Interview Questions

Web Site Testing Checklist - Security

Check List for Software Testing

(Continued from previous question...)

Web Site Testing Checklist - Security

? Is security adequate?
? Is confidentiality/user privacy protected?
? Is access only successful with 128 bit browsers?
? Does the site prompt for user name and password?
? Does site ask for personal information of children? If so, is it acquired through secure pages with warning information for parents?
? Are there Digital Certificates, both at server and client?
? Have you verified where encryption begins and ends?
? Are concurrent log-ons permitted?
? Does the application include time-outs due to inactivity?
? Is bookmarking disabled on secure pages?
? Does the key/lock display on status bar for insecure/secure pages?
? Is Right Click, View, Source disabled?
? Are you prevented from doing direct searches by editing content in the URL?
? If using Digital Certificates, test the browser Cache by enrolling for the Certificate and completing all of the required security information. After completing the application and installation of the certificate, try using the <-- BackSpace key to see if that security information is still residing in Cache. If it is, then any user could walk up to the PC and access highly sensitive Digital Certificate security information.
? Is there an alternative way to access secure pages for browsers under version 3.0, since SSL is not compatible with those browsers?
? Do your users know when they are entering or leaving secure portions of your site?
? Does your server lock out an individual who has tried to access your site multiple times with

(Continued on next question...)

Other Interview Questions