# Check the URL셲 encryption. Except main page all other branches and sensitive pages should be encrypted in URL
# Check the Cookies, all sensitive cookies should be removed automatically when the application get closed
# Sensitive information stored in the cookies must be encrypted
# For authentication kind of site, the cache must be cleared on exit
# If we edit the cookies while the application is on run, then it should not affect the system; instead it should restore its original (proper) state when the next action happens in the application
# All password and user셲 sensitive information transaction should be encrypted
# Encryption should be in the simple way to identify. Typically it should be the mix of special characters, numerals and alphabets(both cases A/a)
# Folder level access should not be allowed. Eg: if the url opens a page inside a specific folder, then if any one deleted the file name and tried with that folder name should not be able to open that folder
# Internal and external IP address mapped with the URL should be secured.

Share
Related Documents
  1. New Advanced SQL Injection For Advanced Security Testing (1964)
  2. [Free] WebGoat : Security Testing Tool (2474)
  3. [Ebook] Linux 101 Hacks (3125)
  4. Security Testing Reference : SQL Injection (2450)
  5. Security Testing Reference : Cross-Site Scripting (XSS) (2357)
  6. [Ebook] Hacker Attack (2994)
  7. [Ebook] Google Hacks : 2nd Edition (2796)
  8. [Free] Security Software Testing Suite (SSTS) : Application-based security testing (1942)
  9. Using JTest for Security Testing (2401)
  10. OWASP Top 10 - 2010 (Security Testing) (2001)
  11. Putting Security Into Your Virtual World (726)
  12. Password Recovery for Security Testing (1609)
  13. How to Secure CXF Web Services with SSL/TLS and WS-Security (3817)
  14. OWASP Testing Guide (2853)
  15. Types of Web Security Testing? (1625)
  16. [Paid] Sunbelt Network Security Inspector : Network Vulnerability Assessment Scanning (1773)
  17. [Free] webstretch : Security Testing Tool (2384)
  18. 2010-10-27, SecureWorld Expo @ USA (1648)
  19. Web Security Testing Glossary (1904)
  20. [Free] Exploit-Me : Web application security testing tools (3905)