Note: IntelliSense.io also runs data/integration/etc.. security tests - this article covers the feature security checks.
We follow the standard security checks that suits our system to run set of test scenarios and verify how secure our system is, below are the security checks we run constantly:
- Verify the web page which contains important data Ex. login page that has password entry should be submitted via HTTPS (SSL).
- Verify the important information like password, etc should display in encrypted format.
- Verify password rules are implemented on all authentication pages like Registration, forgot password, change password.
- Verify that the user should not able to copy/paste the password field.
- Verify if the password is changed the user should not be able to login with the old password.
- Verify the error messages should not display any important information.
- Verify the user account gets locked out if the user is entering the wrong password several times.
- Verify the user roles and their rights.
- Verify changing in any URL parameters like Dashboard parameters, the system should response correct to the changes.
- Verify accessing some pages for different users privilege by copying and paste those pages in the browser for those different users access rights. The User should not be allowed to access any data that he/she does not allowed to access.
- Verify the system behavioural with the valid/Invalid password and only valid credentials working.
- Both "change password" and "logout" functions are provided.
- Change password requires provision of old password use.
- User Should be informed of last login time after login to the system.