TC003 - As a platform engineer, I want to configure security measures, such as SSL/TLS certificate s and secure network configurations, to protect the web app and its data from unauthorized access.
| Test Case description | Security configuration for Tukko |
| Test Case ID | TC003 |
| Autohor/Designer | Iiro Peuhkuri |
| Date of creation | 25.3.2024 |
| Class | Functional/Security |
Test description / objective
This test case verifies the correct implementation of SSL/TLS certificates and secure network configurations for the web application.
Links to requirements or other sources
Test pre-state
Application is running without certificates and secure network configurations.
Test steps
- Verify that the certificate is issued by a trusted Certificate Authority (CA).
- Verify that the certificate covers the correct domain name(s).
- Configure the server to enforce HTTPS redirects (HTTP traffic redirects to HTTPS).
Test end-state
- The web application is accessible only over HTTPS connections.
- Security testing tools confirm strong SSL/TLS implementation.
- Network scans reflect proper network configuration and access restrictions.
To be taken into account during test
- Test with a variety of web browsers to ensure compatibility.
- Consider using automated testing tools for certificate and configuration validation.
- Document all configurations and changes for future reference.
Test result (Pass/Fail Criteria)
PASS: * The web app enforces HTTPS. * SSL/TLS certificate is valid and trusted. * Strong cipher suites are used, outdated protocols are disabled. * Network configurations meet security standards and restrict unnecessary access.
FAIL: * HTTP access is still possible. * Certificate has errors, is untrusted, or is expired. * Weak cipher suites are in use. * Network security controls are inadequate.