In general, software products are meant for processing, storing and exchange of data. Different programs process different kinds of data for different purposes.
At present security of user data have become one of the main requirements to an application. Security standards are very high for e-commerce, banking and other programs dealing with sensitive business and personal data.
That is why every mobile application testing, desktop testing and web site testing must include verification of data protection.
One Can Say That Data are Properly Protected If:
- Every user has access and is able to edit only the data that he or she is entitled to utilize.
- All the sensitive data are stored in an encrypted form.
- All the sensitive data are transferred between the server and client machine, the system modules, other software products, etc. in an encrypted form, via protected channels.
Data protection is one of the main points during security testing of a software product. Test engineers have to find out whether the mentioned conditions are met.
Besides, it is necessary to check whether the data are not corrupted or lost during coding, decoding and transitions. One should make sure that sensitive information does not appear in a readable form anywhere, for example, in the browser address line.
Manual and automated testing is applied for checking data protection. This part of software testing must be carried out thoroughly; otherwise the application users and owners may face serious problems.