By this blog, I am sharing some common test scenarios for the Security Testing. I hope these will help in the time of security testing:-
1- Verify that secure or protect pages should be used HTTPS protocol.
2- Verify for SQL injection assaults or injection attacks.
3- Verify application logout function or behavior.
4- Verify for Brute Force Attacks.
5- Verify for memory leakage.
6- Verify that password should not be saved in cookies.
7- Cookie data should be saved in encrypted arrangement only.
8- Session tokens should be transferred above the secured or assured channel.
9- Test the CAPTCHA utility or functionality.
10- Verify if important occurrences are logged in log files.
11- Verify password and other delicates fields should be hidden while typing.
12- Verify each credential or reference should be transmitted over an encrypted medium.
13- Verify to disappear special characters in the input.
14- Verify any error messages should not disclose any delicate data or information.
15- Verify password security and password policy compulsion.
16- Verify delicate fields as passwords, debit card or credit card details etc should not have autocompleted permitted.
17- Verify session cookie period and session expiration after logout or intermission.
18- Verify if forgot password functionality is assured with characteristics as - provisional or temporary password expiry after set times and security question is inquired ahead changing or applying a new password.