Re-testing :is nothing but the process of re-executing all the test cases on the

same application inorder to verify whether the application is complete and correct
. it is a manual process which involves tester presence to update differnt i/ps

Data Driven Testing :i nothing but the process of re-executing all the test cases
by taking multiple test datas inorder to verify the application behavior under
multiple i/p datas. It is easy process compared to the above process as it was
done with automation

Data Driven Testing: Testing the application with different set of values.to
ensure that how application performs with multiple sets of data.

Retesting means not checking whether the bug is fixed or not" checking behaviour
of system for different sets of inputs

http://www.softwaretestinghelp.com/web-application-testing/

Thought of sharing the web security checklist...

------------------------------------------------

1 Is confidentiality/user privacy protected?

2 Does the site prompt for user name and password?

3 Have you verified where encryption begins and ends?

4 Are concurrent log-ons permitted?

5 Does the application include time-outs due to inactivity?

6 Is bookmarking disabled on secure pages?

7 Does the keylock display on status bar for insecure/secure pages?

8 Is Right Click, View, Source disabled?

9 Are you prevented from doing direct searches by editing content in the URL?

10 If using Digital Certificates, test the browser Cache by enrolling for the
Certificate and completing all of the required security information. After
completing the application and installation of the certificate, try using the <--
BackSpace key to see if that security information is still residing in Cache. If
it is, then any user could walk up to the PC and access highly sensitive Digital
Certificate security information.

11 Is there an alternative way to access secure pages for browsers under version
3.0, since SSL is not compatible with those browsers?

12 Do your users know when they are entering or leaving secure portions of your
site?

13 Does your server lock out an individual who has tried to access your site
multiple times with invalid login/password information?

14 Test both valid and invalid login names and passwords. Are they case sensitive?
Is there a limit to how many tries that are allowed? Can it be bypassed by typing
the URL to a page inside directly in the browser?
15 What happens when time out is exceeded? Are users still able to navigate
through the site?

16 Relevant information is written to the log files and that the information is
traceable.

17 In SSL verify that the encryption is done correctly and check the integrity of
the information.

18 Scripting on the server is not possible to plan or edit scripts without

authorization.

19 Have you tested the impact of Secure Proxy Server?

20 Test should be done to ensure that the Load Balancing Server is taking the
session information of Server A and pooling it to Server B when A goes down.

21 Have you verified the use of 128-bit Encryption?

22 Check to see URL Manipulation is not allowed

23 Check for SQL injection

24 Check for XSS (Cross Site Scripting)

25 HTML Injection

26 Cookie Testing

1) What is the Encryption or Decryption Algorithm used

2) In Which File is the password stored?
3) How are Sessions maintaned and managed? Session hijacking
4) Where are Cookies stored? Client or Server? Cookie Poisoning
5) What special characters are permitted in the application? SQL Injection