Now a days, website handles important functionalities like online transactions (payments, data transfer) etc. Therefore the security of the websites should be ensured or security testing should be carried out before taking the website to live. Security testing is a testing method in which we ensure that the confidential datas of a website are accessible only to the intended people and not to others. In this article, I have included a brief note on how to test Secure Pages module on a Drupal site.
Suppose you are testing on a Drupal website and the site is enabled with "Secure Pages module" for securing the confidential pages of the site. From a tester point of view, here I will explain the cases to be considered while testing 'Secure Pages module'.
The cases are,
- Ensure that the Secure Pages module is enabled on your site.
- Ensure that the settings of Secure Pages are configured correctly.
You can find this at, Admin >> Configuration >> System >> Secure Pages
- Ensure that all the confidential pages of the site are added to the secure list in settings page.
- Ensure that the pages that are given in Secure Pages list are redirected to "Https" while accessing those pages.
ie, For eg: if login page of the site is added to Secure Pages list, then the login page will load in this format, https://drupal.org/user/login otherwise the URL is http://drupal.org/user/login. The 'https' is a communication protocol which does not allow unauthorized users to hack the secured pages and provide a secure communication over a website/network.
- Ensure that if a user tries to access the page by re-editing the https page as http, then the user should be redirected to https page itself.
These are the cases to be considered while testing 'Secure Pages module'. Hope this article will be helpful for testers.