What may be the possible generic scenarios while testing Window Based application for Security Testing?
Any difference while testing windows based application for security testing as compare to Web Application?
Security of any product or web application is dealing with three terms:
C- Data should not be observed by unauthorized person.
I- Data should not be modified by unauthorized person.
A- Data should be availaible to the right person to the right time to the right place.
As per said by Ravi Authentication and Authorization are also important aspect of security.
As a software tester you must concentrate on this issue first because customers information is great asset.
If you are working on the web application you should concentrate two more security threats
1. sql injection- Insertion of the sql query into the web application which can directly interact with thw backend database on server to reveal information stored in it.
2. cross site scripting- Insertion of the scripting code into client browser.so when client send data to server database, scripting code on client side get stored into the server database.when new user request for data from that database,new client would affect with that attached script performing unsecure operations with client browser like theft of user private data,functionality modified by script and many more.