# Check the URL’s encryption. Except main page all other branches and sensitive pages should be encrypted in URL
# Check the Cookies, all sensitive cookies should be removed automatically when the application get closed
# Sensitive information stored in the cookies must be encrypted
# For authentication kind of site, the cache must be cleared on exit
# If we edit the cookies while the application is on run, then it should not affect the system; instead it should restore its original (proper) state when the next action happens in the application
# All password and user’s sensitive information transaction should be encrypted
# Encryption should be in the simple way to identify. Typically it should be the mix of special characters, numerals and alphabets(both cases A/a)
# Folder level access should not be allowed. Eg: if the url opens a page inside a specific folder, then if any one deleted the file name and tried with that folder name should not be able to open that folder
# Internal and external IP address mapped with the URL should be secured.

  1. [2011/09/07] How to Test Application Security – Web and Desktop Application Security Testing Techniques *4 by mayank2512 (3706)
  2. [2011/02/02] 19 Attacks for Exploiting Security Vulnerabilities in Applications by senkumari ()
  3. [2010/11/15] [Free] WebGoat : Security Testing Tool *2 by Gwangjou (2586)
  4. [2010/11/13] Test bảo mật & Kiểm soát truy cập *4 by nhoc coi ()
  5. [2010/11/15] Putting Security Into Your Virtual World by Gwangjou (785)