What Activities Should be Executed During Security Testing of Online Stores and Banking Applications?
With the development of information technology and increasing of its involvement in our everyday life the number of cyber-criminals grows, and their attacks become more and more devious.
The circumstance makes software developers raise the security level of their products. This relates to online-stores and banking software products as the users perform various money transactions by means of them, they process the users’ credentials and other sensitive data.
That is why specialists in web site testing, desktop testing and mobile application testing recommend focusing on security creating and verifying applications of that kind. Thorough security testing requires involving experts in penetration testing, they can check whether the system and the user sensitive data are duly protected.
Security Testing of Online-Stores and Banking Programs Should Include Checking Whether:
- the software is resistant to SQL injection attacks;
- the system is protected from brute force attacks;
- the program has proper requirements to the passwords, and the users’ passwords are secure enough, for example, they should include not only letters and numbers but special symbols, low-case and upper-case letters, etc.;
- it is possible to access the system without authorization by entering URLs of the system pages in the browser address bar;
- one can upload and run exe files on the server, such files may launch a malicious code.
A lot of activities are carried out manually during such a verification, but it includes test automation as well.