OWASP Security Project: Web Application Vulnerability Assessment
VerifiedAdded on 2023/06/10
|17
|2709
|471
Project
AI Summary
This project outlines a security testing initiative focused on Open Web Application Security Project (OWASP) vulnerabilities, particularly in the context of IoT devices such as CC cameras. It details test cases and scenarios for six different surface attacks, including Administrative Interface, Cloud Web Interface, Mobile Application, Network Traffic, User Web Interface, and Local Data Storage. Each test case includes a description, priority, module name, design and execution details, test steps, data, expected and actual results, and a pass/fail status. The project aims to identify and mitigate credential management vulnerabilities, encryption issues, and other security concerns associated with web applications and connected devices. This document is available on Desklib, where students can find a wealth of similar solved assignments and past papers.
Running Head: OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
Open Web Application Security Project security testing
Name of the Student
Name of the University
Author Note
Open Web Application Security Project security testing
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
Table of Contents
Test Case..........................................................................................................................................2
Administrative Interface..............................................................................................................2
Cloud Web Interface....................................................................................................................4
Mobile Application......................................................................................................................6
Network traffic.............................................................................................................................9
User Web interface....................................................................................................................11
Local Data Storage....................................................................................................................13
Reference.......................................................................................................................................16
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
Table of Contents
Test Case..........................................................................................................................................2
Administrative Interface..............................................................................................................2
Cloud Web Interface....................................................................................................................4
Mobile Application......................................................................................................................6
Network traffic.............................................................................................................................9
User Web interface....................................................................................................................11
Local Data Storage....................................................................................................................13
Reference.......................................................................................................................................16
2
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
Test Case
Administrative Interface
Test Case Field Description
Test case ID: Administrative Interface #1
Test Priority: o High
Name of the Module: Computer Information System
Test Designed by: PLEASE FILL
Date of test
designed:
PLEASE FILL
Test Executed by: PLEASE FILL
Date of the Test
Execution:
PLEASE FILL
Name or Test Title: Administrator Interface security test
Description/Summary
of Test:
OWASP administration security of computing devices are
under threat. Administrative Interface of OWASP leads to
issues related to encryption and logging options. Issues
regarding two factor authentication is also taken into
consideration. Unit Testing Methodology will be used in
this test case
Pre-condition: No pre decisive condition
Dependencies: No specific dependency
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
Test Case
Administrative Interface
Test Case Field Description
Test case ID: Administrative Interface #1
Test Priority: o High
Name of the Module: Computer Information System
Test Designed by: PLEASE FILL
Date of test
designed:
PLEASE FILL
Test Executed by: PLEASE FILL
Date of the Test
Execution:
PLEASE FILL
Name or Test Title: Administrator Interface security test
Description/Summary
of Test:
OWASP administration security of computing devices are
under threat. Administrative Interface of OWASP leads to
issues related to encryption and logging options. Issues
regarding two factor authentication is also taken into
consideration. Unit Testing Methodology will be used in
this test case
Pre-condition: No pre decisive condition
Dependencies: No specific dependency
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
Test Steps: For performing a security test case a testing expert must
be hired (Hamdan, 2015). Testing expert must create more than
one account, with several user identities and more than one role.
After creation of multiple user accounts, authentication test will
be performed. This test will perform password authentication
with the help of security questions and captcha as a log out
function. In case the servers can log in without proper
authentications, robustness of the server will be questioned and
the reason behind testing will be successful. Authentication
testing of OWASP administrative interface must be done by two
factor authentication technique (Jacobs, 2015). This kind of
testing can be performed by introducing another layer of security
with the help of pre answered questionnaires. Client who wants
to log in to the server needs to overcome two layers of security
which acts more difficult than overcoming only one layer of
security.
Test Data: Captcha that is used: CRY67@Y
Password: ILET@2013
Security Question Answer: Cristiano Ronaldo
Expected Results: Access to the portal will be denied
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
Test Steps: For performing a security test case a testing expert must
be hired (Hamdan, 2015). Testing expert must create more than
one account, with several user identities and more than one role.
After creation of multiple user accounts, authentication test will
be performed. This test will perform password authentication
with the help of security questions and captcha as a log out
function. In case the servers can log in without proper
authentications, robustness of the server will be questioned and
the reason behind testing will be successful. Authentication
testing of OWASP administrative interface must be done by two
factor authentication technique (Jacobs, 2015). This kind of
testing can be performed by introducing another layer of security
with the help of pre answered questionnaires. Client who wants
to log in to the server needs to overcome two layers of security
which acts more difficult than overcoming only one layer of
security.
Test Data: Captcha that is used: CRY67@Y
Password: ILET@2013
Security Question Answer: Cristiano Ronaldo
Expected Results: Access to the portal will be denied
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
Post-Condition: The portal was accessed and this leads to the
fact that the data management is processed with
highest efficiency
Actual Result: Portal was accessed
Status (Fail/Pass): Fail
Cloud Web Interface
Test Case Field Description
Test case ID: Cloud Web Interface #1
Test Priority: o High
Name of the Module: Computer Information System
Test Designed by: PLEASE FILL
Date of test
designed:
PLEASE FILL
Test Executed by: PLEASE FILL
Date of the Test
Execution:
PLEASE FILL
Name or Test Title: Cloud Web Interface security test
Description/Summary
of Test:
Integrating testing methodology will be used for testing
the robustness of the cloud web service platform. In case
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
Post-Condition: The portal was accessed and this leads to the
fact that the data management is processed with
highest efficiency
Actual Result: Portal was accessed
Status (Fail/Pass): Fail
Cloud Web Interface
Test Case Field Description
Test case ID: Cloud Web Interface #1
Test Priority: o High
Name of the Module: Computer Information System
Test Designed by: PLEASE FILL
Date of test
designed:
PLEASE FILL
Test Executed by: PLEASE FILL
Date of the Test
Execution:
PLEASE FILL
Name or Test Title: Cloud Web Interface security test
Description/Summary
of Test:
Integrating testing methodology will be used for testing
the robustness of the cloud web service platform. In case
5
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
of performance testing, failure due to actions performed
by user action as cloud computing affects performance of
users
Pre-condition: No pre decisive condition
Dependencies: No specific dependency
Test Steps: For preparing a test case of OWASP regarding cloud web
interface, disruption must be checked in both manual and
automatic scaling. For testing the security proper authentication
tests must be given. This test will start with a creating multiple
applications and then try to log in to the account with vague
password and identity (Rittinghouse and Ransome, 2016). In case
applications with wrong identity logs into the cloud, it will prove
the lack of robustness of cloud platforms. Transport encryption
can be tested by trying to decrypt data that is being passed
through the channel. In case decryption of data is possible by a
vague application then it is termed to be lacking in encryption
robustness. Two factor authentication is also performed in cloud
applications. Genuine client needs to pass through 2 security
stages, leading to the fact that imposters face hindrances in
gaining access to the account. For creating a 2 factor
authentication test, the platform must be provided with a test that
initially prevents the client from accessing the data present in the
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
of performance testing, failure due to actions performed
by user action as cloud computing affects performance of
users
Pre-condition: No pre decisive condition
Dependencies: No specific dependency
Test Steps: For preparing a test case of OWASP regarding cloud web
interface, disruption must be checked in both manual and
automatic scaling. For testing the security proper authentication
tests must be given. This test will start with a creating multiple
applications and then try to log in to the account with vague
password and identity (Rittinghouse and Ransome, 2016). In case
applications with wrong identity logs into the cloud, it will prove
the lack of robustness of cloud platforms. Transport encryption
can be tested by trying to decrypt data that is being passed
through the channel. In case decryption of data is possible by a
vague application then it is termed to be lacking in encryption
robustness. Two factor authentication is also performed in cloud
applications. Genuine client needs to pass through 2 security
stages, leading to the fact that imposters face hindrances in
gaining access to the account. For creating a 2 factor
authentication test, the platform must be provided with a test that
initially prevents the client from accessing the data present in the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
account by a security password system (Arunkumar and
Anbuselvi, 2017). After the client passes the password stage, the
client faces another security stage in which a pre answered
questionnaire is asked and if the client answers the questionnaire
correctly gets the permission to gain access to the account. These
test cases might help in mitigating security issues present in
cloud web interface.
Test Data: Password: Password123
Security Question Answer: Myself
Expected Results: Access to the portal will be denied
Post-Condition: The portal could not be accessed and this leads to
the fact that the data management is processed
with highest efficiency
Actual Result: Portal could not be accessed
Status (Fail/Pass): Pass
Mobile Application
Test Case Field Description
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
account by a security password system (Arunkumar and
Anbuselvi, 2017). After the client passes the password stage, the
client faces another security stage in which a pre answered
questionnaire is asked and if the client answers the questionnaire
correctly gets the permission to gain access to the account. These
test cases might help in mitigating security issues present in
cloud web interface.
Test Data: Password: Password123
Security Question Answer: Myself
Expected Results: Access to the portal will be denied
Post-Condition: The portal could not be accessed and this leads to
the fact that the data management is processed
with highest efficiency
Actual Result: Portal could not be accessed
Status (Fail/Pass): Pass
Mobile Application
Test Case Field Description
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
Test case ID: Mobile Application#1
Test Priority: o High
Name of the Module: Computer Information System
Test Designed by: PLEASE FILL
Date of test
designed:
PLEASE FILL
Test Executed by: PLEASE FILL
Date of the Test
Execution:
PLEASE FILL
Name or Test Title: Mobile Application security test
Description/Summary
of Test:
Integrating testing methodology will be used for testing
the robustness of the cloud web service platform. In case
of performance testing, failure due to actions performed
by user action as cloud computing affects performance of
users
Pre-condition: No pre decisive condition
Dependencies: No specific dependency
Test Steps: For preparing a test case of OWASP regarding cloud web
interface, disruption must be checked in both manual and
automatic scaling. For testing the security proper authentication
tests must be given. This test will start with a creating multiple
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
Test case ID: Mobile Application#1
Test Priority: o High
Name of the Module: Computer Information System
Test Designed by: PLEASE FILL
Date of test
designed:
PLEASE FILL
Test Executed by: PLEASE FILL
Date of the Test
Execution:
PLEASE FILL
Name or Test Title: Mobile Application security test
Description/Summary
of Test:
Integrating testing methodology will be used for testing
the robustness of the cloud web service platform. In case
of performance testing, failure due to actions performed
by user action as cloud computing affects performance of
users
Pre-condition: No pre decisive condition
Dependencies: No specific dependency
Test Steps: For preparing a test case of OWASP regarding cloud web
interface, disruption must be checked in both manual and
automatic scaling. For testing the security proper authentication
tests must be given. This test will start with a creating multiple
8
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
applications and then try to log in to the account with vague
password and identity (Rittinghouse and Ransome, 2016). In case
applications with wrong identity logs into the cloud, it will prove
the lack of robustness of cloud platforms. Transport encryption
can be tested by trying to decrypt data that is being passed
through the channel. In case decryption of data is possible by a
vague application then it is termed to be lacking in encryption
robustness. Two factor authentication is also performed in cloud
applications. Genuine client needs to pass through 2 security
stages, leading to the fact that imposters face hindrances in
gaining access to the account. For creating a 2 factor
authentication test, the platform must be provided with a test that
initially prevents the client from accessing the data present in the
account by a security password system (Arunkumar and
Anbuselvi, 2017). After the client passes the password stage, the
client faces another security stage in which a pre answered
questionnaire is asked and if the client answers the questionnaire
correctly gets the permission to gain access to the account. These
test cases might help in mitigating security issues present in
cloud web interface.
Test Data: Password: 7eti7w6
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
applications and then try to log in to the account with vague
password and identity (Rittinghouse and Ransome, 2016). In case
applications with wrong identity logs into the cloud, it will prove
the lack of robustness of cloud platforms. Transport encryption
can be tested by trying to decrypt data that is being passed
through the channel. In case decryption of data is possible by a
vague application then it is termed to be lacking in encryption
robustness. Two factor authentication is also performed in cloud
applications. Genuine client needs to pass through 2 security
stages, leading to the fact that imposters face hindrances in
gaining access to the account. For creating a 2 factor
authentication test, the platform must be provided with a test that
initially prevents the client from accessing the data present in the
account by a security password system (Arunkumar and
Anbuselvi, 2017). After the client passes the password stage, the
client faces another security stage in which a pre answered
questionnaire is asked and if the client answers the questionnaire
correctly gets the permission to gain access to the account. These
test cases might help in mitigating security issues present in
cloud web interface.
Test Data: Password: 7eti7w6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
Face detection
Finger print
Expected Results: Access to the portal will be denied
Post-Condition: The portal could not be accessed and this leads to
the fact that the data management is processed
with highest efficiency
Actual Result: Portal could not be accessed
Status (Fail/Pass): Pass
Network traffic
Test Case Field Description
Test case ID: Network traffic security#1
Test Priority: o High
Name of the Module: Computer Information System
Test Designed by: PLEASE FILL
Date of test
designed:
PLEASE FILL
Test Executed by: PLEASE FILL
Date of the Test
Execution:
PLEASE FILL
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
Face detection
Finger print
Expected Results: Access to the portal will be denied
Post-Condition: The portal could not be accessed and this leads to
the fact that the data management is processed
with highest efficiency
Actual Result: Portal could not be accessed
Status (Fail/Pass): Pass
Network traffic
Test Case Field Description
Test case ID: Network traffic security#1
Test Priority: o High
Name of the Module: Computer Information System
Test Designed by: PLEASE FILL
Date of test
designed:
PLEASE FILL
Test Executed by: PLEASE FILL
Date of the Test
Execution:
PLEASE FILL
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
Name or Test Title: Network traffic security test
Description/Summary
of Test:
Integrating Testing model is used in testing vulnerabilities
related with Network traffic. During installation of new
cables, wiremap attenuation testing is done. This helps in
processing of LAN in a more efficient way. Internet
connection is also tested during connection of the
processing system. Range of network is tested, leading to
the fact internet connection that is being made is tested
with the help of Ookla
Pre-condition: No pre decisive condition
Dependencies: No specific dependency
Test Steps: This helps in tracking the speed of data which that is
flowing through the LAN in terms of OWASP. A reference speed
is initially set before testing the platform with the help of Online
Web Application System Project. In case the result of test is not
as par with the reference speed, entire process is put under test.
Range LAN provides is also put under test. A reference range is
set initially before processing of the LAN. During the test, if
LAN does not provide enough range to the computing devices,
most important thing that is to be done by introducing an OTX
layer for reducing interference of network from other computing
appliances. Protocol fuzzing is a technique that is used by
imposters to introduce faulty codes in between entire set of
codes. Test case includes regular checking of interference in the
data that is transmitted and the data that is data gets received. In
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
Name or Test Title: Network traffic security test
Description/Summary
of Test:
Integrating Testing model is used in testing vulnerabilities
related with Network traffic. During installation of new
cables, wiremap attenuation testing is done. This helps in
processing of LAN in a more efficient way. Internet
connection is also tested during connection of the
processing system. Range of network is tested, leading to
the fact internet connection that is being made is tested
with the help of Ookla
Pre-condition: No pre decisive condition
Dependencies: No specific dependency
Test Steps: This helps in tracking the speed of data which that is
flowing through the LAN in terms of OWASP. A reference speed
is initially set before testing the platform with the help of Online
Web Application System Project. In case the result of test is not
as par with the reference speed, entire process is put under test.
Range LAN provides is also put under test. A reference range is
set initially before processing of the LAN. During the test, if
LAN does not provide enough range to the computing devices,
most important thing that is to be done by introducing an OTX
layer for reducing interference of network from other computing
appliances. Protocol fuzzing is a technique that is used by
imposters to introduce faulty codes in between entire set of
codes. Test case includes regular checking of interference in the
data that is transmitted and the data that is data gets received. In
11
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
case there is a difference in content of the process it is concluded
that fuzzing has been performed. Encryption terminologies are
maintained in order to protect the code from decryption.
Test Data: Testing data
Expected Results: Access to the portal will be denied
Post-Condition: The portal was accessed and this leads to the
fact that the data management is not processed
with highest efficiency
Actual Result: Portal could be accessed
Status (Fail/Pass): Fail
User Web interface
Test Case Field Description
Test case ID: User Web Interface#1
Test Priority: o High
Name of the Module: Computer Information System
OPEN WEB APPLICATION SECURITY PROJECT SECURITY TESTING
case there is a difference in content of the process it is concluded
that fuzzing has been performed. Encryption terminologies are
maintained in order to protect the code from decryption.
Test Data: Testing data
Expected Results: Access to the portal will be denied
Post-Condition: The portal was accessed and this leads to the
fact that the data management is not processed
with highest efficiency
Actual Result: Portal could be accessed
Status (Fail/Pass): Fail
User Web interface
Test Case Field Description
Test case ID: User Web Interface#1
Test Priority: o High
Name of the Module: Computer Information System
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.