Must-Have Security Test Cases for Your Web Application

1. Try to directly access the bookmarked web page without logging into the system.

2. Verify that the system should restrict you from downloading the file without signing in to the system.

3. Verify that previously accessed pages should not be accessible after logging out i.e. Sign out and then press the Back button to access the page accessed before.

4. Check the valid and invalid passwords, password rules say it cannot be less than 8 characters, user ID and password cannot be the same etc.

5. Verified that important i.e. sensitive information such as passwords, ID numbers, credit card numbers, etc should not be displayed in the input box when typing. They should be encrypted and in asterisk format.

6. Check Is bookmarking disabled on secure pages? Bookmarking Should be disabled on secure pages.

7. Check Is Right Click, View, Source disabled? The source code should not be visible to the user.

8. Check if your server locks out an individual who has tried to access your site multiple times with invalid login/password information?

9. Verify the timeout condition, after a timeout, the user should not be able to navigate through the site.

10. Check Are you prevented from doing direct searches by editing content in the URL?

11. Verify that the restricted page should not be accessible by a user after session time out.

12. ID/password authentication, the same account on different machines cannot log on at the same time. So at a time, only one user can log in to the system with a user ID.

13. ID/password authentication methods enter the wrong password several times and check if the account gets locked.

14. Add or modify important information (passwords, ID numbers, credit card numbers, etc.). Check if it gets reflected immediately or caching the old values.

15. Verify that the Error Message does not contain malicious info so that hackers will use this information to hack the website.

👋 Hi, I'm Suriya — QA Engineer with 4+ years of experience in manual, API & automation testing.

📬 Contact Me | LinkedIn | GitHub

📌 Follow for: Real-Time Test Cases, Bug Reports, Selenium Frameworks.

Interview Questions on Security Testing

 1. What is Authorization?

•  Authorization means checking permission.
•  Authorization is the process of verifying that a user has the necessary permissions to access a particular resource. 
•  It is typically done by comparing the user's credentials against an access control list to determine if the user is allowed to perform a particular action. 
•  Authorization is an important part of the security of any system, as it ensures that only authorized users can access sensitive data.

2. What is Authentication?

•  Authentication means checking credentials.
•  Authentication is the process of verifying that a person, device, or other entity is who it claims to be.
•  It is usually accomplished through the use of credentials such as a username/password combination, security tokens, biometric data, or a combination of factors. 
•  Authentication is an important component of data security, as it helps to ensure that only authorized users can access sensitive information.

3. Why do we do security testing?

•  To remove vulnerabilities.
•  Security testing is important because it helps ensure that applications, networks, and systems are protected against potential threats and vulnerabilities.
•  Security testing helps ensure that data is secure and protected from unauthorized access, manipulation, and theft.
•  Security testing also helps protect applications, networks, and systems against malicious attacks, and can help detect and identify weaknesses in applications and systems before they can be exploited.

4. Which methods/techniques are used for security testing?

•  XSS and SQL injection.

5. What is “Vulnerability”?

•  Weakness in the web application.

6. Security Tests are created on the basis of:

•  Roles

7. Security Testing is a type of:

•  Review Testing.
•  It involves testing the system to identify any security vulnerabilities that could be exploited and gain unauthorized access to the system. 
•  Security testing is typically done at the end of the software development life cycle.

8. Which symbol is used to test SQL injection?

•  The most commonly used symbol to test SQL injection is the single quotation mark (').

9. What is the full form of XSS?

•  Cross-Site Scripting.
•  Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. 
•  XSS enables attackers to inject client-side scripts into web pages viewed by other users. 
•  A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.

👋 Hi, I'm Suriya — QA Engineer with 4+ years of experience in manual, API & automation testing.

📬 Contact Me | LinkedIn | GitHub

📌 Follow for: Real-Time Test Cases, Bug Reports, Selenium Frameworks.