1. Try to directly access the bookmarked web page without logging into the system.
2. Verify that the system should restrict you from downloading the file without signing in to the system.
3. Verify that previously accessed pages should not be accessible after logging out i.e. Sign out and then press the Back button to access the page accessed before.
4. Check the valid and invalid passwords, password rules say it cannot be less than 8 characters, user ID and password cannot be the same etc.
5. Verified that important i.e. sensitive information such as passwords, ID numbers, credit card numbers, etc should not be displayed in the input box when typing. They should be encrypted and in asterisk format.
6. Check Is bookmarking disabled on secure pages? Bookmarking Should be disabled on secure pages.
7. Check Is Right Click, View, Source disabled? The source code should not be visible to the user.
8. Check if your server locks out an individual who has tried to access your site multiple times with invalid login/password information?
9. Verify the timeout condition, after a timeout, the user should not be able to navigate through the site.
10. Check Are you prevented from doing direct searches by editing content in the URL?
11. Verify that the restricted page should not be accessible by a user after session time out.
12. ID/password authentication, the same account on different machines cannot log on at the same time. So at a time, only one user can log in to the system with a user ID.
13. ID/password authentication methods enter the wrong password several times and check if the account gets locked.
14. Add or modify important information (passwords, ID numbers, credit card numbers, etc.). Check if it gets reflected immediately or caching the old values.
15. Verify that the Error Message does not contain malicious info so that hackers will use this information to hack the website.
