AT002 - SSL/TLS certificate and secure network configurations
| Test case description | Validation of security configuration implementations for SSL/TLS certificates and secure network settings |
| Test case ID | AT002 |
| Test case designer | Iiro Peuhkuri |
| Creation date | 22.3.2024 |
| Classification | Acceptance Test |
Update history
- version 0.1 Base
Test description / objective
The objective is to ensure that the platform's security configurations, specifically SSL/TLS certificates and network settings, are correctly implemented to safeguard the web app and its data against unauthorized access.
Links to requirements or other sources
Pre-state
- Tukko is deployed without the new security measures applied.
Test Steps
- Step 1 -> Verify the SSL/TLS certificate is properly installed and configured for the web app domain.
- Step 2 -> Ensure HTTPS is enforced for all web app pages, redirecting HTTP requests to HTTPS.
- Step 3 -> Test network configurations to block unauthorized access, ensuring only secure ports and protocols are open.
- Step 4 -> Conduct a vulnerability scan to identify any potential security flaws in the current configuration.
End-State
The web app is secured with SSL/TLS encryption, and all network configurations are in place to protect against unauthorized access.
Determination of test result (Pass / Fail Criteria)
- PASS condition: The web app successfully employs SSL/TLS encryption for all its communications, with all network configurations set to secure the app and its data from unauthorized access. No major vulnerabilities are identified in the security scan.
- FAIL CONDITION: Failure to properly install or configure the SSL/TLS certificate, lack of HTTPS enforcement, incorrect network settings allowing unauthorized access, or the presence of critical vulnerabilities in the security scan.