1 check for sql injection attacks
2 secure pages should use https protocol
3 page crash should not reveal application or server info . Error page should be displayed for this.
4 escape special characters in input
5 error messages should not reveal any sensitive information
6 all credentials should be transferred over an encrypted channel
7 test password security and password policy enforcement
8 check application logout functionality
9 check for brute force attacks
10 cookie information should be stored in encrypted format only
11 check session cookie duration and session termination after timeout or logout
12 session tokens should be transmitted over secured channel
13 password should not be stored in cookies
14 test for denial of service attacks
15 test for memory leakage
16 test unauthorized application access by manipulating variable values in browser address bar
17 test file extension handing so that exe files are not uploaded and executed on server
18 sensitive fields like passwords and credit card information should not have auto complete enabled
19 file upload functionality should use file type restrictions and also anti-virus for scanning uploaded files
20 check if directory listing is prohibited
21 password and other sensitive fields should be masked while typing
22 check if forgot password functionality is secured with features like temporary password expiry after specified hours and security question is asked before changing or requesting new password
23 verify CAPTCHA functionality
24 check if important events are logged in log files
25 check if access privileges are implemented correctly

Security Testing Test Scenarios的更多相关文章

  1. Penetration Testing、Security Testing、Automation Testing

    相关学习资料 http://www.cnblogs.com/LittleHann/p/3823513.html http://www.cnblogs.com/LittleHann/p/3828927. ...

  2. IOS Application Security Testing Cheat Sheet

    IOS Application Security Testing Cheat Sheet    [hide]  1 DRAFT CHEAT SHEET - WORK IN PROGRESS 2 Int ...

  3. Security Testing Basics

    Security Testing BasicsSoftware security testing is the process of assessing and testing a system to ...

  4. Performance testing test scenarios

    1 check if page load time is within acceptable range2 check page load on slow connections 3 check re ...

  5. Database testing test scenarios

    1 check if correct data is getting saved is database upon successful page submit2 check values for c ...

  6. Testing with a mocking framework (EF6 onwards)

    When writing tests for your application it is often desirable to avoid hitting the database.  Entity ...

  7. [译]36 Days of Web Testing(二)

    Day 7: Http 和 Https Why? 当在网络上传输一些私人,敏感信息时,应该采用加密的手段来保证这些信息在传输的过程中不被侦测到.Https协议正是这种实现机制. Https是一种广泛使 ...

  8. 14 Live CDs for Penetration Testing (Pen Test) and Forensic

    http://www.ivizsecurity.com/blog/penetration-testing/live-cd-penetration-testing-pen/ Yesterday I wa ...

  9. Testing - 软件测试知识梳理 - 相关词汇

    测试策略 描述测试工程的总体方法和目标:根据测试需求,描述在什么测试阶,依据什么测试要素和目标,进行什么种类的测试,使用什么样的测试方法和工具. 测试策略的制定主要包含如下内容: 确定测试过程要使用的 ...

随机推荐

  1. maven项目红叉问题

    maven项目红叉问题,有的时候是因为代码报错,有的时候是因为JDK的缘故,比如新建Maven项目,默认JDK为5,这时你在pom.xml配置了JDK为8.这时项目就报错了,就需要你update pr ...

  2. shell编程之循环

    一.for循环 for循环是Shelll中最常见的循环结构,根据书写习惯又分为列表for循环.不带列表的for循环以及类C的for循环.for循环是一种运行前的测试语句,也就是在运行任何循环体之前先要 ...

  3. csvwrite

    https://ww2.mathworks.cn/help/matlab/ref/csvwrite.html

  4. AI 前馈神经网络

    前馈神经网络(Feedforward Neural Network,简称FNN),也叫多层感知机(Multilayer Perceptron,简称MLP).FNN的目标是通过学习参数θ,得到最佳的函数 ...

  5. 授人以鱼不如授人以渔——和女儿学一起学成语

    女儿二年级了,前段时间背了<小学生必背古诗词75首>,采用几天一篇,然后滚动复习这种方式.磕磕绊绊也把一本古诗背了一遍,效果吗?是有的,但是不怎么明显,前面背,后面忘.当然这是规律,难免的 ...

  6. 车轮升级PHP7踩过的一些坑

    社区php7升级记录 社区服务器已经全部完成升级,这里记录一下社区升级php7所遇到的问题,可以分为四个类型 扩展支持的变化,导致需要修改配置甚至调整替换操作的类库 php7语法检查比之前变得严格,部 ...

  7. 人生苦短之HTTP协议及Requests库的方法

    requests库的主要方法:requests.request()构造一个请求    requests.get()获取HTML网页的主要方法,对应于HTTP的GET    requests.head( ...

  8. php计算utf8字符串长度

    strlen()函数计算中文字符不太友好.扩展的mb_strlen()函数可以补充这个.如果没有这个扩展,也可以利用正则匹配分解. 函数如下: // 对utf-8字符的长度 function utf8 ...

  9. ASP.NET的生命周期

    我主要参考了这些文章 ASP.NET应用程序与页面生命周期, IIS处理Asp.net请求和 Asp.net页面生命周期 asp.net页面的生命周期 页面生命周期开始 (一)页面生命周期的主要阶段包 ...

  10. Bootstrap上传图片

    BootStrap上传需要用到Bootstrap-fileinput插件,有需要的可联系 先来看看bootstrap上传的界面 前台界面代码 <%@ page language="ja ...