Scribd Logo
Unggah

Selamat datang di Scribd!

  • Test Case

    Diunggah oleh

    api-3713843
    275 tayangan3 halaman
    FINAL SEMESTER PROJECT

    Hak Cipta

    © Attribution Non-Commercial (BY-NC)

    Format Tersedia

    DOC, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    FINAL SEMESTER PROJECT

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai DOC, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    275 tayangan3 halaman

    Test Case

    Diunggah oleh

    api-3713843
    FINAL SEMESTER PROJECT

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai DOC, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 3

    Test Case

    Definition: it is a software testing document, which consists of event,


    action, input, output, expected result, and actual result. Clinically
    defined (IEEE 829-1998) a test case is an input and an expected result.

    1. We can restrict some of the clients from possessing the ticket for
    the server and check its extension; the extension is expected to
    be empty.
    2. During Handshake, before sending the NewSessionTicket to the
    client we must check for the client message status, i.e. whether
    it’s verified or not, the expected status is the finished message of
    the client to be verified.
    3. When the ticket is received by the client, we must check for the
    opacity of the message.
    4. When the server sends the new ticket to a client, we must test
    for the presence of Master Secret and other parameters which
    are required for the current session.
    5. After the completion of the Handshake, test conditions should be
    put of the flow of the messages between the server and the
    client; this should obey the conventional flow as expected
    6. On the rejection of the ticket, the full handshake should take
    place and test conditions should be applied to check whether the
    expected new ticket has been issued to the client (if it lies in the
    respective case)
    7. If the client is prepared for receiving and sending ticket, we must
    check that it posses at least a Zero length ticket in the Session
    ticket extension.
    8. In the ticket verification phase, if the server fails then a test case
    for the full handshake to have failed should be expected and
    checked.
    9. If the full handshake fails, a test case on it acceptance should be
    applied and checked for the ticket deletion by the client.
    10.Validity of the ticket in the client- this test condition should be
    applied to check that the client has verified the servers finished
    message.
    11. Since the updated ticket is issued before the handshake
    completes, it is possible that the client may not put the new
    ticket into use before it initiates new connections, so the test
    condition should be applied to check the start of the new ticket
    issued to the client.
    12.Ticket should be encrypted in such a way that it should not be
    visible 2 any eavesdropper nor the client, while sending the
    ticket to the client, a check on the parameters passed and the
    secret key withheld with the server must be checked.
    13. TICKET LIFETIME- it is indicated in the ticket lifetime field from
    the server and it indicates the life time in seconds, if the value is
    zero then it means the expiry is unspecified; a test condition
    should be applied to check whether the client which used the
    ticket DELETES it after its usage/expiry.
    14. Ticket should be structure in such a way that it is not examinable
    by the clients.

    struct {
    opaque key_name[16];
    opaque iv[16];
    opaque encrypted_state<0..2^16-1>;
    opaque mac[20];
    } ticket;

    15. Fragment length test case: TLS specifies a fixed maximum


    plaintext fragment length of 2^14 bytes. It may be desirable for
    constrained clients to negotiate a smaller maximum fragment
    length due to memory limitations or bandwidth limitations, it
    should also be checked that nothing exceeds the maximum limit
    as specified.
    16.If the fragment length value is other than the allowed value, an
    alert must be generated stating “illegal parameter” and the
    handshake must be aborted.
    17.Session ID- if the server wants to issue a session ticket to the
    client that does not present one, it should include an empty
    session ID in the message.
    18. A check on the assignment of TLS session ticket extension
    number to be in coherence with IANA consideration. Eg. 35 to
    session ticket and 4 to handshake type.
    19.A check of the server not relying on the session ID while
    validating the ticket should be performed.
    20. Client authentication: a test on the presence of the client’s
    certificates or the certificate URL’s during handshake when client
    authentication is performed.
    21.As it’s the connection between client and server, there are
    possibilities of eavesdropping or modification of the ticket which
    is being transferred between server and client- test cases for
    security consideration must be applied, mainly regarding- stolen
    tickets, forged tickets and invalidation of sessions, ticket lifetime
    etc.
    22. Validity of server certificates, a reference must be provided to
    the clients to save the bandwidth and roundtrips/resources.
    23.Providing alerts for certain cases and testing for its generation
    for certain faults. Alerts for – unsupported extension,
    unrecognized name or certificate can be a remedy.

    Anda mungkin juga menyukai