Web Site Testing Checklist - Security
Check List for Software Testing
(Continued from previous question...)
Web Site Testing Checklist - Security
? Is security adequate?
? Is confidentiality/user privacy protected?
? Is access only successful with 128 bit browsers?
? Does the site prompt for user name and password?
? Does site ask for personal information of children? If so, is it acquired through secure pages
with warning information for parents?
? Are there Digital Certificates, both at server and client?
? Have you verified where encryption begins and ends?
? Are concurrent log-ons permitted?
? Does the application include time-outs due to inactivity?
? Is bookmarking disabled on secure pages?
? Does the key/lock display on status bar for insecure/secure pages?
? Is Right Click, View, Source disabled?
? Are you prevented from doing direct searches by editing content in the URL?
? If using Digital Certificates, test the browser Cache by enrolling for the Certificate and
completing all of the required security information. After completing the application and
installation of the certificate, try using the <-- BackSpace key to see if that security
information is still residing in Cache. If it is, then any user could walk up to the PC and
access highly sensitive Digital Certificate security information.
? Is there an alternative way to access secure pages for browsers under version 3.0, since SSL
is not compatible with those browsers?
? Do your users know when they are entering or leaving secure portions of your site?
? Does your server lock out an individual who has tried to access your site multiple times with
(Continued on next question...)
Other Interview Questions
|