SlideShare a Scribd company logo

Running Head LAB 51LAB 57Lab 5.docx

Download as DOCX, PDF
T
toddr4

Running Head: LAB 5 1 LAB 5 7 Lab 5 Gretchen Greene Nathan Stewart, PhD May 8, 2017 Executive Summary As with any new technology, risks can arise in e-commerce that is not common to those traditional “brick-and-mortar” stores. A huge concern for e-commerce applications is credit/debit card use. Major damage can be done to an organization if the credit/debit card transactions are not secured in terms of financial fraud, loss of consumer confidence, identity theft, or legal regulations. Online Goodies provides custom promotional gifts to corporate customers and is an Internet-based company. Some of their products include mugs, computer accessories, t-shirts, and office décor. The majority of its income comes from online credit card purchase. They give their repeat customers a discount based on their annual purchase amount. This report is to create a test plan for Online Goodies based on the OWASP standards. The report includes an overview and rationale of all of the tests performed including a brute force test, an authentication test, privilege escalation test, code injection test, and web application fingerprint test. Table of Contents Executive Summary……………………………………………………………………………….2 Table of Contents………………………………………………………………………………….3 Types of Test Being Performed…………………………………………………………………...4 Test Plan for Online Goodies Site According to OWASP Standards……………………………..4 Rationale for Testing Used………………………………………………………………………..4 References…………………………………………………………………………………………7 Types of Tests Performed The least expensive way to reduce costs and risks and improve software quality is to catch deficiencies as early as possible. To understand the guidelines for testing the OWASP Testing Guide was used. The tests used in this plan are: Usability Testing, Unit Testing, Interface Testing, Integration Testing, Functionality Testing, Performance Testing, Security Testing, Authentication and Authorization Testing, Privilege Escalation Testing, and Web Application Fingerprint Testing. Test Plan for Online Goodies Site The purpose of his test plan is to ensure the Goodies site meets all of its business, functional, and technical requirements. The test plan describes the schedule of test activities, test plan strategy, activities, resources, and scope. This document will identify the features on the site to be tested, the testing tasks, the user assigned to each task, each testing environment, techniques, explanation of options, and risks. Before actually testing the site, you have to create test cases. This is the sample data which will be used to go through the system. These can be created as soon as the requirements are received. Additional test cases should be created to test other aspects of the system due to its complexity. Explanation of Testing Usability testing is one of the most important aspects of building a website. Users are not going to take the time to try to use a website that is poorly designed. We are used.

Education
1 of 5
Running Head: LAB 5 1 LAB 5 7 Lab 5 Gretchen Greene Nathan Stewart, PhD May 8, 2017 Executive Summary As with any new technology, risks can arise in e-commerce that is not common to those traditional “brick-and-mortar” stores. A huge concern for e-commerce applications is credit/debit card use. Major damage can be done to an organization if the credit/debit card transactions are not secured in terms of financial fraud, loss of consumer confidence, identity theft, or legal regulations. Online Goodies provides custom promotional gifts to corporate customers and is an Internet-based company. Some of their products include mugs, computer accessories, t-shirts, and office décor. The majority of its income comes from online credit card purchase. They give their repeat customers a discount based on their annual purchase amount.
This report is to create a test plan for Online Goodies based on the OWASP standards. The report includes an overview and rationale of all of the tests performed including a brute force test, an authentication test, privilege escalation test, code injection test, and web application fingerprint test. Table of Contents Executive Summary……………………………………………………………… ……………….2 Table of Contents……………………………………………………………… ………………….3 Types of Test Being Performed…………………………………………………………… ……...4 Test Plan for Online Goodies Site According to OWASP Standards……………………………..4 Rationale for Testing Used…………………………………………………………………… …..4 References…………………………………………………………… ……………………………7 Types of Tests Performed The least expensive way to reduce costs and risks and improve software quality is to catch deficiencies as early as possible. To understand the guidelines for testing the OWASP Testing Guide was used. The tests used in this plan are: Usability Testing, Unit Testing, Interface Testing, Integration Testing, Functionality Testing, Performance Testing, Security Testing, Authentication and Authorization Testing, Privilege Escalation Testing, and Web Application Fingerprint Testing. Test Plan for Online Goodies Site The purpose of his test plan is to ensure the Goodies site meets all of its business, functional, and technical requirements.
The test plan describes the schedule of test activities, test plan strategy, activities, resources, and scope. This document will identify the features on the site to be tested, the testing tasks, the user assigned to each task, each testing environment, techniques, explanation of options, and risks. Before actually testing the site, you have to create test cases. This is the sample data which will be used to go through the system. These can be created as soon as the requirements are received. Additional test cases should be created to test other aspects of the system due to its complexity. Explanation of Testing Usability testing is one of the most important aspects of building a website. Users are not going to take the time to try to use a website that is poorly designed. We are used to being able to adapt to a website quickly. Usability testing evaluates a website by having the users test it. Users testing the site verify controls and navigation is working properly. White box testing is done by a full access user who has access to architecture documents and coding. The user with full access has the ability to do more in depth testing. This allows vulnerabilities and risks to be discovered faster than when testing using the black box method. Unit testing tests the requirements. Each part of the program is tested separately to make sure it’s working properly. The earlier a bug is found the lower in cost it is to fix. Unit testing is part of White box testing and is done before integration testing. Interface testing tests the communication between different software systems. This testing checks to ensure end-users are able to use the system without any problems. It also checks to see that the system is user-friendly. Interface testing also verifies the application server can handle a network failure to the website should there be a problem. Integration testing tests all units of the system together. Testing as a system often causes bugs to occur. Integration testing occurs after the unit testing has been completed and is
part of black box testing. It checks features but also checks data flow between those modules and features. Black box testing tests the system, design, and source code. The user’s point of view helps expose discrepancies in the specifications. The goal is to ensure the application works. Integrations, system, and acceptance testing make up black box testing. Functionality testing tests business requirements of the application. Functionality testing covers the functional part of the application like integration of search and data manipulation. Functional testing is done to make sure invalid negative test results and erroneous inputs are generated. Features that are checked are homepage, information, terms, privacy policy, returns, and about pages. Security testing checks the site for vulnerabilities and unauthorized access. Online Goodies accepts credit card payments making security a high priority. The security testing will use the six basic concepts which are: confidentiality, integrity, authentication, availability, authorization, and non- repudiation. The website will need comprehensive security testing to ensure everything is secure to protect customers’ information. Web application fingerprinting tests for popular vulnerabilities attacking applications and web servers. This type of testing is important for penetration testing. The fingerprint will show what information is available in a possible attack. Privilege escalation testing is used to ensure account access controls are working and used properly. It exploits a bug or design flaw to hack the system and get user access with elevated access which should normally be protected from the user. This is a form of penetration testing. References Chavhan, A. (2016). What is Walkthrough in Software Testing? Retrieved from:
http://www.softwaretestingandistqb.com/what-is-walkthrough- in-software-testing/ OWASP. (2013). Handling E-Commerce Payments. Retrieved from: https://www.owasp.org/index.php/Handling_E- Commerce_Payments OWASP. (2013). Improving Web Application Security: Threats and Countermeasures. Retrieved from: http://msdn.microsoft.com/library/default.asp?url=/library/en- us/dnnetsec/html/ThreatCounter.asp E-commerce Special Interest Group PCI Security Standards Council. (2013). Information Supplement: PCI DSS E-commerce Guidelines. Retrieved from: https://www.pcisecuritystandards.org/pdfs/PCI_DSS_v2_eCom merce_Guidelines.pdf

Recommended

mastering_web_testing_how_to_make_the_most_of_frameworks.pdf
mastering_web_testing_how_to_make_the_most_of_frameworks.pdfmastering_web_testing_how_to_make_the_most_of_frameworks.pdf
mastering_web_testing_how_to_make_the_most_of_frameworks.pdfsarah david
 
mastering_web_testing_how_to_make_the_most_of_frameworks.pptx
mastering_web_testing_how_to_make_the_most_of_frameworks.pptxmastering_web_testing_how_to_make_the_most_of_frameworks.pptx
mastering_web_testing_how_to_make_the_most_of_frameworks.pptxsarah david
 
Implementing a testing strategy
Implementing a testing strategyImplementing a testing strategy
Implementing a testing strategyDaniel Giraldo
 
ONLINE APPOINTMENT SYSTEM1ONLINE APPOINTMENT SYSTEM18.docx
ONLINE APPOINTMENT SYSTEM1ONLINE APPOINTMENT SYSTEM18.docxONLINE APPOINTMENT SYSTEM1ONLINE APPOINTMENT SYSTEM18.docx
ONLINE APPOINTMENT SYSTEM1ONLINE APPOINTMENT SYSTEM18.docxcherishwinsland
 
Top 7 reasons why software testing is crucial in SDLC
Top 7 reasons why software testing is crucial in SDLCTop 7 reasons why software testing is crucial in SDLC
Top 7 reasons why software testing is crucial in SDLCSLAJobs Chennai
 
Software Testing Types Comprehensive Guide
Software Testing Types Comprehensive GuideSoftware Testing Types Comprehensive Guide
Software Testing Types Comprehensive GuideTestgrid.io
 
What are the advantages of non functional testing
What are the advantages of non functional testingWhat are the advantages of non functional testing
What are the advantages of non functional testingMaveric Systems
 
Glimpse and Benefits of Testing
Glimpse and Benefits of TestingGlimpse and Benefits of Testing
Glimpse and Benefits of TestingSourabh Kasliwal
 

Recommended

mastering_web_testing_how_to_make_the_most_of_frameworks.pdf
mastering_web_testing_how_to_make_the_most_of_frameworks.pdfmastering_web_testing_how_to_make_the_most_of_frameworks.pdf
mastering_web_testing_how_to_make_the_most_of_frameworks.pdfsarah david
 
mastering_web_testing_how_to_make_the_most_of_frameworks.pptx
mastering_web_testing_how_to_make_the_most_of_frameworks.pptxmastering_web_testing_how_to_make_the_most_of_frameworks.pptx
mastering_web_testing_how_to_make_the_most_of_frameworks.pptxsarah david
 
Implementing a testing strategy
Implementing a testing strategyImplementing a testing strategy
Implementing a testing strategyDaniel Giraldo
 
ONLINE APPOINTMENT SYSTEM1ONLINE APPOINTMENT SYSTEM18.docx
ONLINE APPOINTMENT SYSTEM1ONLINE APPOINTMENT SYSTEM18.docxONLINE APPOINTMENT SYSTEM1ONLINE APPOINTMENT SYSTEM18.docx
ONLINE APPOINTMENT SYSTEM1ONLINE APPOINTMENT SYSTEM18.docxcherishwinsland
 
Top 7 reasons why software testing is crucial in SDLC
Top 7 reasons why software testing is crucial in SDLCTop 7 reasons why software testing is crucial in SDLC
Top 7 reasons why software testing is crucial in SDLCSLAJobs Chennai
 
Software Testing Types Comprehensive Guide
Software Testing Types Comprehensive GuideSoftware Testing Types Comprehensive Guide
Software Testing Types Comprehensive GuideTestgrid.io
 
What are the advantages of non functional testing
What are the advantages of non functional testingWhat are the advantages of non functional testing
What are the advantages of non functional testingMaveric Systems
 
Glimpse and Benefits of Testing
Glimpse and Benefits of TestingGlimpse and Benefits of Testing
Glimpse and Benefits of TestingSourabh Kasliwal
 
Why is software testing important
Why is software testing important Why is software testing important
Why is software testing important Infowind Technologies (IT) Pvt Ltd
 
Why is software testing important
Why is software testing importantWhy is software testing important
Why is software testing importantInfowind Technologies (IT) Pvt Ltd
 
Software testing lecture notes
Software testing lecture notesSoftware testing lecture notes
Software testing lecture notesTEJVEER SINGH
 
IRJET-A Review of Testing Technology in Web Application System
IRJET-A Review of Testing Technology in Web Application SystemIRJET-A Review of Testing Technology in Web Application System
IRJET-A Review of Testing Technology in Web Application SystemIRJET Journal
 
Key Reasons to Embrace User Acceptance Testing (UAT).pdf
Key Reasons to Embrace User Acceptance Testing (UAT).pdfKey Reasons to Embrace User Acceptance Testing (UAT).pdf
Key Reasons to Embrace User Acceptance Testing (UAT).pdfRohitBhandari66
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxAardwolf Security
 
Software testing
Software testingSoftware testing
Software testingAbhishek Gautam
 
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEM
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEMA RELIABLE AND AN EFFICIENT WEB TESTING SYSTEM
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEMijseajournal
 
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEM
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEMA RELIABLE AND AN EFFICIENT WEB TESTING SYSTEM
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEMijseajournal
 
Testing of web based Applicatons
Testing of web based ApplicatonsTesting of web based Applicatons
Testing of web based ApplicatonsVenkatakumar Reddy
 
Testing Data & Data-Centric Applications - Whitepaper
Testing Data & Data-Centric Applications - WhitepaperTesting Data & Data-Centric Applications - Whitepaper
Testing Data & Data-Centric Applications - WhitepaperRyan Dowd
 
implementing_ai_for_improved_performance_testing_the_key_to_success.pdf
implementing_ai_for_improved_performance_testing_the_key_to_success.pdfimplementing_ai_for_improved_performance_testing_the_key_to_success.pdf
implementing_ai_for_improved_performance_testing_the_key_to_success.pdfsarah david
 
Introduction to software testing
Introduction to software testingIntroduction to software testing
Introduction to software testingVenkat Alagarsamy
 
Unit Testing Essay
Unit Testing EssayUnit Testing Essay
Unit Testing EssayDani Cox
 
The Relevance of Web Application Performance Testing
The Relevance of Web Application Performance TestingThe Relevance of Web Application Performance Testing
The Relevance of Web Application Performance TestingMindfire LLC
 
[Document Title][Type text][Type text][Type text]Febru.docx
[Document Title][Type text][Type text][Type text]Febru.docx[Document Title][Type text][Type text][Type text]Febru.docx
[Document Title][Type text][Type text][Type text]Febru.docxdanielfoster65629
 
What is Software Testing Definition, Types and Benefits.pdf
What is Software Testing Definition, Types and Benefits.pdfWhat is Software Testing Definition, Types and Benefits.pdf
What is Software Testing Definition, Types and Benefits.pdfJoeyWilliams21
 
Step by-step mobile testing approaches and strategies
Step by-step mobile testing approaches and strategiesStep by-step mobile testing approaches and strategies
Step by-step mobile testing approaches and strategiesAlisha Henderson
 
Software Testing Interview Questions For Experienced
Software Testing Interview Questions For ExperiencedSoftware Testing Interview Questions For Experienced
Software Testing Interview Questions For Experiencedzynofustechnology
 
Bab 1
Bab 1Bab 1
Bab 1fadillah alazmi
 
Running head 2.3 - CASE ANALYSIS FUNDING THE RAILROADS 1 .docx
Running head 2.3 - CASE ANALYSIS FUNDING THE RAILROADS 1 .docxRunning head 2.3 - CASE ANALYSIS FUNDING THE RAILROADS 1 .docx
Running head 2.3 - CASE ANALYSIS FUNDING THE RAILROADS 1 .docxtoddr4
 
Running head 50 CHARACTER VERSION OF TITLE IN CAPS 1 .docx
Running head 50 CHARACTER VERSION OF TITLE IN CAPS 1 .docxRunning head 50 CHARACTER VERSION OF TITLE IN CAPS 1 .docx
Running head 50 CHARACTER VERSION OF TITLE IN CAPS 1 .docxtoddr4
 

More Related Content

Similar to Running Head LAB 51LAB 57Lab 5.docx

Software testing lecture notes
Software testing lecture notesSoftware testing lecture notes
Software testing lecture notesTEJVEER SINGH
 
IRJET-A Review of Testing Technology in Web Application System
IRJET-A Review of Testing Technology in Web Application SystemIRJET-A Review of Testing Technology in Web Application System
IRJET-A Review of Testing Technology in Web Application SystemIRJET Journal
 
Key Reasons to Embrace User Acceptance Testing (UAT).pdf
Key Reasons to Embrace User Acceptance Testing (UAT).pdfKey Reasons to Embrace User Acceptance Testing (UAT).pdf
Key Reasons to Embrace User Acceptance Testing (UAT).pdfRohitBhandari66
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxAardwolf Security
 
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEM
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEMA RELIABLE AND AN EFFICIENT WEB TESTING SYSTEM
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEMijseajournal
 
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEM
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEMA RELIABLE AND AN EFFICIENT WEB TESTING SYSTEM
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEMijseajournal
 
Testing of web based Applicatons
Testing of web based ApplicatonsTesting of web based Applicatons
Testing of web based ApplicatonsVenkatakumar Reddy
 
Testing Data & Data-Centric Applications - Whitepaper
Testing Data & Data-Centric Applications - WhitepaperTesting Data & Data-Centric Applications - Whitepaper
Testing Data & Data-Centric Applications - WhitepaperRyan Dowd
 
implementing_ai_for_improved_performance_testing_the_key_to_success.pdf
implementing_ai_for_improved_performance_testing_the_key_to_success.pdfimplementing_ai_for_improved_performance_testing_the_key_to_success.pdf
implementing_ai_for_improved_performance_testing_the_key_to_success.pdfsarah david
 
Introduction to software testing
Introduction to software testingIntroduction to software testing
Introduction to software testingVenkat Alagarsamy
 
Unit Testing Essay
Unit Testing EssayUnit Testing Essay
Unit Testing EssayDani Cox
 
The Relevance of Web Application Performance Testing
The Relevance of Web Application Performance TestingThe Relevance of Web Application Performance Testing
The Relevance of Web Application Performance TestingMindfire LLC
 
[Document Title][Type text][Type text][Type text]Febru.docx
[Document Title][Type text][Type text][Type text]Febru.docx[Document Title][Type text][Type text][Type text]Febru.docx
[Document Title][Type text][Type text][Type text]Febru.docxdanielfoster65629
 
What is Software Testing Definition, Types and Benefits.pdf
What is Software Testing Definition, Types and Benefits.pdfWhat is Software Testing Definition, Types and Benefits.pdf
What is Software Testing Definition, Types and Benefits.pdfJoeyWilliams21
 
Step by-step mobile testing approaches and strategies
Step by-step mobile testing approaches and strategiesStep by-step mobile testing approaches and strategies
Step by-step mobile testing approaches and strategiesAlisha Henderson
 
Software Testing Interview Questions For Experienced
Software Testing Interview Questions For ExperiencedSoftware Testing Interview Questions For Experienced
Software Testing Interview Questions For Experiencedzynofustechnology
 

Similar to Running Head LAB 51LAB 57Lab 5.docx (20)

Why is software testing important
Why is software testing important Why is software testing important
Why is software testing important
 
Why is software testing important
Why is software testing importantWhy is software testing important
Why is software testing important
 
Software testing lecture notes
Software testing lecture notesSoftware testing lecture notes
Software testing lecture notes
 
IRJET-A Review of Testing Technology in Web Application System
IRJET-A Review of Testing Technology in Web Application SystemIRJET-A Review of Testing Technology in Web Application System
IRJET-A Review of Testing Technology in Web Application System
 
Key Reasons to Embrace User Acceptance Testing (UAT).pdf
Key Reasons to Embrace User Acceptance Testing (UAT).pdfKey Reasons to Embrace User Acceptance Testing (UAT).pdf
Key Reasons to Embrace User Acceptance Testing (UAT).pdf
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docx
 
Software testing
Software testingSoftware testing
Software testing
 
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEM
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEMA RELIABLE AND AN EFFICIENT WEB TESTING SYSTEM
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEM
 
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEM
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEMA RELIABLE AND AN EFFICIENT WEB TESTING SYSTEM
A RELIABLE AND AN EFFICIENT WEB TESTING SYSTEM
 
Testing of web based Applicatons
Testing of web based ApplicatonsTesting of web based Applicatons
Testing of web based Applicatons
 
Testing Data & Data-Centric Applications - Whitepaper
Testing Data & Data-Centric Applications - WhitepaperTesting Data & Data-Centric Applications - Whitepaper
Testing Data & Data-Centric Applications - Whitepaper
 
implementing_ai_for_improved_performance_testing_the_key_to_success.pdf
implementing_ai_for_improved_performance_testing_the_key_to_success.pdfimplementing_ai_for_improved_performance_testing_the_key_to_success.pdf
implementing_ai_for_improved_performance_testing_the_key_to_success.pdf
 
Introduction to software testing
Introduction to software testingIntroduction to software testing
Introduction to software testing
 
Unit Testing Essay
Unit Testing EssayUnit Testing Essay
Unit Testing Essay
 
The Relevance of Web Application Performance Testing
The Relevance of Web Application Performance TestingThe Relevance of Web Application Performance Testing
The Relevance of Web Application Performance Testing
 
[Document Title][Type text][Type text][Type text]Febru.docx
[Document Title][Type text][Type text][Type text]Febru.docx[Document Title][Type text][Type text][Type text]Febru.docx
[Document Title][Type text][Type text][Type text]Febru.docx
 
What is Software Testing Definition, Types and Benefits.pdf
What is Software Testing Definition, Types and Benefits.pdfWhat is Software Testing Definition, Types and Benefits.pdf
What is Software Testing Definition, Types and Benefits.pdf
 
Step by-step mobile testing approaches and strategies
Step by-step mobile testing approaches and strategiesStep by-step mobile testing approaches and strategies
Step by-step mobile testing approaches and strategies
 
Software Testing Interview Questions For Experienced
Software Testing Interview Questions For ExperiencedSoftware Testing Interview Questions For Experienced
Software Testing Interview Questions For Experienced
 
Bab 1
Bab 1Bab 1
Bab 1
 

More from toddr4

Running head 2.3 - CASE ANALYSIS FUNDING THE RAILROADS 1 .docx
Running head 2.3 - CASE ANALYSIS FUNDING THE RAILROADS 1 .docxRunning head 2.3 - CASE ANALYSIS FUNDING THE RAILROADS 1 .docx
Running head 2.3 - CASE ANALYSIS FUNDING THE RAILROADS 1 .docxtoddr4
 
Running head 50 CHARACTER VERSION OF TITLE IN CAPS 1 .docx
Running head 50 CHARACTER VERSION OF TITLE IN CAPS 1 .docxRunning head 50 CHARACTER VERSION OF TITLE IN CAPS 1 .docx
Running head 50 CHARACTER VERSION OF TITLE IN CAPS 1 .docxtoddr4
 
Running Head YOUTH IN THE CRIMINAL JUSTICE SYSTEMYOUTH IN TH.docx
Running Head YOUTH IN THE CRIMINAL JUSTICE SYSTEMYOUTH IN TH.docxRunning Head YOUTH IN THE CRIMINAL JUSTICE SYSTEMYOUTH IN TH.docx
Running Head YOUTH IN THE CRIMINAL JUSTICE SYSTEMYOUTH IN TH.docxtoddr4
 
Running head TITLE1TITLE2Research QuestionHow doe.docx
Running head TITLE1TITLE2Research QuestionHow doe.docxRunning head TITLE1TITLE2Research QuestionHow doe.docx
Running head TITLE1TITLE2Research QuestionHow doe.docxtoddr4
 
Running Head VULNERABILITY ASSESSMENT1VULNERABILITY ASSESSMEN.docx
Running Head VULNERABILITY ASSESSMENT1VULNERABILITY ASSESSMEN.docxRunning Head VULNERABILITY ASSESSMENT1VULNERABILITY ASSESSMEN.docx
Running Head VULNERABILITY ASSESSMENT1VULNERABILITY ASSESSMEN.docxtoddr4
 
Running head STARBUCKS’ STRATEGY 1 Starbuc.docx
Running head STARBUCKS’ STRATEGY 1 Starbuc.docxRunning head STARBUCKS’ STRATEGY 1 Starbuc.docx
Running head STARBUCKS’ STRATEGY 1 Starbuc.docxtoddr4
 
Running head SHORTENED VERSION OF TITLE1Title of Your Rese.docx
Running head SHORTENED VERSION OF TITLE1Title of Your Rese.docxRunning head SHORTENED VERSION OF TITLE1Title of Your Rese.docx
Running head SHORTENED VERSION OF TITLE1Title of Your Rese.docxtoddr4
 
Running Head THEMATIC OUTLINE .docx
Running Head THEMATIC OUTLINE .docxRunning Head THEMATIC OUTLINE .docx
Running Head THEMATIC OUTLINE .docxtoddr4
 
Running head TOPIC RESEARCH PROPOSAL .docx
Running head TOPIC RESEARCH PROPOSAL .docxRunning head TOPIC RESEARCH PROPOSAL .docx
Running head TOPIC RESEARCH PROPOSAL .docxtoddr4
 
Running Head VIRTUAL ORGANIZATION .docx
Running Head VIRTUAL ORGANIZATION .docxRunning Head VIRTUAL ORGANIZATION .docx
Running Head VIRTUAL ORGANIZATION .docxtoddr4
 
Running Head THE MARKETING PLAN .docx
Running Head THE MARKETING PLAN .docxRunning Head THE MARKETING PLAN .docx
Running Head THE MARKETING PLAN .docxtoddr4
 
Running head TITLE OF ESSAY1TITLE OF ESSAY 2Title .docx
Running head TITLE OF ESSAY1TITLE OF ESSAY 2Title .docxRunning head TITLE OF ESSAY1TITLE OF ESSAY 2Title .docx
Running head TITLE OF ESSAY1TITLE OF ESSAY 2Title .docxtoddr4
 
Running head Project Type Unit 5 Individual Project3Ty.docx
Running head Project Type Unit 5 Individual Project3Ty.docxRunning head Project Type Unit 5 Individual Project3Ty.docx
Running head Project Type Unit 5 Individual Project3Ty.docxtoddr4
 
Rubric Writing Assignment Rubric Criteria Level 3 Level.docx
Rubric Writing Assignment Rubric Criteria Level 3 Level.docxRubric Writing Assignment Rubric Criteria Level 3 Level.docx
Rubric Writing Assignment Rubric Criteria Level 3 Level.docxtoddr4
 
Running Head ON-BOARDING .docx
Running Head ON-BOARDING .docxRunning Head ON-BOARDING .docx
Running Head ON-BOARDING .docxtoddr4
 
Running head PERSPECTIVE ON INTEGRATION BETWEEN CHRISTIAN FAITH .docx
Running head PERSPECTIVE ON INTEGRATION BETWEEN CHRISTIAN FAITH .docxRunning head PERSPECTIVE ON INTEGRATION BETWEEN CHRISTIAN FAITH .docx
Running head PERSPECTIVE ON INTEGRATION BETWEEN CHRISTIAN FAITH .docxtoddr4
 
RubricThe final for this course is a paper titled Improvement Proj.docx
RubricThe final for this course is a paper titled Improvement Proj.docxRubricThe final for this course is a paper titled Improvement Proj.docx
RubricThe final for this course is a paper titled Improvement Proj.docxtoddr4
 
Running Head LETTER OF ADVICE .docx
Running Head LETTER OF ADVICE .docxRunning Head LETTER OF ADVICE .docx
Running Head LETTER OF ADVICE .docxtoddr4
 
Running head LEADERSHIP PORTFOLIO1LEADERSHIP PORTFOLIO4.docx
Running head LEADERSHIP PORTFOLIO1LEADERSHIP PORTFOLIO4.docxRunning head LEADERSHIP PORTFOLIO1LEADERSHIP PORTFOLIO4.docx
Running head LEADERSHIP PORTFOLIO1LEADERSHIP PORTFOLIO4.docxtoddr4
 
RubricRubric for Assignment 5a- MetricsMaxYour PointsCommentsTop.docx
RubricRubric for Assignment 5a- MetricsMaxYour PointsCommentsTop.docxRubricRubric for Assignment 5a- MetricsMaxYour PointsCommentsTop.docx
RubricRubric for Assignment 5a- MetricsMaxYour PointsCommentsTop.docxtoddr4
 

More from toddr4 (20)

Running head 2.3 - CASE ANALYSIS FUNDING THE RAILROADS 1 .docx
Running head 2.3 - CASE ANALYSIS FUNDING THE RAILROADS 1 .docxRunning head 2.3 - CASE ANALYSIS FUNDING THE RAILROADS 1 .docx
Running head 2.3 - CASE ANALYSIS FUNDING THE RAILROADS 1 .docx
 
Running head 50 CHARACTER VERSION OF TITLE IN CAPS 1 .docx
Running head 50 CHARACTER VERSION OF TITLE IN CAPS 1 .docxRunning head 50 CHARACTER VERSION OF TITLE IN CAPS 1 .docx
Running head 50 CHARACTER VERSION OF TITLE IN CAPS 1 .docx
 
Running Head YOUTH IN THE CRIMINAL JUSTICE SYSTEMYOUTH IN TH.docx
Running Head YOUTH IN THE CRIMINAL JUSTICE SYSTEMYOUTH IN TH.docxRunning Head YOUTH IN THE CRIMINAL JUSTICE SYSTEMYOUTH IN TH.docx
Running Head YOUTH IN THE CRIMINAL JUSTICE SYSTEMYOUTH IN TH.docx
 
Running head TITLE1TITLE2Research QuestionHow doe.docx
Running head TITLE1TITLE2Research QuestionHow doe.docxRunning head TITLE1TITLE2Research QuestionHow doe.docx
Running head TITLE1TITLE2Research QuestionHow doe.docx
 
Running Head VULNERABILITY ASSESSMENT1VULNERABILITY ASSESSMEN.docx
Running Head VULNERABILITY ASSESSMENT1VULNERABILITY ASSESSMEN.docxRunning Head VULNERABILITY ASSESSMENT1VULNERABILITY ASSESSMEN.docx
Running Head VULNERABILITY ASSESSMENT1VULNERABILITY ASSESSMEN.docx
 
Running head STARBUCKS’ STRATEGY 1 Starbuc.docx
Running head STARBUCKS’ STRATEGY 1 Starbuc.docxRunning head STARBUCKS’ STRATEGY 1 Starbuc.docx
Running head STARBUCKS’ STRATEGY 1 Starbuc.docx
 
Running head SHORTENED VERSION OF TITLE1Title of Your Rese.docx
Running head SHORTENED VERSION OF TITLE1Title of Your Rese.docxRunning head SHORTENED VERSION OF TITLE1Title of Your Rese.docx
Running head SHORTENED VERSION OF TITLE1Title of Your Rese.docx
 
Running Head THEMATIC OUTLINE .docx
Running Head THEMATIC OUTLINE .docxRunning Head THEMATIC OUTLINE .docx
Running Head THEMATIC OUTLINE .docx
 
Running head TOPIC RESEARCH PROPOSAL .docx
Running head TOPIC RESEARCH PROPOSAL .docxRunning head TOPIC RESEARCH PROPOSAL .docx
Running head TOPIC RESEARCH PROPOSAL .docx
 
Running Head VIRTUAL ORGANIZATION .docx
Running Head VIRTUAL ORGANIZATION .docxRunning Head VIRTUAL ORGANIZATION .docx
Running Head VIRTUAL ORGANIZATION .docx
 
Running Head THE MARKETING PLAN .docx
Running Head THE MARKETING PLAN .docxRunning Head THE MARKETING PLAN .docx
Running Head THE MARKETING PLAN .docx
 
Running head TITLE OF ESSAY1TITLE OF ESSAY 2Title .docx
Running head TITLE OF ESSAY1TITLE OF ESSAY 2Title .docxRunning head TITLE OF ESSAY1TITLE OF ESSAY 2Title .docx
Running head TITLE OF ESSAY1TITLE OF ESSAY 2Title .docx
 
Running head Project Type Unit 5 Individual Project3Ty.docx
Running head Project Type Unit 5 Individual Project3Ty.docxRunning head Project Type Unit 5 Individual Project3Ty.docx
Running head Project Type Unit 5 Individual Project3Ty.docx
 
Rubric Writing Assignment Rubric Criteria Level 3 Level.docx
Rubric Writing Assignment Rubric Criteria Level 3 Level.docxRubric Writing Assignment Rubric Criteria Level 3 Level.docx
Rubric Writing Assignment Rubric Criteria Level 3 Level.docx
 
Running Head ON-BOARDING .docx
Running Head ON-BOARDING .docxRunning Head ON-BOARDING .docx
Running Head ON-BOARDING .docx
 
Running head PERSPECTIVE ON INTEGRATION BETWEEN CHRISTIAN FAITH .docx
Running head PERSPECTIVE ON INTEGRATION BETWEEN CHRISTIAN FAITH .docxRunning head PERSPECTIVE ON INTEGRATION BETWEEN CHRISTIAN FAITH .docx
Running head PERSPECTIVE ON INTEGRATION BETWEEN CHRISTIAN FAITH .docx
 
RubricThe final for this course is a paper titled Improvement Proj.docx
RubricThe final for this course is a paper titled Improvement Proj.docxRubricThe final for this course is a paper titled Improvement Proj.docx
RubricThe final for this course is a paper titled Improvement Proj.docx
 
Running Head LETTER OF ADVICE .docx
Running Head LETTER OF ADVICE .docxRunning Head LETTER OF ADVICE .docx
Running Head LETTER OF ADVICE .docx
 
Running head LEADERSHIP PORTFOLIO1LEADERSHIP PORTFOLIO4.docx
Running head LEADERSHIP PORTFOLIO1LEADERSHIP PORTFOLIO4.docxRunning head LEADERSHIP PORTFOLIO1LEADERSHIP PORTFOLIO4.docx
Running head LEADERSHIP PORTFOLIO1LEADERSHIP PORTFOLIO4.docx
 
RubricRubric for Assignment 5a- MetricsMaxYour PointsCommentsTop.docx
RubricRubric for Assignment 5a- MetricsMaxYour PointsCommentsTop.docxRubricRubric for Assignment 5a- MetricsMaxYour PointsCommentsTop.docx
RubricRubric for Assignment 5a- MetricsMaxYour PointsCommentsTop.docx
 

Recently uploaded

Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonJericReyAuditor
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 

Recently uploaded (20)

Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lesson
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 

Running Head LAB 51LAB 57Lab 5.docx

  • 1. Running Head: LAB 5 1 LAB 5 7 Lab 5 Gretchen Greene Nathan Stewart, PhD May 8, 2017 Executive Summary As with any new technology, risks can arise in e-commerce that is not common to those traditional “brick-and-mortar” stores. A huge concern for e-commerce applications is credit/debit card use. Major damage can be done to an organization if the credit/debit card transactions are not secured in terms of financial fraud, loss of consumer confidence, identity theft, or legal regulations. Online Goodies provides custom promotional gifts to corporate customers and is an Internet-based company. Some of their products include mugs, computer accessories, t-shirts, and office décor. The majority of its income comes from online credit card purchase. They give their repeat customers a discount based on their annual purchase amount.
  • 2. This report is to create a test plan for Online Goodies based on the OWASP standards. The report includes an overview and rationale of all of the tests performed including a brute force test, an authentication test, privilege escalation test, code injection test, and web application fingerprint test. Table of Contents Executive Summary……………………………………………………………… ……………….2 Table of Contents……………………………………………………………… ………………….3 Types of Test Being Performed…………………………………………………………… ……...4 Test Plan for Online Goodies Site According to OWASP Standards……………………………..4 Rationale for Testing Used…………………………………………………………………… …..4 References…………………………………………………………… ……………………………7 Types of Tests Performed The least expensive way to reduce costs and risks and improve software quality is to catch deficiencies as early as possible. To understand the guidelines for testing the OWASP Testing Guide was used. The tests used in this plan are: Usability Testing, Unit Testing, Interface Testing, Integration Testing, Functionality Testing, Performance Testing, Security Testing, Authentication and Authorization Testing, Privilege Escalation Testing, and Web Application Fingerprint Testing. Test Plan for Online Goodies Site The purpose of his test plan is to ensure the Goodies site meets all of its business, functional, and technical requirements.
  • 3. The test plan describes the schedule of test activities, test plan strategy, activities, resources, and scope. This document will identify the features on the site to be tested, the testing tasks, the user assigned to each task, each testing environment, techniques, explanation of options, and risks. Before actually testing the site, you have to create test cases. This is the sample data which will be used to go through the system. These can be created as soon as the requirements are received. Additional test cases should be created to test other aspects of the system due to its complexity. Explanation of Testing Usability testing is one of the most important aspects of building a website. Users are not going to take the time to try to use a website that is poorly designed. We are used to being able to adapt to a website quickly. Usability testing evaluates a website by having the users test it. Users testing the site verify controls and navigation is working properly. White box testing is done by a full access user who has access to architecture documents and coding. The user with full access has the ability to do more in depth testing. This allows vulnerabilities and risks to be discovered faster than when testing using the black box method. Unit testing tests the requirements. Each part of the program is tested separately to make sure it’s working properly. The earlier a bug is found the lower in cost it is to fix. Unit testing is part of White box testing and is done before integration testing. Interface testing tests the communication between different software systems. This testing checks to ensure end-users are able to use the system without any problems. It also checks to see that the system is user-friendly. Interface testing also verifies the application server can handle a network failure to the website should there be a problem. Integration testing tests all units of the system together. Testing as a system often causes bugs to occur. Integration testing occurs after the unit testing has been completed and is
  • 4. part of black box testing. It checks features but also checks data flow between those modules and features. Black box testing tests the system, design, and source code. The user’s point of view helps expose discrepancies in the specifications. The goal is to ensure the application works. Integrations, system, and acceptance testing make up black box testing. Functionality testing tests business requirements of the application. Functionality testing covers the functional part of the application like integration of search and data manipulation. Functional testing is done to make sure invalid negative test results and erroneous inputs are generated. Features that are checked are homepage, information, terms, privacy policy, returns, and about pages. Security testing checks the site for vulnerabilities and unauthorized access. Online Goodies accepts credit card payments making security a high priority. The security testing will use the six basic concepts which are: confidentiality, integrity, authentication, availability, authorization, and non- repudiation. The website will need comprehensive security testing to ensure everything is secure to protect customers’ information. Web application fingerprinting tests for popular vulnerabilities attacking applications and web servers. This type of testing is important for penetration testing. The fingerprint will show what information is available in a possible attack. Privilege escalation testing is used to ensure account access controls are working and used properly. It exploits a bug or design flaw to hack the system and get user access with elevated access which should normally be protected from the user. This is a form of penetration testing. References Chavhan, A. (2016). What is Walkthrough in Software Testing? Retrieved from:
  • 5. http://www.softwaretestingandistqb.com/what-is-walkthrough- in-software-testing/ OWASP. (2013). Handling E-Commerce Payments. Retrieved from: https://www.owasp.org/index.php/Handling_E- Commerce_Payments OWASP. (2013). Improving Web Application Security: Threats and Countermeasures. Retrieved from: http://msdn.microsoft.com/library/default.asp?url=/library/en- us/dnnetsec/html/ThreatCounter.asp E-commerce Special Interest Group PCI Security Standards Council. (2013). Information Supplement: PCI DSS E-commerce Guidelines. Retrieved from: https://www.pcisecuritystandards.org/pdfs/PCI_DSS_v2_eCom merce_Guidelines.pdf