How to write Security test cases?

I shall deal with the approach and the style for writing security test cases. Before you begin writing your test cases, note that 1) It is important to segregate based on Roles (something like Admin, Manager, Supervisor etc.) 2) You will need to delve into the negative scenario for a particular event initially before taking up the positive scenarios. This will ensure continuity of the test cases and will greatly help. -0x0-Given below is a very simple example for the approach to write security test cases. Once you are aware of the knack of writing simple ones like this, you can graduate to writing larger and complex ones. Yes, It is a great aid to novice and intermediate testers to follow these and test the security for any kind of application. NO. Action 1 Invoke the application by typing the URL http://abhi/myProj/Default.asp” Verify the login security for the Project Lead. 2 Login with loginname as abhilash and password as password56. The user should be logged in and be directed to the Home page. Test Steps The browser should be invoked and the application login page should appear. Pass/ Comments Fail

The home page should contain the following menu structure. - Projects Verify the menu structure on the Home page. - Tasks - Dashboard - Reports - Skills

The Projects menu should contain the following menu Verify the menu dropdown for the Projects items. 4 menu. - Create Task - Create Build - Create Module Like this you will need to cover the other *** menus too. End of verification for the Project Lead.

Verify the login security for a Team Member 1 The user should be logged in Login with loginname anoop and password and navigated to the Home as anooppass. page. The home page should contain the following menu structure. - Projects Verify the menu structure on the Home page. - Tasks - Dashboard - Reports - Skills The user should NOT be able to Verify that the user cannot select the menu select the menu item Projects. item Projects. The menu should be displayed as disabled. The user should be able to Verify that the user can select the menu item select the menu item Tasks. Tasks. The menu should be displayed as enabled. The user should NOT be able to Verify that the user cannot select the menu select the menu item item Dashboard. Dashboard. The menu should be displayed as disabled. The user should be able to Verify that the user can select the menu item select the menu item Reports. Reports. The menu should be displayed as enabled. The user should NOT be able to Verify that the user cannot select the menu select the menu item Skills. item Skills. The menu should be displayed as disabled. like this you will need to tackle each content on respective pages. End of verification for the team member. Refer to the image snapshots to get an idea on the approach to write complete security test cases. Security Test Case Part I for the user admin