| Is confidentiality/user privacy protected? |
| Does the site prompt for user name and password? |
| Have you verified where encryption begins and ends? |
| Are concurrent log-ons permitted? |
| Does the application include time-outs due to inactivity? |
| Is bookmarking disabled on secure pages? |
| Is Right Click, View, Source disabled? |
| Are you prevented from doing direct searches by editing content in the URL? |
| Test both valid and invalid login names and passwords. Are they case sensitive? Is there a limit To how many tries that is allowed? Can it be bypassed by typing the URL to a page inside? Directly in the browser? |
| Verify rules for password selection |
| Cookies:If cookies store login information, make sure the information is encrypted in the cookie file. If the cookie is used for statistics, make sure those cookies are encrypted too, Otherwise people can edit their cookies and skew |
Wednesday, May 8, 2013
Security Testing Checklist
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment