Thorough security testing is required for all modern software products. Some security aspects are checked in course of other testing activities. For example, one verifies the logging procedure and touches upon access rights of the system roles during functional testing.
Interaction with many web, desktop and mobile software products starts with logging into them. If a program stores and processes private or proprietary sensitive information, the passwords should be secure.
When a person wants to get an unauthorized access to an application, first of all he or she tries to guess the suitable combination of login and password. There are many free and commercial tools for brute force attacks. They contain the list of popular usernames and passwords and can pick the suitable credentials fast if the password is not complex enough.
So, a Program Should Have Certain Password Requirements Such As:
- Maximum and minimum number of the symbols. Many modern web applications accept passwords consisting of minimum 6 or even 8 symbols.
- Types of the symbols. A secure password includes symbols of different types, like lowercase and uppercase letters, figures, punctuation marks, asterisks, other symbols.
Hackers and specialists in penetration testing know that the password can also be taken from the web application cookies if it is stored there in clear. Web site testing assumes cookies inspection during different verifications, in particular, functional testing and security testing.