Quality is delighting customers
Thanks for sharing your thoughts and yeah i have an article on "Best Approach For Security Testing Of Web Applications" and here is the link https://medium.com/@alishahndrsn/best-approach-for-security-testing...
As per practices of quality assurance services, following are some of the widely used approaches which can be followed while performing security testing:
1. Access to Application:
Under this approach, one can login to the application with all valid and invalid user roles and should verify that he should get restricted to access it with invalid logins.
2. Data Protection:
To follow this approach, tester should make sure that data maintained in database is in encrypted form so that it gets decrypted only on providing valid auth code or password for it.
3. Brute-Force Attack:
Brute-Force Attack is something where hackers can easily access the website or servers by trying different combinations og
usernames and passwords. Testers can approach its testing by providing account suspension mechanism in which application blocks the account when continuous failure attempts are made to login the application.
4. Session Management:
Session management is also a necessary technique in security testing where session should get expire after some period of time if application remains idle.
5. Error Handling:
Error codes returned in case of any bad request or server error type issues should not contain any confidential details related to the application which can be used by any unknown sources. For example, if an application is throwing an error while login so in that case there should be no confidential details of the user or website displayed either in console or any other add- on/plugin which is being used to track that error as these can be used by any third party unknown sources.