
Recover within a specified time, with minimum damage.
Generate a trail to identify the source and path of attacks.