Scribd
Upload
2 views

Assignment4

The document outlines a testing plan for an authentication module, detailing steps to analyze the code, identify vulnerabilities, design test cases, execute tests, and provide recommendations. Key vulnerabilities include input validation issues, SQL injection risks, and improper password handling. Recommendations emphasize implementing input validation, using parameterized queries, and enhancing session management and error handling practices.

Uploaded by

Afshan Tabassum
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
2 views

Assignment4

The document outlines a testing plan for an authentication module, detailing steps to analyze the code, identify vulnerabilities, design test cases, execute tests, and provide recommendations. Key vulnerabilities include input validation issues, SQL injection risks, and improper password handling. Recommendations emphasize implementing input validation, using parameterized queries, and enhancing session management and error handling practices.

Uploaded by

Afshan Tabassum
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Testing Plan

Step 1: Analyze the Authentication Module Code

 Examine the input handling functions to ensure that user inputs are validated and
sanitized.
 Identify logical paths within the authentication process, including user registration, login,
and session management.
 Review password handling mechanisms, such as encryption and storage.
 Check for potential hardcoded credentials or sensitive information.
 Analyze error messages to ensure they do not leak sensitive information.

Step 2: Identify Vulnerabilities

 Input Validation Issues: Lack of validation for username and password fields.
 SQL Injection: Inspect code for any unparameterized database queries.
 Password Handling: Ensure secure password hashing algorithms (e.g., bcrypt) are used.
 Session Management: Verify that sessions are properly created, managed, and
invalidated.
 Error Message Disclosure: Ensure error messages do not reveal if the username or
password is incorrect.

Step 3: Design Test Cases

Test Case Actual


Test Description Expected Outcome Status
ID Outcome
Validate login with correct
TC_001 Login successful
username and password
Attempt SQL injection in the login
TC_002 Block the attempt
field
Validate password encryption Password securely
TC_003
during registration encrypted
Test login with invalid
TC_004 Show generic error message
username/password combination
Check for session timeout after a Session expires and user is
TC_005
defined period logged out
Verify no hardcoded credentials No hardcoded credentials
TC_006
exist in the codebase found
Test error message for password Show generic error without
TC_007
recovery revealing sensitive details
Validate handling of special
TC_008 Input properly sanitized
characters in input fields

Step 4: Execute Test Cases


 Run each test case using both automated and manual testing techniques.
 Document any failed test cases and report security vulnerabilities to the development
team.

Step 5: Recommendations

 Implement input validation functions to sanitize user inputs.


 Use parameterized queries to prevent SQL injection.
 Ensure password hashing and salting with industry-standard algorithms.
 Establish secure session management practices.
 Review and refine error handling mechanisms to protect sensitive information.

You might also like