We are introducing new security system checks on the website to
get rid from the hackers.
1) Security Testing:
Following are some test cases for web security testing:
- Test
by pasting internal url directly into browser address bar without login.
Internal pages should not open.
- If
you are logged in using username and password and browsing internal pages
then try changing url options directly. I.e. If you are checking some
publisher site statistics with publisher site ID= 123. Try directly
changing the url site ID parameter to different site ID which is not
related to logged in user. Access should denied for this user to view
others stats.
- Try
some invalid inputs in input fields like login username, password, and
input text boxes. Check the system reaction on all invalid inputs.
- Test
the CAPTCHA for automates scripts logins.
- Test
if SSL is used for security measures. If used proper message should get
displayed when user switch from non-secure http:// pages to secure
https:// pages and vice versa.
2) Cookies Testing:
Cookies are small files stored on user machine. These are basically used to maintain the session mainly login sessions. Test the application by enabling or disabling the cookies in your browser options. Test if the cookies are encrypted before writing to user machine. If you are testing the session cookies (i.e. cookies expire after the session’s ends) check for login sessions and user stats after session end. Check effect on application security by deleting the cookies.
Cookies are small files stored on user machine. These are basically used to maintain the session mainly login sessions. Test the application by enabling or disabling the cookies in your browser options. Test if the cookies are encrypted before writing to user machine. If you are testing the session cookies (i.e. cookies expire after the session’s ends) check for login sessions and user stats after session end. Check effect on application security by deleting the cookies.
No comments:
Post a Comment