It also depends on the kind of application/environment you have.. Security testing performed on internet banking will be very much different than the client-server applications being run in the secured corporate environment.. Give us more detail on what you need and may be some one can help here..
[ QUOTE ]
It is a complete business solution and I would like to give the assurance about the security of the system because it will run in internet.
[/ QUOTE ]
Ramjith........I was quite pleased to know that you want to go that extra mile to provide you client with a secure application.
Now coming down to your application. Tell have you client given you security requirements? If so what are the Security parameters he has specified in the requirements?
If I am guessing right you might not have any security requirements which usually is the case [img]/images/graemlins/frown.gif[/img] . In that case you have to gear your security testing according to the technology, the intended audience (user), and the type of project....
As I told you much of your Pen testing methods would depend upon the technology and the Audience (intended users) of the application as well as the type of application.
You should be very familiar to the application. Try and find the most exposed functionalities of the application....also please keep it in mind that you need to get clearance from your project Manager before beginning with pen testing.
I assume that you don't have any experience in security testing......If that is the case start from the basics....
This is the best resource in the net to learn security testing. you will also find very ways listed here to carry out security testing...
GO through this site then if you need any help feel free to contact me.