The process of testing and fixing a website?

[eluser]boltsabre[/eluser]
And what kind of testing are you looking at doing...

- There is "security" testing which in itself is a huge field (xss, csrf, sql injection, file uploading, just a name a few).
- Then there is data integrity testing (i.e. making sure that what goes into the database and comes back out) is what you expect. Again this is a big process. Involving correct escaping of data, encoding, etc. How does the application handle user input checkboxes... what happens if the user alters the value of it, do you just insert that new value? If you're expecting '1' when it's checked, but the $_POST is changed to '2' or 'hacked', how do you handle this, is it a "isset($_POST['user_checkbox']) INSERT/UPDATE with $POST or does it default to 1 is the $_POST is set, or throw a validation error?
- How much ajax on forms is there involving data? (often these ajax scripts get overlooked for proper escaping of data)
- Unit testing.
- Class testing
- http request testing (does it throw a proper http 404 if the page is not found, or if "shopping_cart_item_id" does not actually exist in the database, etc).