1 check for sql injection attacks
2 secure pages should use https protocol
3 page crash should not reveal application or server info . Error page should be displayed for this.
4 escape special characters in input
5 error messages should not reveal any sensitive information
6 all credentials should be transferred over an encrypted channel
7 test password security and password policy enforcement
8 check application logout functionality
9 check for brute force attacks
10 cookie information should be stored in encrypted format only
11 check session cookie duration and session termination after timeout or logout
12 session tokens should be transmitted over secured channel
13 password should not be stored in cookies
14 test for denial of service attacks
15 test for memory leakage
16 test unauthorized application access by manipulating variable values in browser address bar
17 test file extension handing so that exe files are not uploaded and executed on server
18 sensitive fields like passwords and credit card information should not have auto complete enabled
19 file upload functionality should use file type restrictions and also anti-virus for scanning uploaded files
20 check if directory listing is prohibited
21 password and other sensitive fields should be masked while typing
22 check if forgot password functionality is secured with features like temporary password expiry after specified hours and security question is asked before changing or requesting new password
23 verify CAPTCHA functionality
24 check if important events are logged in log files
25 check if access privileges are implemented correctly

Security Testing Test Scenarios的更多相关文章

  1. Penetration Testing、Security Testing、Automation Testing

    相关学习资料 http://www.cnblogs.com/LittleHann/p/3823513.html http://www.cnblogs.com/LittleHann/p/3828927. ...

  2. IOS Application Security Testing Cheat Sheet

    IOS Application Security Testing Cheat Sheet    [hide]  1 DRAFT CHEAT SHEET - WORK IN PROGRESS 2 Int ...

  3. Security Testing Basics

    Security Testing BasicsSoftware security testing is the process of assessing and testing a system to ...

  4. Performance testing test scenarios

    1 check if page load time is within acceptable range2 check page load on slow connections 3 check re ...

  5. Database testing test scenarios

    1 check if correct data is getting saved is database upon successful page submit2 check values for c ...

  6. Testing with a mocking framework (EF6 onwards)

    When writing tests for your application it is often desirable to avoid hitting the database.  Entity ...

  7. [译]36 Days of Web Testing(二)

    Day 7: Http 和 Https Why? 当在网络上传输一些私人,敏感信息时,应该采用加密的手段来保证这些信息在传输的过程中不被侦测到.Https协议正是这种实现机制. Https是一种广泛使 ...

  8. 14 Live CDs for Penetration Testing (Pen Test) and Forensic

    http://www.ivizsecurity.com/blog/penetration-testing/live-cd-penetration-testing-pen/ Yesterday I wa ...

  9. Testing - 软件测试知识梳理 - 相关词汇

    测试策略 描述测试工程的总体方法和目标:根据测试需求,描述在什么测试阶,依据什么测试要素和目标,进行什么种类的测试,使用什么样的测试方法和工具. 测试策略的制定主要包含如下内容: 确定测试过程要使用的 ...

随机推荐

  1. 源代码管理工具(下)-SVN目录结构

    内容中包含 base64string 图片造成字符过多,拒绝显示

  2. React-使用imutable.js来管理store中的数据

    reducer.js中store的数据是不能改变的,用原始的方法要手动的保证store不被修改,存在风险.imutable.js可以生成一个不可改变的对象,可以避免掉自己不小心修改掉store的情况. ...

  3. JavaScript 格式化数字 - 转

    function number_format(number, decimals, dec_point, thousands_sep,roundtag) { /* * 参数说明: * number:要格 ...

  4. How to Enable TLS 1.2 on Windows Server 2008 R2 and IIS 7.5

    Nowadays there is an SSL vulnerability called POODLE discovered by Google team in SSLv3 protocol. So ...

  5. 随机森林和GBDT的几个核心问题

    随机森林random forest的pro和con是什么?优势是accuracy高,但缺点是速度会降低,并且解释性interpretability会差很多,也会有overfitting的现象. 为什么 ...

  6. BGFX 渲染引擎中着色器代码的调试方法

    在实时渲染的图形开发中,着色器代码(Shader)越来越复杂,于是单纯的靠经验和不断试错的开发和调试方法早已不能满足实际需求.使用调试工具进行调试,成为开发中重要的方法.Bgfx 是一款跨平台.抽象封 ...

  7. [朴智妍][Lullaby]

    歌词来源:http://music.163.com/#/song?id=484056971 作曲 : Bum/Sophiya/김용신 [作曲 : Bum/Sophiya/k/gi-myong-xin] ...

  8. 分布式监控系统Zabbix-完整安装记录 -添加端口监控

    对于进程和端口的监控,可以使用zabbix自带的key进行监控,只需要在server端维护就可以了,相比于nagios使用插件去监控的方式更为简单.下面简单介绍配置:监控端口zabbix监控端口使用如 ...

  9. 分布式监控系统Zabbix-3.0.3-新版微信报警(企业微信取代企业号)

    一般来说,Zabbix可以通过多种方式把告警信息发送到指定人,常用的有邮件,短信报警方式,但是现在越来越多的企业开始使用zabbix结合微信作为主要的告警方式,这样可以及时有效的把告警信息推送到接收人 ...

  10. PHP从入门到精通(四)

    PHP数组中的常用函数汇总 为了更直观的讲解各函数的作用和用法,方便大家的理解,首先,我们来定义一个数组.下面各函数的操作将以本数组为例: $arr = array(1,2,3,4,5,6," ...