security testing test cases

7/26/2019 Security Testing Test Cases

1/168

QA Assigned:

Developer(s) Assigned:

PM Assigned:

OBJECTIVE

Cookie TestingVerify cookie privacy policy

Cookie Testing

Verify cookie privacy policy

Cookie Testing

Cookie Testing

Cookie Testing

Cookie Testing

Cookie Testing

Cookie Testing

Cookie Testing

TEST CASEID

SPECIFICATION EFEENCE

Verify the major functionalityworking after disabling thebrowser cookies.

Verify the use of cookies by theapplication under test.

To verify Accepts/Reject somecookies

To verify the behavior of pagesafter deleteting cookie

Corrupt the cookies manually editthe cookie in notepad and changethe parameters to some vaguevaluesCookie Testing on ultiplebrowsers!og in to your web applicationusing some username andpassword and change theparameter "# value in the browseraddress bar.


2/168

Cookie Testing

Cookie Testing

Cookie Testing

Cookie Testing

Cookie Testing

To verify $rror essage

To verify !og %ile

To verify the login page

functionality after disabling thebrowser cookies.

To verify that the session relatedcookie e&pires when session ends.

Verify that the session "# is uni'uefor each session.

Verify the cookie e&piry date andtime after modifying it for a

persistent cookie.

Verify the proper deletion of thecookie which is created by somepage and some other page will bedeleting it in same domain.

(ecurityTesting

(ecurityTesting


3/168

(ecurityTesting

To Check data encryption for loginid ) *assword is +&edencryption or random encryption

(ecurityTesting

$nsure that accessing theapplication is secure.

(ecurityTesting

Check for Valid and invalid loginattempts,

(ecurity

Testing

Check for book marking a securewebpage and accessing in anotherweb-browser session,

(ecurityTesting

(ecurityTesting

(ecurityTesting

(ecurity

Testing(ecurityTesting

To Verify that the history of thetransaction.

(ecurityTesting

To guess the potential value forusername and password.

(ecurityTesting

To guess the potential value forusername and password by +&ingthe value for username and iterate

the value for the password througha list of possible passwords.


4/168

(! "njection

R! Testing

Test direct R! testing.

R! TestingAdd some additional alphabets

R! TestingAdd some special characters

(ecurityTesting

To guess the potential value forusername and password by +&ingthe value for password and iteratethe value for the usernamethrough a list of possible

usernames.

(ecurityTesting

To check the CA*TC0A forautomates scripts logins.

Try to enter below mentionedstings in te&t +eld from " or fromR! 1 /23 4R 353

364R636563a6 or 6t656t3633$7$C 7*83 A9# 33:A9# 35;($!$CT C49T;64R username "( 94T 9!! 4Rusername 563 A9# ($R89A$;=56dbo636 A9# non8e&istant8table563

36 A9# non8e&istant8table563)?&@3>)?&B>a6> #R4* TA!$ users> ($!$CT #R4* TA!$ users


5/168

R! Testing

R! Testing

R! Testing

R! Testing

((!8Testing

((!8Testing

((!8Testing

Test the ((! client.

((!8Testing

((!8Testing

Check for the uery string value inthe R!.

To access the other pages R! byguessing the value for the 'uerystring."f application have diGerent rolepermissions then try pastingdiGerent role R! in each othersessions.

Alter the session identi+er in therl and try to access another usersaccount.

Test if ((! is used for securitymeasures.

Test if ((! is used for securitymeasures.

Test the ((! client by clicking thepadlock icon.

Right click Copy the R!.*aste to any browser address bar.Remove :https,//: from the R!and hit $nter.

Repeat but change the R! to:http,//:


6/168


7/168

Se!"ri#$ Tes#ing

To#%l Tes# C%ses:

&P%ss& Tes# C%ses:

&F%il& Tes# C%ses:

E'PECTED EST TEST DATA ACTA EST

9o personal or sensitive data shouldstored in the cookie

"f there is no option than saving sensitivedata in cookie then make sure datastored in cookie should stored inencrypted format.Applications major functionality will notaGected by disabling the cookies andthere should not be any page crash dueto disabling the cookies.

4veruse of cookies will annoy users ifbrowser is prompting for cookies moreoften and this could result in loss of sitetraHc.

*ages should not be getting crashed ordata should not be corrupted.

Access the web pages and check thebehavior of the pages.

Corrupted cookies should not allow toread the data inside it for any otherdomain.

Application should works properly usingthese cookies.

The proper access message should bedisplayed to user and user should not beable to see other users account.


8/168

The cookie would get deleted.

There should be a proper validationmessage prompting user to turn on thecookies functionality.

The cookie including the session relatedinformation would e&pire when thesession ends.

The session "# in the cookie would beuni'ue for each session.

The cookie should e&pire at the modi+eddate and time.

$rror essage does not contain maliciousinformation.

!og %ile for both web page ) databasewould be veri+ed and the error isreported.


9/168

#ata encryption would be appropriateaccording to the criticality of the businessIow included with it.

"f https - !ook for the !ock (ymbol J atthe end of the browser address bar.

a= After @ invalid attempts ;depends fromapplication to application=E try to enterbackspace and see if it moves to secondattemptE try the valid password and it willlog you to the application ;but only inhttp=.b= Check for the limit of number oflogin tries.a= Right click should be disabled;According to D@C standard= for securitypurpose in sensitive pages.

b= De can ookmark or save the web-pages through Dindows button likefavorites ;"$= or ookmark ;oKilla=

c= y entering the information and tryingto save the web-page through mouseright clickE it should not be saved.

d= "t should not be saved through themenu L%ileMN2M(ave asM options also.

e= CopyE pasteE saveE etc options should

not be allowed with the sensitive pages.0istory should not be maintained for thesecured web-pages.

ser should not be able to login in thesystem.



10/168

rl should show some error message

rl should show some error message


CA*TC0A would not be captured by theautomation script.

Any critical information would not beaccesible.

Test by pasting internal R! directly intobrowser address bar without login."nternal pages should not open.


11/168

"n both cases the R! resolves to https,//.

uery string value would be appearing inencrypted format.

4ther page/+le would not be accessible tothe user.

ser should not be able to access a pagewhose permission is not granted in thatparticular role.

*roper validation message would appearand the diGerent session would not beaccessible to the user.

"f used proper message should get

displayed when user switch from non-secure http,// pages to secure https,//pages and vice versa.

All transactionsE error messagesE securitybreach attempts should get logged in log+les somewhere on web server.

$nter the domain name in the browseraddress bar a padlock icon would appearin the web browser.

The information regarding the ((!authenticity of the website should display.


12/168


13/168

*+ &No# "n& , &-on#Fi.& ,

, &De/erred& , &D"pli!%#e& ,

, &Inv%lid& , ,

STATS B0 T1PE SEVEIT1 PIOIT1

&-or2s/or3e

& COMMENT

(DEVEOPE


14/168


15/168


16/168


17/168


18/168


19/168


20/168


21/168


22/168


23/168


24/168


25/168


26/168


27/168


28/168


29/168


30/168


31/168


32/168


33/168


34/168


35/168


36/168


37/168


38/168


39/168


40/168


41/168


42/168


43/168


44/168


45/168


46/168


47/168


48/168


49/168


50/168


51/168


52/168


53/168


54/168


55/168


56/168


57/168


58/168


59/168


60/168


61/168


62/168


63/168


64/168


65/168


66/168


67/168


68/168


69/168


70/168


71/168


72/168


73/168


74/168


75/168


76/168


77/168


78/168


79/168


80/168


81/168


82/168


83/168


84/168


85/168


86/168


87/168


88/168


89/168


90/168


91/168


92/168


93/168


94/168


95/168


96/168


97/168


98/168


99/168


100/168


101/168


102/168


103/168


104/168


105/168


106/168


107/168


108/168


109/168


110/168


111/168


112/168


113/168


114/168


115/168


116/168


117/168


118/168


119/168


120/168


121/168


122/168


123/168


124/168


125/168


126/168


127/168


128/168


129/168


130/168


131/168


132/168


133/168


134/168


135/168


136/168


137/168


138/168


139/168


140/168


141/168


142/168


143/168


144/168


145/168


146/168


147/168


148/168


149/168


150/168


151/168


152/168


153/168


154/168


155/168


156/168


157/168


158/168


159/168


160/168


161/168


162/168


163/168

1


164/168


165/168


166/168


167/168


168/168

security testing test cases

Documents