Server Application - Test Plan Criteria
Following are the test criteria that desktop applications have to
meet in order to be issued the SI Tested seal.
Scope of Assessment
Our assessment focuses on the immediate application under test and
its environment. Items out of scope for this assessment include, but
are not limited to, the following:
 |
Backend systems |
|
|
Physical security of the customer site, servers, firewall configuration etc |
|
|
Effectiveness of failover or redundant systems, power protection, etc. |
|
|
Protection from insider threats from employees or others with physical or electronic access |
|
|
Review of internal IT security policy |
|
|
Social engineering, industrial espionage, etc. |
|
|
Review of documentation/requirements for compliance with laws, standards or certification programs |
Criteria
| 1.0 Authentication | |
| SUMMARY: Verify that the authentication mechanism is not subject to attacks aimed at bypassing it | |
| A1. User cannot elevate privileges
with malformed input A2. Passwords are stored in encrypted or hashed form. A3. User identity is verified before resetting/changing a password A4. Predefined passwords are unique and require reset A5. Only administrators can add, modify or delete user ID’s A6. Lockouts are enforced with a limited duration A7. Strong passwords are enforced A8. Password renewal is enforced A9. Error pages do not give away usernames A10. SSL/TLS is used when transmitting credentials |
|
| 2.0 Authorization | |
| SUMMARY: Verify that the authorization mechanism is not subject to attacks aimed at bypassing it. | |
| U1. Server-side authorization checks
are performed for each server resource that is accessed U2. Security decisions are not based on client-side validation |
|
| 3.0 Cryptography | |
| SUMMARY: Verify that cryptography is well implemented. | |
| C1. Industry standard cryptographic
methods are used C2. Sufficient key length is used C3. Cryptographic keys are stored securely |
|
| 4.0 Data Access | |
| SUMMARY: Verify that strong data access controls are in place. | |
| D1. Database accounts conform to
principle of least privilege D2. The application protects data from malicious modification D3. The application protects data from being disclosed to unauthorized users D4. Connection strings are stored securely D5. Database access credentials are stored securely D6. Only trusted hosts can access the database |
|
| 5.0 Error Handling | |
| SUMMARY: Verify error messages do not reveal confidential information | |
| E1. Error messages don’t contain
internal application details |
|
| 6.0 Logging | |
| SUMMARY: Verify that logging is performed and is not subject to attacks aimed at altering the logging functionality. | |
| L1. The application restrict users
from interacting directly with the logging framework L2. The application must be protected against attacks aimed at deceiving the logging framework into attributing actions to other users. L3. The application must be protected against attacks aimed at modifying the behavior of the logging functionality via abnormal input. L4. Logging stores enough appropriate data to detect and deconstruct an attack against the system. L5. The application logs enough appropriate data to detect and deconstruct an attack against the system L6. Logs do not contain sensitive data L7. The logging framework is appropriately protected to prevent logs from being stolen or modified |
|
| 7.0 Input & Data Validation | |
| SUMMARY: Verify Input/Output is validated properly and securely | |
| I1. All user input is validated for
type, length, format and range I2. All input is properly encoded before being echoed back to the user I3. User supplied filename and path input is filtered I4. Client side validation is not relied upon |
|
| 8.0 Sensitive Data | |
| SUMMARY: Verify sensitive data is stored and encrypted properly. | |
| S1. Sensitive data is encrypted before
being stored on the local machine S2. Sensitive data is encrypted before being sent on the network S3. Sensitive data is encrypted in the database S4. Log files do not contain sensitive information |
|
| 9.0 Session Management | |
| SUMMARY: Verify tokens are formatted and sent securely. | |
| M1. Authentication tokens are
transmitted over a secure connection M2. Authentication tokens are not predictable |
|
