It is known that nowadays security is paid considerable attention during software development and mobile testing, desktop testing, web site testing.
Today not only governmental, military, banking and e-commerce software products require a high level of security. Owners of gaming applications protect their products and users’ data as well.
Experts in manual and automated testing of software security claim that one of the important elements of application security is login procedure. At this stage software is often vulnerable to cyber-attacks. If security is of utmost importance for the program, developers and testers should focus on the login procedure.
Verifying Login Procedure One Should Pay Attention to Such Points:
- whether the users’ logins and passwords are transferred via secured channels, in an encrypted form;
- whether the passwords are secure enough, contain different types of symbols, have limitations on minimal and maximal number of symbols;
- whether an autocomplete function is disabled in the password field;
- whether the password symbols are hidden during typing; dots or asterisk can be visible instead of them;
- whether the function of changing password is secure, including cases when the user forgets the password; whether the security questions is used in such a situation.
Security testing is a complex activity that consists of verifying many aspects. It should be given due consideration during every software testing.