Five Principles Needing to Test –
1. Authentication: Identity – Validity
- Login, timeout, failures, pw changes, mins/maxs, stored encrypted, bypass captured URL, handling deletion of outdated, expirations, 2-factor:atm
- Unix:Access.conf, .htaccess, .nsconfig
- Windows: challenge/response; SSO; Passport
2. Integrity: protection from tampering/spoofing
3. Privacy: protection from eavesdropping
4. Non-Repudiation: accountability – digital sigs
5. Availability: RAID,clusters,cold standbys
Read More Here – http://www.softwaretestingtimes.com/2010/07/security-testing-fundamentals.html
Recent Comments