Test case: Regularly scan for known security vulnerabilities
| Test Case ID | TC403 |
| Test case designer | Sanni Rummakko |
| Creation date | 16.03.2024 |
| Classification | Security |
| Origin | FEA403 |
Test description / objective
The objective of this test is to verify that the Tukko traffic visualisation service is regularly scanned for known security vulnerabilities. The test aims to verify that the implementation complies with the planned security measures.
Pre-state
The Tukko traffic visualization service is up and running. The FEA403 security feature has been implemented but not yet tested.
Test Steps
| Step | Verify | Some notes |
|---|---|---|
| 1. | Access the backend system where security scanning is performed | Ensure that the scanning tool is accessible (Nmap, Burp Suite etc.) |
| 2. | Initiate a scan for known security vulnerabilities | Verify that the scanning process begins |
| 3. | Monitor the scanning process for completion | Ensure that the scan completes without errors |
| 4. | Review the scan results for identified vulnerabilities | Check for any vulnerabilities detected during the scan |
| 5. | Documentation | Ensure the results are presented clearly and organized for easy understanding |
End-State
The security scanning process should have been successfully completed, and any identified vulnerabilities should be documented for further action.
Determination of test result (Pass / Fail Criteria)
- PASS condition:
-
The scanning process completes without errors.
-
Identified vulnerabilities are documented for remediation.
- FAIL CONDITION:
- The scanning process encounters errors or fails to complete.