Checklist for Testing Data Security and Recovery of Web Applications
Security testing checklist is a very powerful fact-gathering tool deployed to ensure that our new web application behaves as expected from security related considerations.
|
Sr. |
Check Point |
Yes/No |
|
Check Points related to Data Security |
||
|
1. |
Are data inputs adequately filtered? | |
| 2. | Are data access privileges identified? (e.g., read, write, update and query) | |
| 3. | Are data access privileges enforced? | |
| 4. | Have data backup and restore processes been defined? | |
| 5. | Have data backup and restore processes been tested? | |
| 6. | Have file permissions been established? | |
| 7. | Have file permissions been tested? | |
| 8. | Have sensitive and critical data been allocated to secure locations? | |
| 9. | Have date archival and retrieval procedures been defined? | |
| 10. | Have date archival and retrieval procedures been tested? | |
|
Check Points related to Data Encryption |
||
| 1. | Are encryption systems / levels defined? | |
| 2. | Is there a standard of what is to be encrypted? | |
| 3. | Are customers compatible in terms of encryption levels and protocols? | |
| 4. | Are encryption techniques for transactions being used for secured transactions?
– Secure socket layer (SSL) – Virtual Private Networks (VPNs) |
|
| 5. | Have the encryption processes and standards been documented? | |
|
Check Points related to Disaster Recovery |
||
| 1. | Have service levels been defined. (E.g., how long should recovery take?) | |
| 2. | Are fail-over solutions needed? | |
| 3. | Is there a way to reroute to another server in the event of a site crash? | |
| 4. | Are executables, data, and content backed up on a defined interval appropriate for the level of risk? | |
| 5. | Are disaster recovery process & procedures defined in writing? If so, are they current? | |
| 6. | Have recovery procedures been tested? | |
| 7. | Are site assets adequately Insured? | |
| 8. | Is a third party “hot-site’ available for emergency recovery? | |
| 9. | Has a Business Contingency Plan been developed to maintain the business while the site is being restored? | |
| 10. | Have all levels in organization gone through the needed training & drills? | |
| 11. | Do support notification procedures exist & are they followed? | |
| 12. | Do support notification procedures support a 24/7 operation? | |
| 13. | Have criteria been defined to evaluation recovery completion / correctness? | |
Download Many More Checklists for QA Managers & Team Leads
Download Several Checklists for Testers & Developers
Download Several Testing Templates – Prepared By Experts
An expert on R&D, Online Training and Publishing. He is M.Tech. (Honours) and is a part of the STG team since inception.