Security Testing Test Cases
-
Upload
shitesh-sachan -
Category
Documents
-
view
487 -
download
5
Transcript of Security Testing Test Cases
-
7/26/2019 Security Testing Test Cases
1/168
QA Assigned:
Developer(s) Assigned:
PM Assigned:
OBJECTIVE
Cookie TestingVerify cookie privacy policy
Cookie Testing
Verify cookie privacy policy
Cookie Testing
Cookie Testing
Cookie Testing
Cookie Testing
Cookie Testing
Cookie Testing
Cookie Testing
TEST CASEID
SPECIFICATION EFEENCE
Verify the major functionalityworking after disabling thebrowser cookies.
Verify the use of cookies by theapplication under test.
To verify Accepts/Reject somecookies
To verify the behavior of pagesafter deleteting cookie
Corrupt the cookies manually editthe cookie in notepad and changethe parameters to some vaguevaluesCookie Testing on ultiplebrowsers!og in to your web applicationusing some username andpassword and change theparameter "# value in the browseraddress bar.
-
7/26/2019 Security Testing Test Cases
2/168
Cookie Testing
Cookie Testing
Cookie Testing
Cookie Testing
Cookie Testing
To verify $rror essage
To verify !og %ile
To verify the login page
functionality after disabling thebrowser cookies.
To verify that the session relatedcookie e&pires when session ends.
Verify that the session "# is uni'uefor each session.
Verify the cookie e&piry date andtime after modifying it for a
persistent cookie.
Verify the proper deletion of thecookie which is created by somepage and some other page will bedeleting it in same domain.
(ecurityTesting
(ecurityTesting
-
7/26/2019 Security Testing Test Cases
3/168
(ecurityTesting
To Check data encryption for loginid ) *assword is +&edencryption or random encryption
(ecurityTesting
$nsure that accessing theapplication is secure.
(ecurityTesting
Check for Valid and invalid loginattempts,
(ecurity
Testing
Check for book marking a securewebpage and accessing in anotherweb-browser session,
(ecurityTesting
(ecurityTesting
(ecurityTesting
(ecurity
Testing(ecurityTesting
To Verify that the history of thetransaction.
(ecurityTesting
To guess the potential value forusername and password.
(ecurityTesting
To guess the potential value forusername and password by +&ingthe value for username and iterate
the value for the password througha list of possible passwords.
-
7/26/2019 Security Testing Test Cases
4/168
(! "njection
R! Testing
Test direct R! testing.
R! TestingAdd some additional alphabets
R! TestingAdd some special characters
(ecurityTesting
To guess the potential value forusername and password by +&ingthe value for password and iteratethe value for the usernamethrough a list of possible
usernames.
(ecurityTesting
To check the CA*TC0A forautomates scripts logins.
Try to enter below mentionedstings in te&t +eld from " or fromR! 1 /23 4R 353
364R636563a6 or 6t656t3633$7$C 7*83 A9# 33:A9# 35;($!$CT C49T;64R username "( 94T 9!! 4Rusername 563 A9# ($R89A$;=56dbo636 A9# non8e&istant8table563
36 A9# non8e&istant8table563)?&@3>)?&B>a6> #R4* TA!$ users> ($!$CT #R4* TA!$ users
-
7/26/2019 Security Testing Test Cases
5/168
R! Testing
R! Testing
R! Testing
R! Testing
((!8Testing
((!8Testing
((!8Testing
Test the ((! client.
((!8Testing
((!8Testing
Check for the uery string value inthe R!.
To access the other pages R! byguessing the value for the 'uerystring."f application have diGerent rolepermissions then try pastingdiGerent role R! in each othersessions.
Alter the session identi+er in therl and try to access another usersaccount.
Test if ((! is used for securitymeasures.
Test if ((! is used for securitymeasures.
Test the ((! client by clicking thepadlock icon.
Right click Copy the R!.*aste to any browser address bar.Remove :https,//: from the R!and hit $nter.
Repeat but change the R! to:http,//:
-
7/26/2019 Security Testing Test Cases
6/168
-
7/26/2019 Security Testing Test Cases
7/168
Se!"ri#$ Tes#ing
To#%l Tes# C%ses:
&P%ss& Tes# C%ses:
&F%il& Tes# C%ses:
E'PECTED EST TEST DATA ACTA EST
9o personal or sensitive data shouldstored in the cookie
"f there is no option than saving sensitivedata in cookie then make sure datastored in cookie should stored inencrypted format.Applications major functionality will notaGected by disabling the cookies andthere should not be any page crash dueto disabling the cookies.
4veruse of cookies will annoy users ifbrowser is prompting for cookies moreoften and this could result in loss of sitetraHc.
*ages should not be getting crashed ordata should not be corrupted.
Access the web pages and check thebehavior of the pages.
Corrupted cookies should not allow toread the data inside it for any otherdomain.
Application should works properly usingthese cookies.
The proper access message should bedisplayed to user and user should not beable to see other users account.
-
7/26/2019 Security Testing Test Cases
8/168
The cookie would get deleted.
There should be a proper validationmessage prompting user to turn on thecookies functionality.
The cookie including the session relatedinformation would e&pire when thesession ends.
The session "# in the cookie would beuni'ue for each session.
The cookie should e&pire at the modi+eddate and time.
$rror essage does not contain maliciousinformation.
!og %ile for both web page ) databasewould be veri+ed and the error isreported.
-
7/26/2019 Security Testing Test Cases
9/168
#ata encryption would be appropriateaccording to the criticality of the businessIow included with it.
"f https - !ook for the !ock (ymbol J atthe end of the browser address bar.
a= After @ invalid attempts ;depends fromapplication to application=E try to enterbackspace and see if it moves to secondattemptE try the valid password and it willlog you to the application ;but only inhttp=.b= Check for the limit of number oflogin tries.a= Right click should be disabled;According to D@C standard= for securitypurpose in sensitive pages.
b= De can ookmark or save the web-pages through Dindows button likefavorites ;"$= or ookmark ;oKilla=
c= y entering the information and tryingto save the web-page through mouseright clickE it should not be saved.
d= "t should not be saved through themenu L%ileMN2M(ave asM options also.
e= CopyE pasteE saveE etc options should
not be allowed with the sensitive pages.0istory should not be maintained for thesecured web-pages.
ser should not be able to login in thesystem.
ser should not be able to login in thesystem.
-
7/26/2019 Security Testing Test Cases
10/168
rl should show some error message
rl should show some error message
ser should not be able to login in thesystem.
CA*TC0A would not be captured by theautomation script.
Any critical information would not beaccesible.
Test by pasting internal R! directly intobrowser address bar without login."nternal pages should not open.
-
7/26/2019 Security Testing Test Cases
11/168
"n both cases the R! resolves to https,//.
uery string value would be appearing inencrypted format.
4ther page/+le would not be accessible tothe user.
ser should not be able to access a pagewhose permission is not granted in thatparticular role.
*roper validation message would appearand the diGerent session would not beaccessible to the user.
"f used proper message should get
displayed when user switch from non-secure http,// pages to secure https,//pages and vice versa.
All transactionsE error messagesE securitybreach attempts should get logged in log+les somewhere on web server.
$nter the domain name in the browseraddress bar a padlock icon would appearin the web browser.
The information regarding the ((!authenticity of the website should display.
-
7/26/2019 Security Testing Test Cases
12/168
-
7/26/2019 Security Testing Test Cases
13/168
*+ &No# "n& , &-on#Fi.& ,
, &De/erred& , &D"pli!%#e& ,
, &Inv%lid& , ,
STATS B0 T1PE SEVEIT1 PIOIT1
&-or2s/or3e
& COMMENT
(DEVEOPE
-
7/26/2019 Security Testing Test Cases
14/168
-
7/26/2019 Security Testing Test Cases
15/168
-
7/26/2019 Security Testing Test Cases
16/168
-
7/26/2019 Security Testing Test Cases
17/168
-
7/26/2019 Security Testing Test Cases
18/168
-
7/26/2019 Security Testing Test Cases
19/168
-
7/26/2019 Security Testing Test Cases
20/168
-
7/26/2019 Security Testing Test Cases
21/168
-
7/26/2019 Security Testing Test Cases
22/168
-
7/26/2019 Security Testing Test Cases
23/168
-
7/26/2019 Security Testing Test Cases
24/168
-
7/26/2019 Security Testing Test Cases
25/168
-
7/26/2019 Security Testing Test Cases
26/168
-
7/26/2019 Security Testing Test Cases
27/168
-
7/26/2019 Security Testing Test Cases
28/168
-
7/26/2019 Security Testing Test Cases
29/168
-
7/26/2019 Security Testing Test Cases
30/168
-
7/26/2019 Security Testing Test Cases
31/168
-
7/26/2019 Security Testing Test Cases
32/168
-
7/26/2019 Security Testing Test Cases
33/168
-
7/26/2019 Security Testing Test Cases
34/168
-
7/26/2019 Security Testing Test Cases
35/168
-
7/26/2019 Security Testing Test Cases
36/168
-
7/26/2019 Security Testing Test Cases
37/168
-
7/26/2019 Security Testing Test Cases
38/168
-
7/26/2019 Security Testing Test Cases
39/168
-
7/26/2019 Security Testing Test Cases
40/168
-
7/26/2019 Security Testing Test Cases
41/168
-
7/26/2019 Security Testing Test Cases
42/168
-
7/26/2019 Security Testing Test Cases
43/168
-
7/26/2019 Security Testing Test Cases
44/168
-
7/26/2019 Security Testing Test Cases
45/168
-
7/26/2019 Security Testing Test Cases
46/168
-
7/26/2019 Security Testing Test Cases
47/168
-
7/26/2019 Security Testing Test Cases
48/168
-
7/26/2019 Security Testing Test Cases
49/168
-
7/26/2019 Security Testing Test Cases
50/168
-
7/26/2019 Security Testing Test Cases
51/168
-
7/26/2019 Security Testing Test Cases
52/168
-
7/26/2019 Security Testing Test Cases
53/168
-
7/26/2019 Security Testing Test Cases
54/168
-
7/26/2019 Security Testing Test Cases
55/168
-
7/26/2019 Security Testing Test Cases
56/168
-
7/26/2019 Security Testing Test Cases
57/168
-
7/26/2019 Security Testing Test Cases
58/168
-
7/26/2019 Security Testing Test Cases
59/168
-
7/26/2019 Security Testing Test Cases
60/168
-
7/26/2019 Security Testing Test Cases
61/168
-
7/26/2019 Security Testing Test Cases
62/168
-
7/26/2019 Security Testing Test Cases
63/168
-
7/26/2019 Security Testing Test Cases
64/168
-
7/26/2019 Security Testing Test Cases
65/168
-
7/26/2019 Security Testing Test Cases
66/168
-
7/26/2019 Security Testing Test Cases
67/168
-
7/26/2019 Security Testing Test Cases
68/168
-
7/26/2019 Security Testing Test Cases
69/168
-
7/26/2019 Security Testing Test Cases
70/168
-
7/26/2019 Security Testing Test Cases
71/168
-
7/26/2019 Security Testing Test Cases
72/168
-
7/26/2019 Security Testing Test Cases
73/168
-
7/26/2019 Security Testing Test Cases
74/168
-
7/26/2019 Security Testing Test Cases
75/168
-
7/26/2019 Security Testing Test Cases
76/168
-
7/26/2019 Security Testing Test Cases
77/168
-
7/26/2019 Security Testing Test Cases
78/168
-
7/26/2019 Security Testing Test Cases
79/168
-
7/26/2019 Security Testing Test Cases
80/168
-
7/26/2019 Security Testing Test Cases
81/168
-
7/26/2019 Security Testing Test Cases
82/168
-
7/26/2019 Security Testing Test Cases
83/168
-
7/26/2019 Security Testing Test Cases
84/168
-
7/26/2019 Security Testing Test Cases
85/168
-
7/26/2019 Security Testing Test Cases
86/168
-
7/26/2019 Security Testing Test Cases
87/168
-
7/26/2019 Security Testing Test Cases
88/168
-
7/26/2019 Security Testing Test Cases
89/168
-
7/26/2019 Security Testing Test Cases
90/168
-
7/26/2019 Security Testing Test Cases
91/168
-
7/26/2019 Security Testing Test Cases
92/168
-
7/26/2019 Security Testing Test Cases
93/168
-
7/26/2019 Security Testing Test Cases
94/168
-
7/26/2019 Security Testing Test Cases
95/168
-
7/26/2019 Security Testing Test Cases
96/168
-
7/26/2019 Security Testing Test Cases
97/168
-
7/26/2019 Security Testing Test Cases
98/168
-
7/26/2019 Security Testing Test Cases
99/168
-
7/26/2019 Security Testing Test Cases
100/168
-
7/26/2019 Security Testing Test Cases
101/168
-
7/26/2019 Security Testing Test Cases
102/168
-
7/26/2019 Security Testing Test Cases
103/168
-
7/26/2019 Security Testing Test Cases
104/168
-
7/26/2019 Security Testing Test Cases
105/168
-
7/26/2019 Security Testing Test Cases
106/168
-
7/26/2019 Security Testing Test Cases
107/168
-
7/26/2019 Security Testing Test Cases
108/168
-
7/26/2019 Security Testing Test Cases
109/168
-
7/26/2019 Security Testing Test Cases
110/168
-
7/26/2019 Security Testing Test Cases
111/168
-
7/26/2019 Security Testing Test Cases
112/168
-
7/26/2019 Security Testing Test Cases
113/168
-
7/26/2019 Security Testing Test Cases
114/168
-
7/26/2019 Security Testing Test Cases
115/168
-
7/26/2019 Security Testing Test Cases
116/168
-
7/26/2019 Security Testing Test Cases
117/168
-
7/26/2019 Security Testing Test Cases
118/168
-
7/26/2019 Security Testing Test Cases
119/168
-
7/26/2019 Security Testing Test Cases
120/168
-
7/26/2019 Security Testing Test Cases
121/168
-
7/26/2019 Security Testing Test Cases
122/168
-
7/26/2019 Security Testing Test Cases
123/168
-
7/26/2019 Security Testing Test Cases
124/168
-
7/26/2019 Security Testing Test Cases
125/168
-
7/26/2019 Security Testing Test Cases
126/168
-
7/26/2019 Security Testing Test Cases
127/168
-
7/26/2019 Security Testing Test Cases
128/168
-
7/26/2019 Security Testing Test Cases
129/168
-
7/26/2019 Security Testing Test Cases
130/168
-
7/26/2019 Security Testing Test Cases
131/168
-
7/26/2019 Security Testing Test Cases
132/168
-
7/26/2019 Security Testing Test Cases
133/168
-
7/26/2019 Security Testing Test Cases
134/168
-
7/26/2019 Security Testing Test Cases
135/168
-
7/26/2019 Security Testing Test Cases
136/168
-
7/26/2019 Security Testing Test Cases
137/168
-
7/26/2019 Security Testing Test Cases
138/168
-
7/26/2019 Security Testing Test Cases
139/168
-
7/26/2019 Security Testing Test Cases
140/168
-
7/26/2019 Security Testing Test Cases
141/168
-
7/26/2019 Security Testing Test Cases
142/168
-
7/26/2019 Security Testing Test Cases
143/168
-
7/26/2019 Security Testing Test Cases
144/168
-
7/26/2019 Security Testing Test Cases
145/168
-
7/26/2019 Security Testing Test Cases
146/168
-
7/26/2019 Security Testing Test Cases
147/168
-
7/26/2019 Security Testing Test Cases
148/168
-
7/26/2019 Security Testing Test Cases
149/168
-
7/26/2019 Security Testing Test Cases
150/168
-
7/26/2019 Security Testing Test Cases
151/168
-
7/26/2019 Security Testing Test Cases
152/168
-
7/26/2019 Security Testing Test Cases
153/168
-
7/26/2019 Security Testing Test Cases
154/168
-
7/26/2019 Security Testing Test Cases
155/168
-
7/26/2019 Security Testing Test Cases
156/168
-
7/26/2019 Security Testing Test Cases
157/168
-
7/26/2019 Security Testing Test Cases
158/168
-
7/26/2019 Security Testing Test Cases
159/168
-
7/26/2019 Security Testing Test Cases
160/168
-
7/26/2019 Security Testing Test Cases
161/168
-
7/26/2019 Security Testing Test Cases
162/168
-
7/26/2019 Security Testing Test Cases
163/168
1
-
7/26/2019 Security Testing Test Cases
164/168
-
7/26/2019 Security Testing Test Cases
165/168
-
7/26/2019 Security Testing Test Cases
166/168
-
7/26/2019 Security Testing Test Cases
167/168
-
7/26/2019 Security Testing Test Cases
168/168