Security Test Cases

Id : GRP-008

name : Security Test Cases

Description : API Security Testing Execution Report - OWASP Compliance

Created By : arun-ramanan@netspective.in

Created On : 01-11-2024

Description

This documents the results of executing API security test cases based on the API Security Testing Plan, ensuring compliance with the OWASP API Security Top 10. The focus is on verifying secure authentication, authorization, data protection, and adherence to industry standards.

Test Cases Executed

  1. Management Endpoints & Overall Authentication
  2. Server Resource Allocation & Rate Limiting Verification
  3. Error Handling Validation
  4. Sensitive Data Handling
  5. HTTP Methods Restriction
  6. HTTP Return Code Validation
  7. Access Control Verification
  8. Input Validation
  9. HTTPS Enforcement
  10. Security Headers Validation
  11. Security Misconfiguration
  12. CORS Validation

Environment

  • Test Environment: test
  • API Version: v1.0

Tools Used

  • Burp Suite: Dynamic Application Security Testing & Vulnerability Scanning
  • Nessus Professional: Vulnerability Scanning
  • Dirsearch: Directory/File Bruteforcing

Objectives

  • Verify the implementation of security controls across all API endpoints.
  • Identify any deviations from expected security behavior.
  • Validate the application of fixes for previously reported vulnerabilities.