1 check for sql injection attacks
2 secure pages should use https protocol
3 page crash should not reveal application or server info . Error page should be displayed for this.
4 escape special characters in input
5 error messages should not reveal any sensitive information
6 all credentials should be transferred over an encrypted channel
7 test password security and password policy enforcement
8 check application logout functionality
9 check for brute force attacks
10 cookie information should be stored in encrypted format only
11 check session cookie duration and session termination after timeout or logout
12 session tokens should be transmitted over secured channel
13 password should not be stored in cookies
14 test for denial of service attacks
15 test for memory leakage
16 test unauthorized application access by manipulating variable values in browser address bar
17 test file extension handing so that exe files are not uploaded and executed on server
18 sensitive fields like passwords and credit card information should not have auto complete enabled
19 file upload functionality should use file type restrictions and also anti-virus for scanning uploaded files
20 check if directory listing is prohibited
21 password and other sensitive fields should be masked while typing
22 check if forgot password functionality is secured with features like temporary password expiry after specified hours and security question is asked before changing or requesting new password
23 verify CAPTCHA functionality
24 check if important events are logged in log files
25 check if access privileges are implemented correctly

Security Testing Test Scenarios的更多相关文章

  1. Penetration Testing、Security Testing、Automation Testing

    相关学习资料 http://www.cnblogs.com/LittleHann/p/3823513.html http://www.cnblogs.com/LittleHann/p/3828927. ...

  2. IOS Application Security Testing Cheat Sheet

    IOS Application Security Testing Cheat Sheet    [hide]  1 DRAFT CHEAT SHEET - WORK IN PROGRESS 2 Int ...

  3. Security Testing Basics

    Security Testing BasicsSoftware security testing is the process of assessing and testing a system to ...

  4. Performance testing test scenarios

    1 check if page load time is within acceptable range2 check page load on slow connections 3 check re ...

  5. Database testing test scenarios

    1 check if correct data is getting saved is database upon successful page submit2 check values for c ...

  6. Testing with a mocking framework (EF6 onwards)

    When writing tests for your application it is often desirable to avoid hitting the database.  Entity ...

  7. [译]36 Days of Web Testing(二)

    Day 7: Http 和 Https Why? 当在网络上传输一些私人,敏感信息时,应该采用加密的手段来保证这些信息在传输的过程中不被侦测到.Https协议正是这种实现机制. Https是一种广泛使 ...

  8. 14 Live CDs for Penetration Testing (Pen Test) and Forensic

    http://www.ivizsecurity.com/blog/penetration-testing/live-cd-penetration-testing-pen/ Yesterday I wa ...

  9. Testing - 软件测试知识梳理 - 相关词汇

    测试策略 描述测试工程的总体方法和目标:根据测试需求,描述在什么测试阶,依据什么测试要素和目标,进行什么种类的测试,使用什么样的测试方法和工具. 测试策略的制定主要包含如下内容: 确定测试过程要使用的 ...

随机推荐

  1. Shell脚本开发过程中遇到的问题处理

    1. 执行shell脚本报  Unsupported major.minor version 52.0 报错原因:java文件jdk和服务器上的jdk不匹配, 解决方法: a.查看当前服务器用的jdk ...

  2. leetcode 206. Reverse Linked List(剑指offer16)、

    206. Reverse Linked List 之前在牛客上的写法: 错误代码: class Solution { public: ListNode* ReverseList(ListNode* p ...

  3. yum问题解决

    错误信息1:There was a problem importing one of the Python modulesrequired to run yum. The error leading ...

  4. Android学习之基础知识六—Android四种布局详解

    一.Android基本布局 布局是一种可以放置多个控件的容器,它可以按照一定规律调整内部控件的位置,而且布局内部除了可以放置控件外,还可以放置布局,实现多层布局嵌套.布局和控件.布局和布局之间的关系如 ...

  5. Luogu3763 TJOI2017 DNA NTT/SA

    传送门 两种做法: ①SA 将两个串拼在一次建立后缀数组,把\(height\)数组求出来,然后对于\(S\)中每一个长度为\(T\)的串和\(T\)暴力匹配,每一次找到最长的\(LCP\)匹配,如果 ...

  6. 一个比较变态的js传值,Query的bind、ajax闭包、上下文传值

    var getIDNameList = function (list, selected, text, btn, actionUrl, defaultKey, deleteKey, keyName, ...

  7. MySQL数据库对象-索引

    1. 概述2. 索引分类2.1 不同索引的概念2.1.1 普通索引2.1.2 唯一索引2.1.3 全文索引2.1.4 多列索引3. 索引操作3.1 普通索引3.1.1 创建表时创建普通索引3.1.2 ...

  8. Helper

    //检测端口是否使用 public static bool VerifyListenerPort(int port) { bool inUse = false; System.Net.NetworkI ...

  9. RetrieveFavicon 获取任何站点的 favicon

    原文发表于我的技术博客 开源了一个获取任何站点 favicon 的类库,供使用. 原文发表于我的技术博客 RetrieveFavicon Project GitHub Retrieve favicon ...

  10. 数据处理项目Postmortem

    数据处理项目Postmortem 1. 设想和目标 1)目标我们的软件要解决什么问题?是否定义得很清楚?是否对典型用户和典型场景有清晰的描述? 我们的项目是学霸系统PipeLine,软件主要解决学霸系 ...