Security of data is very important to any person or organization and it should be must with software testing cause we find bugs of UI and funtional but if any malicious user hacked your site and steel your valuable information all your work is gone. so we will talk about security testing and see all the most importent test cases which are used for Security Testing.
The main objective of security testing is to find the vulnerabilities of the system & determine that its data and resources are protected from the possible intruder. Basically, Security testing allows us to check that the confidential data stays confidential or not. Follow the list of test cases given below used for Security Testing-
Security Testing Useful Test Cases
- Check if HTTPS protocol is used for Secure pages if not it should use HTTPS protocol for encrypted connection make client with server and vice-versa.
- Check that no server or application information is revealed if any page crash occurs. Proper error page should be displayed for this.
- Check for SQL Injection attacks. if website build in wordpress you can follow wordpress security scan or you can follow SQL injection attack on website .
- Check that in input fields should escape special characters. a malicious user can do cross site scripting attack.
- Check that all the credentials should be transferred through an encrypted channel.
- Check that the error message should not reveal any sensitive information. Always show custom error message if page not found should redirect to 404 page. it should not show php and mysql error in any condition.
- Check the logout functionality of the application, after logout authenticated links shouldn’t be accessible without login.
- Check for Brute Force Attacks, to prevent brute force attack use captcha in login, register or other fronted and admin login forms.
- Check the password security and password policy enforcement. make strong password that hard to guess by using alpha numeric with special character and minimum length should be 8 characters.
- Check that the Cookie information is stored in encrypted format only.
- Check that the Session tokens should be transmitted over the secured channel.
- Check session cookie duration and session termination after timeout or logout.
- Check that Password should not be stored in cookies.
- Test for Denial Service attacks.
- Check the unauthorized application access by manipulating variable values in browser address bar.
- Test for memory leakage.
- Check that the Sensitive fields like passwords and credit card information should not have auto-complete enabled.
- Check that the File upload functionality should use file type restrictions and also anti-virus for scanning uploaded files.
- Check that Password and other sensitive fields should be masked while typing.
- Check if directory listing is prohibited.
- Check if forgot password functionality is secured with features like temporary password expiry after specified hours and security question is asked before changing or requesting the new password.
- Verify CAPTCHA functionality.
- Check if access privileges are implemented correctly.
- Check if important events are logged in log files.