Monday, January 15, 2018

Security Testing Test Scenarios - By Naveen AutomationLabs

Security Testing Test Scenarios - By Naveen AutomationLabs



1. Check for SQL injection attacks

2. Secure pages should use HTTPS protocol

3. Page crash should not reveal application or server info. Error page should be displayed for this

4. Escape special characters in input

5. Error messages should not reveal any sensitive information

6. All credentials should be transferred over an encrypted channel

7. Test password security and password policy enforcement

8. Check application logout functionality

9. Check for Brute Force Attacks

10. Cookie information should be stored in encrypted format only

11. Check session cookie duration and session termination after timeout or logout

11. Session tokens should be transmitted over secured channel

13. Password should not be stored in cookies

14. Test for Denial of Service attacks

15. Test for memory leakage

16. Test unauthorised application access by manipulating variable values in browser address bar

17. Test file extension handing so that exe files are not uploaded and executed on server

18. Sensitive fields like passwords and credit card information should not have auto complete 
enabled

19. File upload functionality should use file type restrictions and also anti-virus for scanning uploaded files

20. Check if directory listing is prohibited

21. Password and other sensitive fields should be masked while typing

22. Check if forgot password functionality is secured with features like temporary password expiry after specified hours and security question is asked before changing or requesting new password

23. Verify CAPTCHA functionality

24. Check if important events are logged in log files

25. Check if access privileges are implemented correctly



~~~Subscribe to this channel, and press bell icon to get some interesting videos on Selenium and Automation:

Follow me on my Facebook Page:

Let's join our Automation community for some amazing knowledge sharing and group discussion:

5 comments:

  1. Wonderful post Naveen.could you please create one for performance testing/Accessibility testing as well..

    ReplyDelete
  2. It's interesting that many of the bloggers to helped clarify a few things for me as well as giving.Most of ideas can be nice content.The people to give them a good shake to get your point and across the command.


    software testing training in chennai

    ReplyDelete
  3. Can you please provide video link of demo

    ReplyDelete
  4. enterprise security audit This is a smart blog. I mean it. You have so much knowledge about this issue, and so much passion. You also know how to make people rally behind it, obviously from the responses.

    ReplyDelete

Featured Post

Advanced Selenium Webdriver Interview Questions and Answers in Java

Advanced Selenium Webdriver Interview Questions and Answers in Java Selenium WebDriver - QA Here is the list of Selenium Inte...