Explain about Security Testing in webbased application?
Answers were Sorted based on User's Feedback
Answer / ramyab.mca@gmail.com
Hai...
Security Testing:
Following are some test cases for web security testing:
Test by pasting internal url directly into browser address
bar without login. Internal pages should not open.
If you are logged in using username and password and
browsing internal pages then try changing url options
directly. I.e. If you are checking some publisher site
statistics with publisher site ID= 123. Try directly
changing the url site ID parameter to different site ID
which is not related to logged in user. Access should
denied for this user to view others stats.
Try some invalid inputs in input fields like login
username, password, input text boxes. Check the system
reaction on all invalid inputs.
Web directories or files should not be accessible directly
unless given download option.
Test the CAPTCHA for automates scripts logins.
Test if SSL is used for security measures. If used proper
message should get displayed when user switch from non-
secure http:// pages to secure https:// pages and vice
versa.
All transactions, error messages, security breach attempts
should get logged in log files somewhere on web server.
K,Byeee...
Thanks & Regards
B.Ramyasri
Is This Answer Correct ? | 8 Yes | 2 No |
Answer / jyoti
Security Testing involves below points
1) Authorization Testing : Testing of different users
authority to view specific information.
i.e. Specific authority to enter in administration area
2) Access control testing : Access allocation to users
i.e. team members cannot access TL or PM data
PM can access TL's data.
Is This Answer Correct ? | 6 Yes | 0 No |
What is the difference between Business Requirement and functional Requirement
Write an algorithm to find an palindrome
Explain The test development life cycle?
A good url for testing concepts.....
What is the difference between qc and qa? What are the responsibilities of qc and qa?
what is traceability matrix ?what is use of that matix ?
Advantages and Dis-advantages of V-model?Is every company is using V-model only? pls send me the answer very quick asap.
What is Migration testing?
can any one give negative testcases for calculator
what is test strategy,test plan and test policy?Does anyone have dummy documents or any links that gives more idea about these?I am a beginner...interested in learning more abt testing.plz help and encourage me........!
Explain about Bug life cycle?
For what purpose are virtual users created?