Thursday, 12 January 2012

Steps to do security Testing

  • . Check the URL’s encryption. Except main page all other branches and sensitive pages should be encrypted in URL

  •   Check the Cookies, all sensitive cookies should be removed automatically when the application get closed
  • Sensitive information stored in the cookies must be encrypted
  •   For authentication kind of site, the cache must be cleared on exit
  •  If we edit the cookies while the application is on run, then it should not affect the system; instead it should restore its original (proper) state when the next action happens in the application
  •  All password and user’s sensitive information transaction should be encrypted
  • Encryption should be in the simple way to identify. Typically it should be the mix of special characters, numerals and alphabets(both cases A/a)
  •   Folder level access should not be allowed. Eg: if the url opens a page inside a specific folder, then if any one deleted the file name and tried with that folder name should not be able to open that folder
  • Internal and external IP address mapped with the URL should be secured.

No comments:

Post a Comment