How to go about testing Web Filtering for a company's server?

Hi all,
I am a new member to this site and an apprentice in software testing so my terminology and knowledge is pretty limited.
I have been set the task to test a web filtering solution that will be given to me. This solution will basically filter out anything that is not suitable within a workplace e.g Betting, Porn, Gaming Etc. I have been given various requirements of what my client needs and expects the solution to do. So far I have created a fairly basic test strategy and test plan for the requirements given.
As you can see I am not to knowledgeable within this area but any advice that can be given is appreciated.

Hi, welcome to the site.

So first 2 questions would be:

  • Do you know how are they doing the filtering? (just blacklisting certain urls?)
  • What does your current strategy look like?

Just so people aren’t telling you things you have already thought of or ideas that aren’t relevant to the solution.

Hi, is the proposed filtering solution based on URL blacklisting, IP address blacklisting, or keyword detection? Depending on how it works there are a number of things you need to consider; if it maintains a blacklist of unsuitable sites then can you get around this by finding and entering the IP for the dodgy site? If it looks for keywords will it throw false positives; for example I read an article in The Register this morning about malware being delivered through a large adult content site but they’d scrambled the name of it slightly to avoid being blocked by over-zealous censor bots, even though the article itself didn’t contain anything dubious and is something an IT pro could reasonably expect to read at work.

The more information you can give here on how the solution is meant to work and what you’ve got so far in your strategy and plan, the better and more precise the answers are likely to be.:thinking:

1 Like