Where we learn technology

Security Testing Test Scenarios – By Naveen AutomationLabs

Security Testing Test Scenarios – By Naveen AutomationLabs



1. Check for SQL injection attacks

2. Secure pages should use HTTPS protocol

3. Page crash should not reveal application or server info. Error page should be displayed for this

4. Escape special characters in input

5. Error messages should not reveal any sensitive information

6. All credentials should be transferred over an encrypted channel

7. Test password security and password policy enforcement

8. Check application logout functionality

9. Check for Brute Force Attacks

10. Cookie information should be stored in encrypted format only

11. Check session cookie duration and session termination after timeout or logout

11. Session tokens should be transmitted over secured channel

13. Password should not be stored in cookies

14. Test for Denial of Service attacks

15. Test for memory leakage

16. Test unauthorised application access by manipulating variable values in browser address bar

17. Test file extension handing so that exe files are not uploaded and executed on server

18. Sensitive fields like passwords and credit card information should not have auto complete 
enabled

19. File upload functionality should use file type restrictions and also anti-virus for scanning uploaded files

20. Check if directory listing is prohibited

21. Password and other sensitive fields should be masked while typing

22. Check if forgot password functionality is secured with features like temporary password expiry after specified hours and security question is asked before changing or requesting new password

23. Verify CAPTCHA functionality

24. Check if important events are logged in log files

25. Check if access privileges are implemented correctly



~~~Subscribe to this channel, and press bell icon to get some interesting videos on Selenium and Automation:

Follow me on my Facebook Page:

Let’s join our Automation community for some amazing knowledge sharing and group discussion:

8 Comments

  1. Unknown

    Wonderful post Naveen.could you please create one for performance testing/Accessibility testing as well..

  2. sriram

    It's interesting that many of the bloggers to helped clarify a few things for me as well as giving.Most of ideas can be nice content.The people to give them a good shake to get your point and across the command.

    software testing training in chennai

  3. Unknown

    Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging.

    Python Training in electronic city

    DataScience with Python Training in electronic city

    AWS Training in electronic city

    Big Data Hadoop Training in electronic city

    Devops Training in electronic city

  4. Unknown

    Can you please provide video link of demo

  5. YK Agency

    enterprise security audit This is a smart blog. I mean it. You have so much knowledge about this issue, and so much passion. You also know how to make people rally behind it, obviously from the responses.

  6. Laura Bush

    The information is meaningful and magnificent which is shared here about the security testing. I really thank you for such a innovative post. The points are helpful and informative. I really enjoyed reading it and found many more knowledge. Security Testing Australia.

  7. Sankar

    I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
    Cyber Security Projects for Final Year

    JavaScript Training in Chennai

    Project Centers in Chennai

    JavaScript Training in Chennai

  8. Rajinder

    I look forward to reading what you're planning on next, because your post is a nice read.
    kickass torrents

Leave a Reply

Your email address will not be published. Required fields are marked *