How to test for security testing in case of web applications.?

Questions by shivb

Showing Answers 1 - 4 of 4 Answers

In case of web application : 

1.Login into the application and move to next next pages and then save the page`s http and then come out of the application and open a new browser or new tab and paste the saved http and try to access it.....
2.login using ur credentials into application and close the browser and open the browser and tend to open the same application see it is showing already login or not.... the option remember me for login and check by close and reopen the browser.
4.Try to save the password in chrome like browser and if u give ur username it is logging in.
5.try to open the yesterday web application through history
6.try to give with different username and password.


  • Oct 14th, 2011

Thanks to hackers security testing is the buzz word these days. Here are a few I have done in the past:

Cookie testing : Open cookies in notepad and check if you can change the information. If you can change the info, then try running the file and check system behavior.

SSL testing : change setting in SSL config files and run them. Check system behavior (including DB behavior) while these files are running.

Sql injections: Yes, literally you try to inject SQL queries into the site URL and see what happens.
On a serious note: append SQL queries to URLs when you see asp, html pages. if you see '=' in the URL string, the prefix is the variable, so thats where you can append the sql queries. SQL injections testing is an art by itself. So be careful while playing this card during an interview. You can always tell the person that you haven't done it but a QA developer at your previous company used to do this and that how you know the method.

Authenticated URL: When you sign into an application, the URL changes. Copy paste this URL in a separate browser and check if you see the same page as in the other browser. It shouldn't! you could try this with your yahoo or gmail account. After you sign into your account, copy the URL and paste it into a different browser and see if you can see your inbox.

Database leaks testing: Done by advanced SQL injections.

Nitin Sharma

  • Nov 4th, 2011

TC1>Login into website the logout ,it should successfully logout.

TC2>Login into a particular browser like FF and then copy URL and paste it on another browser like chrome,it shouldn't display the sign in page.

TC3>LogIn and open a new tab in the same browser then when we signout from one browser sign in page should not display in another browser also.

TC4>Login and sign out then press back button,it should not go to sign in page.

TC5>Add Login Page in Favorite of browser then open website through this ,it should not display the sign in page.


  • Dec 6th, 2011

Scenario 1:
1. Login to web application by providing credentials
2. Now logout from the application and click on browser back arrow
Result: It should not redirect to User home page

1. Logon to Web application with valid credentials and dont logout but click on into(X) mark in browser
2. Again open the browser and type the application URL
Result: Application Login page should be shown

  Was this answer useful?  Yes

Give your answer:

If you think the above answer is not correct, Please select a reason and add your answer below.


Related Answered Questions


Related Open Questions