Interview Questions

How to test a web application, for security testing of Web Application?

Software QA/Testing Technical FAQs


(Continued from previous question...)

How to test a web application, for security testing of Web Application?


Answer1:
Two most common security vulnerabilities that often times overlooked by developers are session and cookie management. Check out google for possible hacks re the two items. Develop test scenario from the kb that you find in the web.
Another test would be to concentrate on the log in page and log out.
In some cases the back button could be a security problem especially if the previous screen/page has sensitive data and could easily be modified if the back button is used.
Lastly, test the user roles properly. Making sure that the specific role only sees what s/he is intended to see.

Answer2:
Can test one more scenario for security,
1. Login into the application.
2. Then copy the url.
3. Click Logout button
4. Now paste this url in Browser's Address bar or from History access the url of the application after logging out
Also do not forget to check the timeout setting for the application
1. Login into the app
2. Leave the browser for sometime idle
3. then checkout that user session gets expired or not.

(Continued on next question...)

Other Interview Questions