Skip to content

FEA403 Test case
Test Case description Implement automated scanning for known security vulnerabilities
Test Case ID FEA403-TC001
Autohor/Designer DEV
Date of creation 11.03.2024
Class non-functional

Test description / objective

This test case should verify the effectiveness of automated scanning for known security vulnerabilities for the Tukko application, ensuring accurate detection, comprehensive reporting, and prioritized improvement.

Links to requirements or other sources

Test steps

  1. Step: Verify that the scanning tool is properly configured with the latest database of known security vulnerabilities.
  2. Step: Initiate an automated scan on the target system or application.
  3. Step: Monitor the scanning process for any errors or interruptions.
  4. Step: Verify that the scanning tool accurately identifies and reports known security vulnerabilities within the target system or application.
  5. Step: Validate that the scanning tool provides detailed information about each identified vulnerability, including severity level and potential impact.
  6. Step: Ensure that the scanning tool generates a comprehensive report summarizing the findings of the scan, including recommendations for remediation.
  7. Step: Review the scan report and prioritize remediation efforts based on the severity of identified vulnerabilities.

Test end-state

After running the test, the system should have completed an automated scan for known security vulnerabilities on the target system or application. A detailed report outlining the identified vulnerabilities and recommended remediation steps should be generated.

To be taken into account during test

  • Ensure that the scanning tool is compatible with the target system or application environment.
  • Verify that the scanning process does not impact the performance or availability of the target system or application.
  • Validate that the scanning tool adheres to any regulatory or compliance requirements applicable to the organization.

Test result (Pass/Fail Criteria)

  • PASS condition: The scanning tool accurately identifies known security vulnerabilities, generates a comprehensive report, and provides recommendations for improvement.
  • FAIL condition: The scanning tool fails to identify known security vulnerabilities, generates incomplete or inaccurate reports, or does not provide meaningful recommendations for improvement.