This article explains about online testing software. To start with, we must clarify what software testing is all about. Programmers create computer software, but it's in our very nature to make mistakes, therefore, regardless of the scope of the project - big or small, the developer must always perform certain test to make sure the software works correctly. Essentially, software testing is a process designed to prove that a given application is bug-free and to establish that the software performs its functions correctly. Of course, the job of the software tester is to discover bugs before a user does, so in that sense, a good tester is the who is successful in crashing a system, or in causing it to perform in some way that is counter to the specification. The mentality of the tester must be a destructive one, which is totally different to the attitude of the programmer who acts as a creator. In this chain of thoughts, it's evident that a tester and a programmer are not the same person and should never be. As in other aspects of live, it's easier for someone standing on the sidelines to spot a problem, rather than the person who has created the given project, whatever it may be. Programming is a constructive activity, and it's almost impossible to suddenly divert this task.With the advent of the Internet, nowadays it's not strange to talk about online software testing. But what do we mean by that? Testing online software mostly emphasizes on making sure that a web-based application doesn't security flaws. Here is how Bear Stearns defined the problem for Internet Security magazine, issue June 2001: "One of the biggest vulnerabilities of a corporation's network is the widespread access to its applications. To date, Internet security solutions have not been designed to handle perhaps the most crucial part of the transaction - that is, the application and its core data. To address the new requirements, we believe firms will need to implement vulnerability assessment programs and application security software. We believe that application security is a critical element in network security."Online software has many forms - an informational website, an e-commerce website, a search engine, a transaction engine, an e-business. Regardless of the exact kind, all these applications are connected to a server. The most alarming fact is that hackers are attacking Web applications inside the corporate firewall, enabling them to access and sabotage corporate and customer data.