İstanbul evden eve nakliyat Beylikd¨¹z¨¹ evden eve nakliyat Tuzla evden eve nakliyat
Checklist for Testing of Operational Security of Web Applications
Delicious Bookmark this on Delicious
software testing genius

Checklist for Testing of Operational Security of Web Applications

Welcome to “Software Testing Genius”. Subscribe to my RSS feed for latest content on Software Testing.

Checklist for Testing of Operational Security of Web Applications

Security testing checklist is a very powerful fact-gathering tool deployed to ensure that our new web application behaves as expected from operational security related considerations.

Sr.

 Check Point

Yes/No

Check Points related to Privacy

vAlign=top width="8%">

1.

Is sensitive data restricted to be viewed by unauthorized users?

 

2.

Is proprietary content copyrighted?

 

3.

Is information about company employees limited on public web site?

 

4.

Is the privacy policy communicated to users and customers?

 

5.

Is there adequate legal support and accountability of privacy practices?

 

Check Points related to Access Control

1.

Is there a defined standard for login names/passwords?

 

2.

Are good aging procedures in place for passwords?

 

3.

Are users locked out after a given number of password failures?

 

4.

Is there a link for help (e.g., forgotten passwords?)

 

5.

Is there a process for password administration?

 

6.

Have authorization levels been defined?

 

7.

Is management sign-off in place for authorizations?

 

Check Points related to Proxy Servers

1.

Have undesirable / unauthorized external sites been defined and screened out? (e.g. gaming sites, etc.)

 

2.

Is traffic logged?

 

3.

Is user access defined?

 

Check Points related to Firewalls

1.

Was the software installed correctly?

 

2.

Are firewalls installed at adequate levels in the organization and architecture? (e.g., corporate data, human resources data, customer transaction files, etc.)

 

3.

Have firewalls been tested? (E.g., to allow & deny access).

 

4.

Is the security administrator aware of known firewall defects?

 

5.

Is there a link to access control?

 

6.

Are firewalls installed in effective locations in the architecture? (E.g., proxy servers, data servers, etc.)

 

Check Points related to Monitoring

1.

Are network monitoring tools in place?

 

2.

Are network monitoring tool working effectively?

 

3.

Do monitors detect

- Network time-outs?
- Network concurrent usage?
- IP spoofing?

 

4.

Is personnel access control monitored?

 

5.

Is personnel internet activity monitored?

- Sites visited
- Transactions created
- Links accessed

 

Check Points related to Security Administration

1.

Have security administration procedures been defined?

 

2.

Is there a way to verify that security administration procedures are followed?

 

3.

Are security audits performed?

 

4.

Is there a person or team responsible for security administration?

 

5.

Are checks & balances in place?

 

6.

Is there an adequate backup for the security administrator?

 

Check Points related to Virus Protectiopn

1.

Are virus detection tools in place?

 

2.

Have the virus data files been updated on a current basis?

 

3.

Are virus updates scheduled?

 

4.

Is a response procedure for virus attacks in place?

 

5.

Are notifications of updates to virus files obtained from anti-virus software vendor?

 

6.

Does the security administrator maintain an informational partnership with the anti-virus software vendor?

 

7.

Does the security administrator subscribe to early warning e-mail services?

 

8.

Has a key contact been defined for the notification of a virus presence?

 

9.

Has an automated response been developed to respond to a virus presence?

 

10.

Is the communication & training of virus prevention and response procedures to users adequate?

 


Download Many More Checklists for Testers & Developers

Download Several Checklists for QA Managers & Team Leads

Download Several Testing Templates - Prepared By Experts

Study Material - ISTQB Certification Exam

Study Material - HP QTP & QC Certification Exam


Study Material - IBM RFT Certification Exam

Study Material - HP LoadRunner Certification Exams for All Modules

What Successful Testers say about the Quality of this website

If you want to keep track of further articles on Software Testing,
I suggest you to subscribe my
RSS feed
.

You can also Subscribe by E-mail
and get All New articles delivered directly to your Inbox.

Get your Absolutely Free Copy of Several MS PowerPoint Presentations & E-Books related to ISTQB, HP Load Runner, IBM RFT, HP QTP & QC Certification Exams, prepared by Popular Writers & Trainers, by writing to: Software.testing.genius@gmail.com

Full Study Material for Popular ISTQB Certification Exams:

Largest Database of Sample Papers - 1000+ Unique Questions for ISTQB Foundation Exam

ISTQB Foundation Exam - Full Crash Course for Download

ISTQB Advanced CTAL Test Analysts Exam - Full Crash Course for Download


ISTQB Advanced CTAL Test Manager Exam - Full Crash Course for Download


Most Popular Topics in Demand:

Practical Roadmap to QTP Certification

Practical Roadmap to CSTE Certification

Consolidated Study Material - Testing & QA

Rehearsal of QTP in 1 Hr. -  Interview Questions

 

Comments :

comments ↓


Leave Your Comments: (*) Marked Fields are Mandatory

You can apply basic formatting to the text

Name *
 
Email Address *
 
Website
 
Speak your mind
characters
sex hikayeleri