Security Testing Test Scenarios
1 check for sql injection attacks
2 secure pages should use https protocol
3 page crash should not reveal application or server info . Error page should be displayed for this.
4 escape special characters in input
5 error messages should not reveal any sensitive information
6 all credentials should be transferred over an encrypted channel
7 test password security and password policy enforcement
8 check application logout functionality
9 check for brute force attacks
10 cookie information should be stored in encrypted format only
11 check session cookie duration and session termination after timeout or logout
12 session tokens should be transmitted over secured channel
13 password should not be stored in cookies
14 test for denial of service attacks
15 test for memory leakage
16 test unauthorized application access by manipulating variable values in browser address bar
17 test file extension handing so that exe files are not uploaded and executed on server
18 sensitive fields like passwords and credit card information should not have auto complete enabled
19 file upload functionality should use file type restrictions and also anti-virus for scanning uploaded files
20 check if directory listing is prohibited
21 password and other sensitive fields should be masked while typing
22 check if forgot password functionality is secured with features like temporary password expiry after specified hours and security question is asked before changing or requesting new password
23 verify CAPTCHA functionality
24 check if important events are logged in log files
25 check if access privileges are implemented correctly
Security Testing Test Scenarios的更多相关文章
- Penetration Testing、Security Testing、Automation Testing
相关学习资料 http://www.cnblogs.com/LittleHann/p/3823513.html http://www.cnblogs.com/LittleHann/p/3828927. ...
- IOS Application Security Testing Cheat Sheet
IOS Application Security Testing Cheat Sheet [hide] 1 DRAFT CHEAT SHEET - WORK IN PROGRESS 2 Int ...
- Security Testing Basics
Security Testing BasicsSoftware security testing is the process of assessing and testing a system to ...
- Performance testing test scenarios
1 check if page load time is within acceptable range2 check page load on slow connections 3 check re ...
- Database testing test scenarios
1 check if correct data is getting saved is database upon successful page submit2 check values for c ...
- Testing with a mocking framework (EF6 onwards)
When writing tests for your application it is often desirable to avoid hitting the database. Entity ...
- [译]36 Days of Web Testing(二)
Day 7: Http 和 Https Why? 当在网络上传输一些私人,敏感信息时,应该采用加密的手段来保证这些信息在传输的过程中不被侦测到.Https协议正是这种实现机制. Https是一种广泛使 ...
- 14 Live CDs for Penetration Testing (Pen Test) and Forensic
http://www.ivizsecurity.com/blog/penetration-testing/live-cd-penetration-testing-pen/ Yesterday I wa ...
- Testing - 软件测试知识梳理 - 相关词汇
测试策略 描述测试工程的总体方法和目标:根据测试需求,描述在什么测试阶,依据什么测试要素和目标,进行什么种类的测试,使用什么样的测试方法和工具. 测试策略的制定主要包含如下内容: 确定测试过程要使用的 ...
随机推荐
- mysql对String类型的数字值排序
一.需求:根据月份分组,然后再根据月份排序 效果图 sql如下: SELECT ) number, date_format(created_at,'%c') date FROM ********* W ...
- MP实战系列(五)之封装方法讲解
mybatis plus封装的方法怎么用?以及它们对应的sql是那些sql?及其什么情况用? 这些需要说下,以下我将会将我常用的说下,不是常用的,可能提以下或者不提. 根据主键查询 UserEntit ...
- 你所不了解的javascript操作DOM的细节知识点(一)
你所不了解的javascript操作DOM的细节知识点(一) 一:Node类型 DOM1级定义了一个Node接口,该接口是由DOM中的所有节点类型实现.每个节点都有一个nodeType属性,用于表明节 ...
- Echo团队Alpha冲刺随笔 - 第二天
项目冲刺情况 进展 项目各端都已经开始正式动工,完成了框架的搭建及小部分代码的编写 问题 对于框架使用不够熟练 心得 撸起袖子加油干! 今日会议内容 黄少勇 今日进展 实现账号绑定和首页公告信息及使用 ...
- Android学习之基础知识一
一.Android的系统架构: 1.Linux内核层:提供Android硬件的各种驱动(显示驱动,音频驱动,蓝牙驱动,WiFi驱动等等) 2.系统运行库层:提供各种特性支持(数据库支持,绘图支持,浏览 ...
- 一、java虚拟机内存区域
内存区域 java虚拟机在java程序的过程中会把它所管理的内存划分为若干个不同的数据区域.java虚拟机规范将JVM管理的内存分为:程序计数器.本地方法栈.Java虚拟机栈.方法区.Java堆.如下 ...
- python伪代码之爬取完美志愿全国历年文理分数线运行代码持续更新
最近好多小伙伴说想搞个项目实战类的,我就花了一点时间做了一个爬虫项目(在代码复制的时候可能会有点问题,缩格一下就没有问题了) 想要获取更多源码或者答疑或者或者交流学习可以加群:725479218 # ...
- 在SpringMVC中使用HandlerInterceptor来实现拦截器功能
需求:我们需要在请求某些特定的URL(URL格式为Restful格式)时添加拦截器,以实现进行权限控制. 如:/ResourcePlan/projectCode/P1503127828/PROJECT ...
- 机器学习sklearn19.0聚类算法——Kmeans算法
一.关于聚类及相似度.距离的知识点 二.k-means算法思想与流程 三.sklearn中对于kmeans算法的参数 四.代码示例以及应用的知识点简介 (1)make_blobs:聚类数据生成器 sk ...
- 汇编 OD 标志位 置位相关指令
知识点: l 标志位 置位相关指令 l 标志寄存器PSW 标志寄存器PSW(程序状态字寄存器PSW) 标志寄存器PSW是一个16为的寄存器.它反映了CPU运算的状态特征并且存放某些控制标志. ...