How To Test A Computer System On A Microsoft Powerbook 2.5 (Windows) (Windows 2) (Powerbook 2) And Powerbook 1.5.1 (Windows 3) (For Windows) (Programmer) (Or

Similar documents
Magento Security and Vulnerabilities. Roman Stepanov

How To Understand And Understand The Security Of A Web Browser (For Web Users)

Web Application Vulnerability Testing with Nessus

05.0 Application Development

Pentests more than just using the proper tools

Pentests more than just using the proper tools

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

Adobe Systems Incorporated

Overview of the Penetration Test Implementation and Service. Peter Kanters

Essential IT Security Testing

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Hardening Moodle. Concept and Realization of a Security Component in Moodle. a project by

Online Vulnerability Scanner Quick Start Guide

Where every interaction matters.

Testing the OWASP Top 10 Security Issues

Release Notes for Websense Security v7.2

How to complete the Secure Internet Site Declaration (SISD) form

OWASP Top Ten Tools and Tactics

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

(WAPT) Web Application Penetration Testing

OWASP TOP 10 ILIA

Cloud Security:Threats & Mitgations

Using Free Tools To Test Web Application Security

Web Application Security Assessment and Vulnerability Mitigation Tests

Annex B - Content Management System (CMS) Qualifying Procedure

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

SQuAD: Application Security Testing

Cracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH January 17, Mega Conference

Quality Assurance version 1

Web Application Report

The Electronic Arms Race of Cyber Security 4.2 Lecture 7

Web Application Penetration Testing

Development Processes (Lecture outline)

How To Fix A Web Application Security Vulnerability

Improving Web Application Security by Eliminating CWEs Weijie Chen, China INFSY 6891 Software Assurance Professor Dr. Maurice Dawson 15 December 2015

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

WebCruiser Web Vulnerability Scanner User Guide

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6

Secure Web Application Coding Team Introductory Meeting December 1, :00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

Sitefinity Security and Best Practices

Knowledgebase Article

The Top Web Application Attacks: Are you vulnerable?

Application security testing: Protecting your application and data

WHITE PAPER. FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0

VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES. AUTHOR: Chema Alonso

WEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services

Passing PCI Compliance How to Address the Application Security Mandates

Performing a Web Application Security Assessment

Rational AppScan & Ounce Products

Secure Web Development Teaching Modules 1. Threat Assessment

Web Application Security

Integrating Security Testing into Quality Control

National Fire Incident Reporting System (NFIRS 5.0) NFIRS Data Entry/Validation Tool Users Guide

MANAGED SECURITY TESTING

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

Web Vulnerability Assessment Report

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh

Attack Vector Detail Report Atlassian

Cloud Security Framework (CSF): Gap Analysis & Roadmap

National Fire Incident Reporting System (NFIRS 5.0) NFIRS Data Entry/Validation Tool Users Guide

Introduction:... 1 Security in SDLC:... 2 Penetration Testing Methodology: Case Study... 3

Successful Strategies for QA- Based Security Testing

Sophos UTM Web Application Firewall for Microsoft Exchange connectivity

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Online Vulnerability Scanner User Manual

Columbia University Web Security Standards and Practices. Objective and Scope

Guide for the attention of developers/hosts for merchant websites on the minimum level of security for bank card data processing

Software Assurance Tools: Web Application Security Scanner Functional Specification Version 1.0

Thick Client Application Security

Development. Resilient Software. Secure and. Mark S. Merkow Lakshmikanth Raghavan. CRC Press. Taylor& Francis Croup. Taylor St Francis Group,

Intrusion detection for web applications

TECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS

Sichere Software- Entwicklung für Java Entwickler

Web Application Attacks And WAF Evasion

What is Web Security? Motivation

Cyber Security & Data Privacy. January 22, 2014

Mean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP

Nuclear Regulatory Commission Computer Security Office Computer Security Standard

User Manual V1.3. NCB File /alahlincb

Secure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification

Six Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business

Web Application Guidelines

From the Bottom to the Top: The Evolution of Application Monitoring

SerialMailer Manual. For SerialMailer 7.2. Copyright Falko Axmann. All rights reserved.

Security Assessment through Google Tools -Focusing on the Korea University Website

Penta Security 3rd Generation Web Application Firewall No Signature Required.

White Paper BMC Remedy Action Request System Security

Errors That Can Occur When You re Running a Report From Tigerpaw s SQL-based System (Version 9 and Above) Modified 10/2/2008

NETWRIX EVENT LOG MANAGER

Application Security Testing. Generic Test Strategy

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith

Cloud Security Framework (CSF): Gap Analysis & Roadmap

Web Application Firewall on SonicWALL SSL VPN

Table of Contents SQL Server Option

Arctic Network SQL Server Data Analysis Using Microsoft Access

Transcription:

2014 Guide For Testing Your Software Security and Software Assessment Services (SSAS)

Usability Testing Sections Installation and Un-Installation Software Documentation Test Cases or Tutorial Graphical User Interface Stress Testing Security Vulnerability Testing 2

Installation Run a Virus Scan Verify Documentation Network installation instructions if necessary. Documentation required for Application like Web Applications & Spreadsheets. 3

Installation Installation Settings Typical v. Custom Install Directories Shortcuts Confirm successful installation & un-installation of Applications. Software Encryption Input serial numbers or security keys if necessary Test invalid inputs for validation 4

Software Documentation Check if the EPRI Software Manual Template was used. Check headers and footer Check for system requirements: Hardware and Software specifications Permissions such as Administrator rights Check application feature descriptions Check spelling and grammar 5

Test Cases Reminder: One tutorial is required or at least three solved example problems. Execute & confirm all tutorials for correct inputs and outputs. Verify that the calculations, graphs, and screenshots match the documentation. Note: If any inputs or results do not match, the software can not be approved to send to customers. 6

Graphical User Interface Check for the Preproduction Splash Screen (if preproduction stage) Windows fit in the main application screen and nothing is cutoff if windows are resized Make sure all information is accessible Internationalization Check compatibility SI Units Change appearance settings Tab order and hot-keys (alt-keys) Check embedded Help feature, including buttons to open the Help feature 7

Stress Testing Range checking Boundaries of numeric inputs Input type Numerical Alphabetical Special Characters Follow the solved example problems, but then skip a step or do them in a different sequence 8

Stress Testing Check print feature Try different login combinations Check error messages for clarity. Error messages should appear when the error occurs. Check for spelling within the application 9

Stress Testing For databases: Ensure all connections through the application are valid when accessing data Ensure single quotes and double quotes are tested to verify they do not corrupt the database Add duplicate records Delete all records to make sure it does not crash the application Modify data files to make sure the application gives a correct error message 10

Stress Testing With administrative feature Verify Admin privilege and how it differs from a regular user Check for compatibility with Microsoft Office applications if applicable (such as copy and paste features) Test functionalities of buttons Check save feature Without administrative feature 11

Stress Testing Check open file feature correct file extensions, choosing incorrect file type brings up error message, etc.) The International Standard date notation DD-MM-YYYY United States Standard If there are graphs, check graph features and settings Check options/settings not covered in the sample problems. Check to make sure international units are converted correctly date notation MM-DD-YYYY 12

Stress Testing Maximize, minimize, and resize windows to make sure the application responds correctly. Check keyboard shortcuts Check all menu items, including the pop-up menus that come up when the user right-mouse clicks an item If there are hardware/software keys, check to see if the application responds when executed with the key(s), then without the key(s) X C V 13

Security Vulnerability Testing OWASP Top Ten Web Application Vulnerabilities http://www.owasp.org/index.php/owasp_top_ten_project 1: Injection 2: Cross-Site Scripting (XSS) 3: Broken Authentication and Session Management 4: Insecure Direct Object References 5: Cross-Site Request Forgery (CSRF) 6: Security Misconfiguration 7: Insecure Cryptographic Storage 8: Failure to Restrict URL Access 9: Insufficient Transport Layer Protection 10: Unvalidated Redirects and Forwards 14

Security Vulnerability Testing Two examples of vulnerabilities that SSAS will test for: Structured Query Language (SQL) Injection Cross-Site Scripting The developer is expected to address security vulnerabilities when developing an application 15

Security Vulnerability Testing SQL Injection Injection of a SQL Query through input data, such as a querystring or form Examples: In the querystring, enter a SQL Statement, such as " ; Delete from users -- ", into a querystring variable Enter in " ' OR 1=1 " into a form field or querystring variable See the following for more information and testing examples: http://www.owasp.org/index.php/sql_injection 16

Security Vulnerability Testing Cross-Site Scripting - Harmful scripts are entered into web sites via querystring or form field Example: Enter in "<script type="text/javascript"> alert( hello ); </script>" into a form field to check whether the form field is validated Allows the user to execute scripts that are harmful See the following for more information: http://www.owasp.org/index.php/cross-site-scripting 17

Security Vulnerability Testing Testing tools: OWASP s Web Scarab (Manual) OWASP s Zed Attack Proxy (Automated) Rapid 7 (Automated) Reference: Open Web Application Security Project (OWASP) http://www.owasp.org/index.php/main_page 18

What SSAS Does Not Do SSAS software usability testing does not do: V&V (Verification and Validation) testing Test or validate real world data (this should be done by beta testers) Exhaustive testing or white box (source code) testing SSAS usability testing will not find all errors and is not intended to All errors are expected to be found by developers 19

Together Shaping the Future of Electricity

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information