Web software must be secure and convenient for its users. Providing these qualities is the main task for web application designers. Their implementation is checked during functional testing, performance testing, security testing, etc.
One of the important aspects of web systems, in particular those that interact with numerous users and deal with sensitive data, is access points. Access points for software like e-commerce applications, banking applications, online stock trading systems must provide easy and fast access for all the good users and not let malicious or suspicious users damage or steal data.
Web Systems of This Type Should:
- provide for the users 24/7 access to their personal financial data, if it is a banking application, current and previous stock prices, if it is an online stock trading system, list and description of the goods, if it is an online store;
- allow to perform the determined transactions 24/7 or, for instance, at given time of weekdays;
- do not allow to change certain data, such as date and time of transactions, etc.;
- prohibit access to the system for untrusted users, computers, software products; penetration testing of such web programs should include verifying of this feature.