What kind of information do you need to start the test?
Here’s a pre-test checklist that we’ll need before we can start your test.
Please mail us:
1. The URL of the application
2. Two login id/passwords for each privilege level
3. The timings of any planned downtime
4. A phone number you can be reached at reliably
5. Administrators guide/User manual/Help, if available
6. Any special instructions we need to be aware of
7. The application is ready to be tested
8. No changes are planned during the test
9. The login ids are fully activated
Please note: we need two logins per privilege level. Privilege levels might include Teller, Supervisor, Manager and Administrator. We’ll also need two logins for each category. We’ll use this information to test whether an unauthorized user can bypass restrictions or gain access to an unauthorized account or the account of a higher privileged user.
As we run our tests we’re able to pick out holes that would allow an adversary to gain access to an authorized user’s account or expand his own privileges. Read more on why we need two logins per privilege level.
We request that you make no changes to the app while we’re testing. Constructing test cases can be complex, and a moving target makes it even more difficult. The quality of a test suffers when parts of the app we’ve already tested undergo changes beneath the surface. If you really must make any changes, please let us know so that we can make the necessary adjustments.