Testing For A Bank

[Suraj]

Currently, I am working as Software Tester in a bank, I want to test my company’s website, How can I start to test website ?
Which idea should I apply while testing security of this banking domain ?

[Ronan Healy]

Hi @suraj2016. Your question is a bit vague. What in particular do you want to test? I’m guessing it’s mainly security?

[Devanathan Ram]

Depends on what actually you test.. If it is going to be consumer banking site, then its a great challenge in performing security testing. As this is very important and has a power to destroy customers trust and may possibly increase the cost on controlling any threats in the future.
Below are the key factors:
Authentication
Authorization
Confidentiality
Availability
Integrity
Non-repudiation
Resilience

You can use tools like Fiddler, which will actually help in tampering the consumer entered data and see if they pass through. You will have to perform on each and every field in each and every sub-apps of the application/website. It is huge to think this way. Alternatively, you can filter out items/fields which are classified as highly sensitive and/or Mandatory. As I say this, I also mean there are different approaches while using different tools. What I know is a little, there are a lot to know about Web Application Security factors.

[Jari]

Due to the vagueness of the question, I presume the questioner is a rather junior tester. Because of this, I imagine OWASP testing guides could be a good start. If OWASP is heavy to start with, one can go for something possibly lighter, such as udemy. An interesting approach and collection of resources can be found from Atlassian guest blog. And lastly, as so very often happens, TestInsane has this covered, too.

[Suraj]

Thank for your detailed information,
I am currently working on cookies & trying to find out the way where hacker can easy hack our system. I want to know the way where i can take precaution.
Thanks in advanced.

[Author]

Posts