SPONSORS:






User Tag List

Thanks Thanks:  0
Likes Likes:  0
Dislikes Dislikes:  0
Results 1 to 6 of 6
  1. #1
    Member
    Join Date
    Jul 2002
    Location
    Australia
    Posts
    83
    Post Thanks / Like
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Total Downloaded
    0

    User Access Security Testing For New System

    Hi All

    For all of you who are QA or testing gurus this question may sound completely stupid but I have to ask it.

    At the moment the company I work for is getting a new insurance system and since I am doing all the coordination (and some of the functional testing) testing I am trying to cover every aspect of the testing. So far so good except for the security testing. Do I have go through every user in the company (in excess of 300 users) and test their security access or is there a quicker way?

    Would greatly appreciate your advice on this one. We don't have any automated testing tools at this moment in time.



    ------------------

  2. #2
    Senior Member
    Join Date
    Feb 2001
    Location
    Colorado Springs, CO, USA
    Posts
    864
    Post Thanks / Like
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Total Downloaded
    0

    Re: User Access Security Testing For New System

    Using equivalence class partitioning, you should be able to reduce the number of test cases.

    For example, are the users assigned to a Role, which drives the authorized functions? If so, you could test the functions allowed for each Role, with the assumption that any single user in that Role would be held to those rules.

    If Roles are not used, then is there a table which holds the allowed functions for each user? If so, you may be able to devise test cases that cover each combination of functions (allowed and disallowed), which will probably not only require less than 300 tests, but will also cover for security configurations that existing users may not currently have.

    ------------------
    Thanks,
    Tim Van Tongeren
    Thanks,
    Tim Van Tongeren

  3. #3
    Member
    Join Date
    Jul 2001
    Posts
    95
    Post Thanks / Like
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Total Downloaded
    0

    Re: User Access Security Testing For New System

    Much in line with TestGeek, that is how we do it here. We test against the a Security Matrix which is basically CRUD vs. Screens. Each role has a combination of CRUD for a screen. This determines our test cases.

    ------------------

  4. #4
    Senior Member
    Join Date
    Sep 2001
    Location
    Hyderabad, India
    Posts
    478
    Post Thanks / Like
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Total Downloaded
    0

    Re: User Access Security Testing For New System

    What is CRUD?

    ------------------
    Manoj Jain
    (manojjain99@yahoo.com)
    "A highly advanced bug is indistinguishable from a feature."
    Manoj Jain
    (manojjain99@yahoo.com)
    A highly advanced bug is indistinguishable from a feature.

  5. #5
    Advanced Member
    Join Date
    Aug 2001
    Location
    Minneapolis, MN
    Posts
    953
    Post Thanks / Like
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Total Downloaded
    0

    Re: User Access Security Testing For New System

    From http://www.delphi-services.com/crud.htm

    "These are the specific access rights that are granted to each user profile for each screen. (For example: Create (C) allows the user to create new records, Read (R) allows the user to only view data, Update (U) allows the user to make changes to existing records, Delete (D) allows the user to remove data from the database)"

    ------------------
    Jason Trebilcock
    QA Lead
    Wells Fargo

    http://www.tuxedo.org/~esr/faqs/smart-questions.html
    Jason Trebilcock

    "The single biggest problem in communication is the illusion that it has taken place."

    -George Bernard Shaw, Irish playwright and Nobel Prize winner, 1856-1950

  6. #6
    Junior Member
    Join Date
    Aug 2001
    Location
    Sardinia, Ohio, USA
    Posts
    9
    Post Thanks / Like
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Total Downloaded
    0

    Re: User Access Security Testing For New System

    Security testing is much broader (or can be) then just testing User privileges. Will the system be accessible from outside your local area (WWW)? If so, this could require a lot more testing (but if you have a Firewall, maybe your Network people have to do this testing).

    ------------------

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Search Engine Optimisation provided by DragonByte SEO v2.0.36 (Pro) - vBulletin Mods & Addons Copyright © 2016 DragonByte Technologies Ltd.
Resources saved on this page: MySQL 8.82%
vBulletin Optimisation provided by vB Optimise v2.6.4 (Pro) - vBulletin Mods & Addons Copyright © 2016 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.2.8 (Pro) - vBulletin Mods & Addons Copyright © 2016 DragonByte Technologies Ltd.
vBNominate (Lite) - vBulletin Mods & Addons Copyright © 2016 DragonByte Technologies Ltd.
Feedback Buttons provided by Advanced Post Thanks / Like (Pro) - vBulletin Mods & Addons Copyright © 2016 DragonByte Technologies Ltd.
Username Changing provided by Username Change (Free) - vBulletin Mods & Addons Copyright © 2016 DragonByte Technologies Ltd.
BetaSoft Inc.
Digital Point modules: Sphinx-based search
All times are GMT -8. The time now is 05:32 AM.

Copyright BetaSoft Inc.