My current project is testing a web page for user booking some services using VISA card. I dont have any experience about security testing. Any one could share that I should do for basic security testing?
My current project is testing a web page for user booking some services using VISA card. I dont have any experience about security testing. Any one could share that I should do for basic security testing?
© 2024 AskTester
Theme by Anders Noren — Up ↑
I have a little bit experience in Security Testing and want to share some points:
1. Usually, to test some kind of payment via VISA/Master Card/Banking, we will test via Web Service (try to google if in case you dont know what it is). When sending this kind of process, we usually have a token, that maybe a encrypt string combine with your information using to validate and secure customer account/information.
2. We also need to test when the application online or offline (maybe internet getting disconnected, application broken) and check if transaction success or not, check balance of customer in case of failure and return their money of couse. 🙂
3. For Visa/Master Case number, validate the mask. This to check the card number is correct or not/ valid to use or not.
4. For further process like process payment, check the role of each application user, there are some restriction in it because these information is very sensitive.
Let me remember , will update you if i found anything more :). Hope it helps.
You can use tempare data plugin of firefox for the security testing and end to end testing ..
along with that try to expose hidden field on the form during submission the request . question is how to find hidden field ? u can find it using firebug and search hidden in ” find html& css”
Thanks guys so much.
I’m very appreciate for your help
Please let me know if you want to share more
@Zooty,
Re: Please let me know if you want to share more
Of course, we want to. Please feel free to share or to ask things so that we can learn each others. Experience is to share not to keep 😉