Security is a very important attribute for any modern application. It is carefully verified during mobile testing, desktop testing and web site testing.
Web software security requires more attention than security of desktop programs. One of important security aspects is access points to software. At this stage the users and application begin interaction. A program should provide effortless and fast access for the users to certain data and do not let malicious and unauthorized users into the system.
Verification of access points is partially carried out not only during security testing, but in course of performance testing, functional testing, usability testing as well.
Checking Access Points of Web Software Testers Should:
- make sure that only trusted users can access the software;
- try to access the program using trusted and untrusted applications, devices, networks; the access must be possible only from trusted ones;
- try to execute many different operations, including authorization of the users, simultaneously and see how the program copes with all of them.
If the program allows uploading files, testers have to pay attention to this function as well.
Applications Allowing Downloading Files Must:
- set distinct requirements for the files such as type, size restrictions;
- scan every file for malicious code before uploading it.
Experts in software testing recommend verifying web programs dealing with sensitive data in a test environment before it goes in production. Security and other tests may damage users’ data or cause other problems.