I'm a QA, my company test only program by hand and only test depend on function and GUI of program.
Today my manager request I test security of data, what I don't know do now?
Pls, help me how to test security of data?
Go into application - change some data and save.
Exit application - go to (are you on windows?) file manager and search for files most recently changed.
On of these will probably be your database.
See if you can open it up and read or change the contents. If you can then security is poor!
Can you ask your developers what database they are using?
It really would help if you could supply even the most basic information about how your app is constructed.
It sounds like you want to be able to test security by hand (with no tool) and only through the GUI application's functionality (ignoring external attacks like access through some other means besides the application.) Inside the application itself, there are several things you can validate:
- ensure that the system authenticates users
- ensure that the system allows users to only perform authorized functions
- ensure that the user cannot circumvent security in the system (altering client code, alter their own security settings)
- ensure that there is a useful audit trail of system usage (invalid logins, valid logins, user action)