1 check for sql injection attacks
2 secure pages should use https protocol
3 page crash should not reveal application or server info . Error page should be displayed for this.
4 escape special characters in input
5 error messages should not reveal any sensitive information
6 all credentials should be transferred over an encrypted channel
7 test password security and password policy enforcement
8 check application logout functionality
9 check for brute force attacks
10 cookie information should be stored in encrypted format only
11 check session cookie duration and session termination after timeout or logout
12 session tokens should be transmitted over secured channel
13 password should not be stored in cookies
14 test for denial of service attacks
15 test for memory leakage
16 test unauthorized application access by manipulating variable values in browser address bar
17 test file extension handing so that exe files are not uploaded and executed on server
18 sensitive fields like passwords and credit card information should not have auto complete enabled
19 file upload functionality should use file type restrictions and also anti-virus for scanning uploaded files
20 check if directory listing is prohibited
21 password and other sensitive fields should be masked while typing
22 check if forgot password functionality is secured with features like temporary password expiry after specified hours and security question is asked before changing or requesting new password
23 verify CAPTCHA functionality
24 check if important events are logged in log files
25 check if access privileges are implemented correctly

Security Testing Test Scenarios的更多相关文章

  1. Penetration Testing、Security Testing、Automation Testing

    相关学习资料 http://www.cnblogs.com/LittleHann/p/3823513.html http://www.cnblogs.com/LittleHann/p/3828927. ...

  2. IOS Application Security Testing Cheat Sheet

    IOS Application Security Testing Cheat Sheet    [hide]  1 DRAFT CHEAT SHEET - WORK IN PROGRESS 2 Int ...

  3. Security Testing Basics

    Security Testing BasicsSoftware security testing is the process of assessing and testing a system to ...

  4. Performance testing test scenarios

    1 check if page load time is within acceptable range2 check page load on slow connections 3 check re ...

  5. Database testing test scenarios

    1 check if correct data is getting saved is database upon successful page submit2 check values for c ...

  6. Testing with a mocking framework (EF6 onwards)

    When writing tests for your application it is often desirable to avoid hitting the database.  Entity ...

  7. [译]36 Days of Web Testing(二)

    Day 7: Http 和 Https Why? 当在网络上传输一些私人,敏感信息时,应该采用加密的手段来保证这些信息在传输的过程中不被侦测到.Https协议正是这种实现机制. Https是一种广泛使 ...

  8. 14 Live CDs for Penetration Testing (Pen Test) and Forensic

    http://www.ivizsecurity.com/blog/penetration-testing/live-cd-penetration-testing-pen/ Yesterday I wa ...

  9. Testing - 软件测试知识梳理 - 相关词汇

    测试策略 描述测试工程的总体方法和目标:根据测试需求,描述在什么测试阶,依据什么测试要素和目标,进行什么种类的测试,使用什么样的测试方法和工具. 测试策略的制定主要包含如下内容: 确定测试过程要使用的 ...

随机推荐

  1. leetcode538. Convert BST to Greater Tree

    https://www.cnblogs.com/grandyang/p/6591526.html 这个题本质上是中序遍历的反向.中序遍历是从小到大,而这个题目是从大到小,然后每个数加上比自己大的所有数 ...

  2. 前台获取json未定义问题之两种常用解决办法

    来自博客园的一位朋友解答: 为什么要 eval这里要添加 “("("+data+")");//”呢? 原因在于:eval本身的问题. 由于json是以”{}”的 ...

  3. spring+springmvc+hibernate整合实例

    最近要弄一个自动化生成表及其实体对应的增删改查的框架,于是我想到了hibernate,hibernate就有根据实体自动建表,而且增删改查,都不需要想mybatis那样在xml文件中配置. 不过怎样让 ...

  4. 2-关于单片机通信数据传输(中断接收,大小端,IEEE754浮点型格式,共用体,空闲中断,环形队列)

    上一篇链接 http://www.cnblogs.com/yangfengwu/p/8628219.html 先说明一点这种方式,不光对于单片机类的,,对于上位机接收数据同样适用----不骗人的,自己 ...

  5. Tensorflow[LSTM]

    0.背景 通过对<tensorflow machine learning cookbook>第9章第3节"implementing_lstm"进行阅读,发现如下形式可以 ...

  6. 画线函数Glib_Line算法的研究

      在这里首先先简单把我对函数的功能的理解阐述一下,方便后面的分析:Glib_Line函数实现的功能是通过参数给定(x1,y1,x2,y2,color),来确定起点(x1,y1)和终点(x2,y2)两 ...

  7. IIC双向电平转换电路设计

    现代的集成电路工艺加工的间隙可达0.5μm 而且很少限制数字I/O 信号的最大电源电压和逻辑电平. 为了将这些低电压电路与已有的5V或其他I/O电压器件连接起来,接口需要一个电平转换器.对于双向的总线 ...

  8. 【Linux系统目录结构】

    登录系统后,在当前命令窗口下输入 ls / 你会看到 以下是对这些目录的解释: /bin bin是Binary的缩写.这个目录存放着最经常使用的命令. /boot 这里存放的是启动Linux时使用的一 ...

  9. EF性能优化-有人说EF性能低,我想说:EF确实不如ADO.NET

    十年河东,十年河西,莫欺少年穷. EF就如同那个少年,ADO.NET则是一位壮年.毕竟ADO.NET出生在EF之前,而EF所走的路属于应用ADO.NET. 也就是说:你所写的LINQ查询,最后还是要转 ...

  10. HDU 3400

    一道很适合练习三分的题目三分套三分强不强 题意:给你平面上两条平行线段\(AB\)和\(CD\),一个人要从\(A\)走到\(D\),他在线段\(AB\)上的速度为\(P\),在\(CD\)上的速度为 ...