Web Portal-Quality Assurance, Security, RSS Feeds & Site Map

56 – Prasad Janardhanan34 – Jyotsna Panicker33 – Deepak Pandit17 – Ramraj Gupta

QA for Web Portal

Types of Testing

• Adherence to functional requirements• Functional testing

• Adherence to non-functional requirements• Performance testing• Release of beta version to get feedback on usability

• Security related testing• Vulnerability assessment• Penetration testing

Functional Testing

• Map every requirement to a set of test cases• Create required test data • Valid values• Invalid values• Boundary values

• Approach• Use black box testing• Unit testing and code review is already done• Do not use test automation as GUI may change

based on testing feedback

Compatibility testing

• Covered O/S• Windows (XP, 7)• Redhat Linux 5• Mac O/S Latest version

• Browsers• Internet Explorer 6, 7, 8• Google Chrome 11.0• Mozilla Firefox 3.6

• Use VM-Ware to switch across various environments. This will save hardware and Power requirements

Performance Testing• Criteria• Response time should be around 2 to 4 sec on every click• Check user experience with standard bandwidth and

desktop• Performance should be retained on worst case peak load

for 4 hours• Approach• Use Load-runner to simulate load and concurrency• Use equivalent volume of data that will be populated in the

system in next 3 years• Use actual hardware that will be used on production• If you change the code for performance tuning, re-test for

functionality

Beta Release

• Before Production Launch• Exposed / advertised to closed user community• Trial basis, no commercial use and hence no liability• Study user feedback on usability• Monitor practical issues faced in hosting • Correct the gaps before launch

Vulnerability Assessment Test

• Attempt typical hacks• Denial of service• SQL injection• Port scan

• Enumerate points of weakness• Try to intrude into firewall

Application level Security

Authentication• Login Authentication• Validate user credentials

• Automatic lock out after 3 consecutive failed attempts

• Periodic change of passwords

• Optional Virtual Keyboards

• Mutual Authentication

• Forgot Password• Challenge/response component

Authentication• Fund Transfer• Password for every individual transaction

• Two Factor Authentication

• Device-based authentication for Corporate Customers

• Token number through Mobile for Retail customers

• Maker & Checker process for Corporate Customers

Authorization

• Application Level• Category of users • Privileges of each user

• Database Level• Limit Access to database to select high level users• Only Middle ware will be having access to the DB• Storing user critical data in hashed/encrypted format

Secure Sockets Layer (SSL) for Data security between the customer browser and our Web server

SSL provides data encryption, server authentication, and message integrity for a Internet connection.

Data encryption at the highest level (128 bit)The World Wide Web interface receives SSL

input and sends requests through a firewall over a dedicated private network to the Internet banking server.

Secure Socket Connection

Monitors login attempts Recognizes failures that could indicate

a possible unauthorized attemptWhen such trends are observed, steps

will be taken automatically to prevent that account from being used.

Security Analyzer

Database Security Protection of Connection string to connect to DB Use least-privileged, local accounts for running

Enterprise Services when connecting to DB

Audit Trails Auditing of all logons is on by default. All transactions performed by users are logged in the

system and stored in DB files History of Sales executive mapping against clients will

be available

Session based application In-case web-portal is idle for next 10 minutes then

application session will be expired and user need to re-login to the application

Reports Password protected reports will be dispatched to user Masking of critical data

RSS Feeds

Stay connected to important updates by subscribing to RSS feeds. The feeds include new releases, case studies and documents from the website.

Download an RSS reader. The RSS reader will help to manage subscriptions and periodically check the Bank website to deliver the latest information to your desktop.

Click on the region or country of your choice. When the page opens you will see the raw XML code.

Drag or cut and paste the URL of the feed into your RSS reader and follow the instructions for your particular reader to subscribe.

Leave the RSS Reader open or minimize it on your toolbar so that you can be alerted whenever new content is added.

Sitemap

• Personal Banking.• Wholesale Banking.• NRI Services.• About Us.

Personal Banking• Accounts & Deposits• Savings Account• Current Account• Salary Account• Fixed Account

• Loans• Personal Loan• Home Loan• Two wheeler Loan• New Car Loan• Used Car Loan• Loan Against Securities• Loan Against Property• Tractor Loan

Cards• Credit Cards.

• Sliver Credit Card.• Gold Credit Card.• Titanium Credit card.• Value Plus Credit Card.• Women’s Gold Credit Card.

• Debit Cards.• International Debit Cards.• Gold Debit Cards.• International Business Debit Cards.• Women’s Advantage Debit Cards.

• Prepaid Cards.• Gift Plus Cards.• Food Plus Cards• Money Plus Cards.

Personal Banking (2)

Investment & Insurance• Mutual Funds• Insurances• Bonds• General & Health Insurance

Payment Services• Net safe• Merchant Service• Pay now• Visa Bill-Pay• Visa Money Transfer

Access Your BankNet bankingCerditCard OnlineATMMobile Banking

Personal Banking (3)

• Corporate• Funded services• Non Funded Services

• Small & Medium Enterprises• Internet Banking

• Financial Institutions & Trust• Financial Institutions• Mutual finds• Stock Brokers

Whole sale Banking

• Accounts & Deposits• Rupee Saving Account• NRE Saving Accounts• Rupee Current Accounts• NRE Current Accounts• NRO Current Accounts• Rupee, NRO, NRE Fixed Deposits

• Investment & Insurances• Mutual Funds• Private Banking• Insurances

• Loans.• Home loans• Gold Credit Card• Loans against Securities

NRI Services

• Payment Services.• Net-safe.• Bill Pay• Direct Pay• Excise & Service Tax Payment.

• Access your Bank.• Net Banking• Instant Alerts• ATM• Phone Banking.• Branch Network.

• Customer Center.• Offers & Deals

NRI Services(2)

About Us• Profile.• Promoter• Business Focus• Management• Loans for every needs

• Shareholdings in Bank.• Shareholding Pattern.• History of share issues.

• Corporate Governance.• Code of Corporate Governance.• Profiles of Directors.• Ownerships Rights.

Thank you