| || |
what all r the main features to be tested on security aspects apart from authentication and authorization
please give some tips regarding this
how we can set up a test enviornment for security testing
Apart from the Authentication and Authorization aspects, you might focus on the features related to the System(Cookies, Browser, Sessions etc..), Installation, Recovery, Backup & Database of the AUT.
I wrote an article that goes over some of the security tests you could run.
Van Tongeren, T. (2001) "Introduction to Testing Web Application Security." Journal of Software Testing Professionals, International Institute for Software Testing. Sep/Dec 2001.
As far as setting up an environment for security testing, I would suggest trying to mirror the production environment as closely as possible if you can afford the costs. Did you have any specific questions about evironment setup?