1 check for sql injection attacks
2 secure pages should use https protocol
3 page crash should not reveal application or server info . Error page should be displayed for this.
4 escape special characters in input
5 error messages should not reveal any sensitive information
6 all credentials should be transferred over an encrypted channel
7 test password security and password policy enforcement
8 check application logout functionality
9 check for brute force attacks
10 cookie information should be stored in encrypted format only
11 check session cookie duration and session termination after timeout or logout
12 session tokens should be transmitted over secured channel
13 password should not be stored in cookies
14 test for denial of service attacks
15 test for memory leakage
16 test unauthorized application access by manipulating variable values in browser address bar
17 test file extension handing so that exe files are not uploaded and executed on server
18 sensitive fields like passwords and credit card information should not have auto complete enabled
19 file upload functionality should use file type restrictions and also anti-virus for scanning uploaded files
20 check if directory listing is prohibited
21 password and other sensitive fields should be masked while typing
22 check if forgot password functionality is secured with features like temporary password expiry after specified hours and security question is asked before changing or requesting new password
23 verify CAPTCHA functionality
24 check if important events are logged in log files
25 check if access privileges are implemented correctly

Security Testing Test Scenarios的更多相关文章

  1. Penetration Testing、Security Testing、Automation Testing

    相关学习资料 http://www.cnblogs.com/LittleHann/p/3823513.html http://www.cnblogs.com/LittleHann/p/3828927. ...

  2. IOS Application Security Testing Cheat Sheet

    IOS Application Security Testing Cheat Sheet    [hide]  1 DRAFT CHEAT SHEET - WORK IN PROGRESS 2 Int ...

  3. Security Testing Basics

    Security Testing BasicsSoftware security testing is the process of assessing and testing a system to ...

  4. Performance testing test scenarios

    1 check if page load time is within acceptable range2 check page load on slow connections 3 check re ...

  5. Database testing test scenarios

    1 check if correct data is getting saved is database upon successful page submit2 check values for c ...

  6. Testing with a mocking framework (EF6 onwards)

    When writing tests for your application it is often desirable to avoid hitting the database.  Entity ...

  7. [译]36 Days of Web Testing(二)

    Day 7: Http 和 Https Why? 当在网络上传输一些私人,敏感信息时,应该采用加密的手段来保证这些信息在传输的过程中不被侦测到.Https协议正是这种实现机制. Https是一种广泛使 ...

  8. 14 Live CDs for Penetration Testing (Pen Test) and Forensic

    http://www.ivizsecurity.com/blog/penetration-testing/live-cd-penetration-testing-pen/ Yesterday I wa ...

  9. Testing - 软件测试知识梳理 - 相关词汇

    测试策略 描述测试工程的总体方法和目标:根据测试需求,描述在什么测试阶,依据什么测试要素和目标,进行什么种类的测试,使用什么样的测试方法和工具. 测试策略的制定主要包含如下内容: 确定测试过程要使用的 ...

随机推荐

  1. Spring4.2+SpringMVC+Mybatis3.4的集成(转-)

    文章转自 http://blog.csdn.net/jimolangge123/article/details/49210363 首先说明一下Web.xml中配置项的执行过程: <context ...

  2. 在Windows中安装PostgreSQL

    在Windows中安装PostgreSQL 虽然PostgreSQL是为类UNIX平台开发的,但它却是可以移植的.从7.1版本开始,PostgreSQL可以编译安装和作为一个PostgreSQL服务器 ...

  3. 基于SaaS的企业数据隐私保护平台

    导读 WireWheel成立于2016年,总部位于华盛顿,该公司致力于降低数据隐私保护合规能力建设的难度,帮助企业来应对复杂.严厉的法案.条例规定.2018年10月,公司获得了PSP Growth领投 ...

  4. 对 String 字符串的理解

    1.通过构造方法创建的字符串对象和直接赋值方式创建的字符串对象区别? 通过构造方法创建字符串对象是在堆内存. 直接赋值方式创建对象是在方法区的常量池. ==: 基本数据类型,比较的是基本数据类型的值是 ...

  5. 数据可视化matplotlib、seaborn、pydotplus

    如需转发,请注明出处:小婷儿的python  https://www.cnblogs.com/xxtalhr/p/10486560.html 一.数据可视化 data.mat 链接:https://p ...

  6. ubuntu开机自动运行用Qt写的程序

    这里介绍一种在ubuntu系统开机自动运行使用Qt编写的程序的方法.首先要注意要自动运行Qt编的程序,不需要先打开Qt,而是直接运行编译好的与工程名同名的可执行文件即可,比如我要运行的工程为QRDec ...

  7. Redis 参数说明

    4. Redis的配置 4.1. Redis默认不是以守护进程的方式运行,可以通过该配置项修改,使用yes启用守护进程 daemonize no 4.2. 当Redis以守护进程方式运行时,Redis ...

  8. linux 服务器安全加固和内核参数调优 nf_conntrack

    0.内部设置跳板机,服务器只能通过跳板机登录1.禁止ROOT用户远程登录和登录端口 禁止ROOT用户远程登录 .打开 /etc/ssh/sshd_config PermitRootLogin no . ...

  9. highcharts中数据列点击事件

    Highcharts.chart('container', { xAxis: { categories: ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul ...

  10. Eclipse-设置选中高亮显示

    高亮显示选中的变量对于程序员编程很有帮助,正常情况下Eclipse选中变量时都会高亮显示,可能软件冲突导致高亮显示失效,通过如下方法可以进行恢复. 单击IDE顶部Window菜单下的Preferenc ...