Test 1

TEST 1

Test Case: BIS-2.6.1 Test Name: TC_AUDIT_CODE_FOR_HARDCODED_CREDENTIALS_RECOMMENDED

Objective:

Conduct an independent secure code review (automated + manual) using a licensed static analysis tool to detect any hardcoded credentials or backdoors. The activity is performed at the evaluation agency’s premises.

Tools Used:

Licensed Static Analysis Tool (e.g., Fortify SCA, Coverity, Checkmarx, or equivalent)
Manual Code Review Techniques

Test Execution Steps:

The vendor visits the evaluation agency with the complete firmware source code and binaries.
The evaluation agency installs and configures their licensed static analysis tool.
A full automated scan is executed to identify occurrences of hardcoded strings (credentials/tokens).
A manual code review is performed on authentication modules, configuration files, and network stack components to verify absence of obfuscated or indirect hardcoded credentials.

Expected Results for Pass:

The automated scan shows no instances of hardcoded usernames, passwords, API tokens, or backdoor credentials in the firmware.
The manual review confirms the automated findings and ensures no hidden credential logic is embedded in unreachable branches or encrypted constants.

Test Observations:

(To be filled based on review results, e.g., “No hardcoded credentials were identified in any part of the source code or binary scan results.”)

Evidence Provided:

Static analysis scan reports
Manual review checklist
Screenshots of scan outputs
Vendor declaration of compliance

Test Case Result:

✅ [To be marked as PASS or FAIL based on actual outcome]

Previous2.6 – Audit Code for Hardcoded Credentials Next2.7a – Test Firmware Digital Signature Pinning

Last updated 6 months ago

hashtagTEST 1

hashtagObjective:

hashtagTools Used:

hashtagTest Execution Steps:

hashtagExpected Results for Pass:

hashtagTest Observations:

hashtagEvidence Provided:

hashtagTest Case Result: