1 check for sql injection attacks
2 secure pages should use https protocol
3 page crash should not reveal application or server info . Error page should be displayed for this.
4 escape special characters in input
5 error messages should not reveal any sensitive information
6 all credentials should be transferred over an encrypted channel
7 test password security and password policy enforcement
8 check application logout functionality
9 check for brute force attacks
10 cookie information should be stored in encrypted format only
11 check session cookie duration and session termination after timeout or logout
12 session tokens should be transmitted over secured channel
13 password should not be stored in cookies
14 test for denial of service attacks
15 test for memory leakage
16 test unauthorized application access by manipulating variable values in browser address bar
17 test file extension handing so that exe files are not uploaded and executed on server
18 sensitive fields like passwords and credit card information should not have auto complete enabled
19 file upload functionality should use file type restrictions and also anti-virus for scanning uploaded files
20 check if directory listing is prohibited
21 password and other sensitive fields should be masked while typing
22 check if forgot password functionality is secured with features like temporary password expiry after specified hours and security question is asked before changing or requesting new password
23 verify CAPTCHA functionality
24 check if important events are logged in log files
25 check if access privileges are implemented correctly

Security Testing Test Scenarios的更多相关文章

  1. Penetration Testing、Security Testing、Automation Testing

    相关学习资料 http://www.cnblogs.com/LittleHann/p/3823513.html http://www.cnblogs.com/LittleHann/p/3828927. ...

  2. IOS Application Security Testing Cheat Sheet

    IOS Application Security Testing Cheat Sheet    [hide]  1 DRAFT CHEAT SHEET - WORK IN PROGRESS 2 Int ...

  3. Security Testing Basics

    Security Testing BasicsSoftware security testing is the process of assessing and testing a system to ...

  4. Performance testing test scenarios

    1 check if page load time is within acceptable range2 check page load on slow connections 3 check re ...

  5. Database testing test scenarios

    1 check if correct data is getting saved is database upon successful page submit2 check values for c ...

  6. Testing with a mocking framework (EF6 onwards)

    When writing tests for your application it is often desirable to avoid hitting the database.  Entity ...

  7. [译]36 Days of Web Testing(二)

    Day 7: Http 和 Https Why? 当在网络上传输一些私人,敏感信息时,应该采用加密的手段来保证这些信息在传输的过程中不被侦测到.Https协议正是这种实现机制. Https是一种广泛使 ...

  8. 14 Live CDs for Penetration Testing (Pen Test) and Forensic

    http://www.ivizsecurity.com/blog/penetration-testing/live-cd-penetration-testing-pen/ Yesterday I wa ...

  9. Testing - 软件测试知识梳理 - 相关词汇

    测试策略 描述测试工程的总体方法和目标:根据测试需求,描述在什么测试阶,依据什么测试要素和目标,进行什么种类的测试,使用什么样的测试方法和工具. 测试策略的制定主要包含如下内容: 确定测试过程要使用的 ...

随机推荐

  1. sed插入,替换指定行的特定字符串,删除指定行首的#

    sed -i '$a service snmpd start' /etc/rc.local sed -i "41s:public:mykey:g" /etc/snmp/snmpd. ...

  2. [转]Win7 + Ubuntu 18.04 LTS (Bionic Beaver)双系统安装方法

    这里介绍在win7的基础上,安装ubuntu 18.04 LTS,实现双系统启动. 首先,假设你已安装了windows 7系统. 一. 制作ubuntu U盘启动盘. 方法见http://blog.p ...

  3. Mac下安装Mongodb

    Mac下安装Mongodb 一: 安装MongoDB: Mac下安装MongoDB有两种方法,第一种是通过源码安装,另一种是使用 homebrew, 下面我使用homebrew来安装,首先我们需要安装 ...

  4. MySQL(七)联结表

    一.联结表基础知识 1.关系表 把信息分解成多个表,一类数据一个表,各表通过某些常用值(即关系设计中的关系(relational))互相关联: 2.外键(foreign key):外键为某个表中的一列 ...

  5. three.js - 添加材质 灯光 阴影

    看下运行效果: 源码解释: <!DOCTYPE html> <html lang="en"> <head> <meta charset=& ...

  6. ESP8266开发综合篇(LUA开发-视频教程总揽)

    为了解决基础教程简单入门但不实用,项目方案非常实用但比较难的问题,开始推出8266开发综合篇 综合篇涉及到AT,LUA,SDK,LUA(sdk)开发,LUA和SDK开发会同步进行,后期再整理AT指令的 ...

  7. Spring Boot 之属性读写详解

    SpringBoot 之属性读写详解 加载 property 顺序 随机属性 命令行属性 Application 属性文件 Profile 特定属性 属性中的占位符 YAML 属性 访问属性 多 pr ...

  8. 数列分块入门九题(二):LOJ6280~6282

    Preface 个人感觉这中间的三题是最水的没有之一 数列分块入门 4--区间加法,区间求和 这个也是很多数据结构完爆的题目线段树入门题,但是练分块我们就要写吗 修改还是与之前类似,只不过我们要维护每 ...

  9. python中和生成器协程相关的yield from之最详最强解释,一看就懂(四)

    如果认真读过上文的朋友,应该已经明白了yield from实现的底层generator到caller的上传数据通道是什么了.本文重点讲yield from所实现的caller到coroutine的向下 ...

  10. [UWP 自定义控件]了解模板化控件(8):ItemsControl

    1. 模仿ItemsControl 顾名思义,ItemsControl是展示一组数据的控件,它是UWP UI系统中最重要的控件之一,和展示单一数据的ContentControl构成了UWP UI的绝大 ...