Test Case: FEA010 – Verify Vulnerability Scanning Tool Integration
Test Case: FEA010 – Verify Vulnerability Scanning Tool Integration
| Test Case ID | TC-FEA010-001 |
| Feature ID | FEA010 |
| Author | Security Team |
| Date of creation | 21.02.2025 |
| Class | Functional / Security |
Test Description / Objective
This test verifies that the vulnerability scanning tool successfully detects, categorizes, and reports known security vulnerabilities in the system.
Links to Requirements or Other Sources
- Use Case: Use-case-FEA010
Test Preconditions
- The vulnerability scanning tool is correctly integrated and configured.
- The system contains at least one known vulnerable dependency for testing purposes.
Test Steps
- Trigger a manual vulnerability scan from the system.
- Verify that the scan initiates and completes within the expected timeframe.
- Check if vulnerabilities in dependencies and configurations are detected.
- Verify that vulnerabilities are categorized correctly (critical, high, medium, low).
- Ensure that the generated report includes descriptions, severity levels, and mitigation recommendations.
- Confirm that notifications are sent to relevant stakeholders (developer, security officer, project manager).
- Introduce a known vulnerability and rerun the scan to verify detection.
Test End-State
- The system successfully detects vulnerabilities and generates a report with appropriate details.
- Developers and security teams receive notifications about the identified issues.
To Be Taken Into Account During Test
- False positives and their handling.
- The tool’s ability to detect new vulnerabilities added after its last update.
- Performance impact of scanning on system resources.
Test Result (Pass/Fail Criteria)
- PASS: The tool successfully detects and reports vulnerabilities with severity categorization.
- FAIL: The tool fails to detect known vulnerabilities, generates incorrect reports, or does not notify relevant users.
Edited by AE9947