A few major key-points to be taken care of while hunting for security vulnerabilities. Let's study them in detail and build test scenarios around them too. Test scenarios may be implemented at both Unit Testing and QA team level.
- IDOR (Insecure Direct Object reference)
- Input validation Script tags, HTML tags, SQL Injection
- OTP BYPass
- Mobile No. & Email
- Payment Amount Tampering
- Appendage if information : Enumeration of Data
- Secret keys and Account Information should not be used in API, JS, HTML etc.
- Validated Tokens
- Manipulating API Responses
- Cross team Integrations
- Third party Integrations
- Sharing of personal Identification Information
- API errors and Session Timeouts
- Data Privacy
No comments:
Post a Comment
Thanks a lot for your valuable Comment!