TC401 - 001
| Test Case description | Check that the backend has secure API endpoints to protect against unauthorized access and data breaches |
| Test Case ID | TC401-001 |
| Autohor/Designer | Guan Xinyu |
| Date of creation | 12.4.2024 |
| Class | Feature |
Test description / objective
This test case should verify whether the backend system has implemented secure API endpoints to safeguard against unauthorized access and potential data breaches.
Links to requirements or other sources
Test pre-state * Start: initial state
Test steps
- Access the API endpoints without authentication credentials
- Verify that unauthorized access is denied and an appropriate error message is returned
- Access the API endpoints with incorrect authentication credentials
- Verify that access is denied and an appropriate error message is returned
- Access the API endpoints with valid authentication credentials
- Verify that access is granted, and the requested data or functionality is provided
- Test any additional security features or edge cases related to API endpoint security
Test end-state
- What happens after running the test: it should be confirmed that the backend system adequately protects its API endpoints against unauthorized access and potential data breaches.
To be taken into account during test
- Notion 1: Verify that error messages do not leak sensitive information.
- Notion 2: Test for any potential vulnerabilities such as injection attacks or session hijacking.
- Notion 3: Ensure the security measures align with industry best practices.
Test result (Pass/Fail Criteria)
- PASS condition: The backend system successfully prevents unauthorized access to its API endpoints and adequately protects against potential data breaches.
- FAIL condition: The backend system fails to secure its API endpoints, allowing unauthorized access or exposing sensitive data, leading to a potential data breach.