This document discusses software verification, validation, and testing. It introduces cookies and how they can store private user information. It describes two types of cookie flags (Http Only and Secure) that aim to protect cookie data. However, it notes that cookies remain vulnerable to attacks that can invalidate these protections. The document outlines problems with TLS and HTTPS not fully guaranteeing cookie security. It proposes that additional mechanisms and rigorous checks are needed to mitigate threats.
This document discusses software verification, validation, and testing. It introduces cookies and how they can store private user information. It describes two types of cookie flags (Http Only and Secure) that aim to protect cookie data. However, it notes that cookies remain vulnerable to attacks that can invalidate these protections. The document outlines problems with TLS and HTTPS not fully guaranteeing cookie security. It proposes that additional mechanisms and rigorous checks are needed to mitigate threats.
This document discusses software verification, validation, and testing. It introduces cookies and how they can store private user information. It describes two types of cookie flags (Http Only and Secure) that aim to protect cookie data. However, it notes that cookies remain vulnerable to attacks that can invalidate these protections. The document outlines problems with TLS and HTTPS not fully guaranteeing cookie security. It proposes that additional mechanisms and rigorous checks are needed to mitigate threats.
Collage of electrical and mechanical Engineering Department of software engineering By: Melsew Dagnaw melx4547@gmail.com
ADBT M.D. Oct 19, 2023
Presentation content Introduction Statement of problem Objective of the article Summery of the article Methodology Finding Conclusion Future work
Oct 19, 2023 2
Introduction HTTP cookies store user information and record browsing activity, often containing private user information. Popular web servers like Google, YouTube, and Amazon
leak sensitive data, and some applications use cookies as
authentication tokens. A cookie flag is a security mechanism that protects data in
cookies. Two types are Http Only and Secure flags. Http Only restricts cookie access, while Secure flags protect
cookies over encrypted connections.
Oct 19, 2023 3
Continue---- A rotten cookie attack can invalidate cookie flags, even if encrypted by TLS, by exploiting insecure HTTP mechanisms and AES-GCM implementation. Cookie theft attack exploits HTTP integrity verification,
requires rigorous nonce duplication checks, and presents
mitigation for transport layer reuse.
Oct 19, 2023 4
Problem of the article TLS protocol is widely used for HTTP messages and private cookie protection, but cannot guarantee cookie security, Additional mechanisms like HTTP Strict Transport Security and cookie flags are needed. HTTPS lacks a specific method for checking message
integrity due to its flexibility and scalability.
TLS security is threatened by weak cryptographic
primitives, faulty implementation, Zero-day
vulnerabilities, and side-channels pose practical threats. security weakness of web browsers that can be potentially
exploited by our cookie theft attack that invalidates cookie
flags. Oct 19, 2023 5 Test Plan The Test Plan has been created to communicate the test approach to team members. It includes the objectives, scope, schedule, risks and approach. Objective The objective of this project is to develop online clearance
management system in Productivity improvement and center
of excellence Scope The scope of this project is concerns with only online staff academic clearance system in Productivity improvement and center of excellence. The initial phase will include all ‘must have’ requirements. Oct 19, 2023 6 Continue…. Test Approach The project is using an agile approach, with weekly
iterations. At the end of each week the requirements
identified for that iteration will be delivered to the team and will be tested. Test Automation Automated unit tests are part of the development process, but
no automated functional tests are planned at this time. Use
manual test. Test Environment A new server is required for the web server, the application and the database. Oct 19, 2023 7 Continue…. Milestones / Deliverables:-A milestone is a specific point within a project's life cycle used to measure the progress toward the ultimate goal
Task Name Start Finish Effort
Test Planning 5/9/2023 5/12/2023 3 day deploy to QA test environment 5/13/2023 5/17/2023 4 day System testing 5/18/2023 5/22/2023 4 day Regression testing 5/23/2023 5/27/2023 4 day Performance testing 5/28/2023 5/30/2023 3 day
Deliverables in project management, a deliverable refers to any item that is
produced as a result of a project Deliverable For Date Milestone Test Plan Project Manager; QA Director; Test Team 4 day Traceability Matrix Project Manager; QA Director 4 day Test Results Project Manager 4 day Test Status report QA Manager, QA Director 3 day Metrics All team members 3 day
Oct 19, 2023 8
Continue…..
Oct 19, 2023 9
Test Case A Test Case is a set of actions executed to verify a particular feature or functionality of your software application. A Test Case contains test steps, test data, precondition, post condition developed for specific test scenario to verify any requirement.
Oct 19, 2023 10
Test Suite Test suites are the logical grouping or collection of test cases to run a single job with different test scenarios. Sample for manage employee information apply clearance
Oct 19, 2023 11
test detector Test Link is a web-based test management system that facilitates software quality assurance.
Oct 19, 2023 12
testing report TestReports are an essential part of Software Testing in any project
Oct 19, 2023 13
traceability matrix Requirement Traceability Matrix (RTM) is a document that maps and traces user requirement with test cases .