What is the diff. between Http and HTTPS. secure and unsecure testing in wab based application.
What is the diff. between Http and HTTPS. secure and unsecure testing in wab based application.
HTTP and HTTPS are protocols.
YOu are talking about protocol testing, or web application access using HTTPS, the test case are same as for http access, just you have to made more securitytest cases related to https access.
Regards,
Brijesh Jain
---------------------------------------------------------
Connect with me on Skype: jainbrijesh
Google Plus : jainbrijeshji
HTTP and HTTPS are protocols, used for transferring data through Web of which HTTPS is a secured service used mainly in Intranet applications and in the application which requires a very secured access such as application used for Internet banking, online shopping etc.,. HTTPs is used mostly in the Dynamic data.
Mostly the test cases for both will be same, but HTTPS requires more test cases which tests its security. Some of the extra test cases which you will be executing for HTTPS web pages are
- the application is not accessible if left alone for some period of time
- Only the users from the privileged group can login to the application
- Should ask for a password change once in a month
- should get locked if the wrong password is entered for more than three times
- For Intranet applications should be accessible only within the network
- All the information stored should be secured.
Regards,
Ganesan
Hi ganesan,Originally Posted by sridharrganesan
I use gmail using https only, but the test cases you have written here, all fail in my scenario, it means, gmail https is not correct or the test case, where is the problem?
Regards,
Brijesh Jain
---------------------------------------------------------
Connect with me on Skype: jainbrijesh
Google Plus : jainbrijeshji
Hi Brijesh,
The test cases I have mentioned will be followed in most of the web pages using HTTPS. I think you can the below test cases in gmail also. Also I dont know what are the security factors they are looking for gmail.
- Only the users from the privileged group can login to the application, which means the user who have the account created can only login. But this is common in HTTP site also.
- should get locked if the wrong password is entered for more than certain number of times.
Ganesan
What I can say about it is, it totally depend on SRS how we will handle the security issuse, You know our site geekinterview.com also give only 5 chance to login and then locked the user.But it's not using https, what you say?
Regards,
Brijesh Jain
---------------------------------------------------------
Connect with me on Skype: jainbrijesh
Google Plus : jainbrijeshji
Hey People,
It is true that security perspective of a site with regards to the number of Login attempts would not be decided by https or http protocols. It is more or less dependant on the security level as designed by the Dev team.
Https would actually pertain to these points. I picked a few from Sridhar
- Session Timeout - Application Idle.
- Accessing the application outside a Secure network.
- Accessing the same site with http within the Intranet network.
- Secure methods of Information transferring meaning Should not use the GET method as part of URL. It should use the Secure Socket Layer encryption.
- Testing whether Data interruption is possible in transit - use Man in the Middle Attacks, Eavesdropping etc.
Cheers...
Posting Permissions
Reply With Quote