Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
  • TF_Legit.Health_Plus
    • Legit.Health Plus TF index
    • Legit.Health Plus STED
    • Legit.Health Plus description and specifications
    • R-TF-001-007 Declaration of conformity
    • GSPR
    • Clinical
    • Design and development
    • Design History File (DHF)
      • Version 1.0.0.0
        • Requirements
        • Test plans
        • Test runs
          • TEST_001 The user receives quantifiable data on the intensity of clinical signs
          • TEST_002 The user receives quantifiable data on the count of clinical signs
          • TEST_003 The user receives quantifiable data on the extent of clinical signs
          • TEST_004 The user receives an interpretative distribution representation of possible ICD categories represented in the pixels of the image
          • TEST_007 If something does not work, the API returns meaningful information about the error
          • TEST_008 Notify the user image modality and if the image does not represent a skin structure
          • TEST_009 Notify the user if the quality of the image is insufficient
          • TEST_010 The user specifies the body site of the skin structure
          • TEST_011 We facilitate the integration of the device into the users' system
          • TEST_012 The user can send requests and get back the output of the device as a response in a secure, efficient and versatile manner
          • TEST_013 The data that users send and receive follows the FHIR healthcare interoperability standard
          • TEST-014 The user authentication feature is functioning correctly
          • TEST_015 Ensure all API communications are conducted over HTTPS
          • TEST_016 Ensure API compliance with Base64 image format and FHIR standard
          • TEST_017 Verification of authorized user registration and body zone specification in device API
          • TEST_018 Ensure API stability and cybersecurity of the medical device
        • 🥣 SOUPs
    • IFU and label
    • Post-Market Surveillance
    • Quality control
    • Risk Management
  • Licenses and accreditations
  • External documentation
  • Procedures
  • Records
  • TF_Legit.Health_Plus
  • Design History File (DHF)
  • Version 1.0.0.0
  • Test runs
  • TEST_015 Ensure all API communications are conducted over HTTPS

TEST_015 Ensure all API communications are conducted over HTTPS

Test type​

System

Linked activities​

  • MDS-449

Result​

  • Passed
  • Failed

Description​

This test run aims to validate the HTTP to HTTPS redirection functionality and ensure the use of valid SSL/TLS certificates for secure communication. The focus is on confirming that all HTTP requests are properly redirected to HTTPS without errors or security warnings and that the SSL/TLS certificates used are valid, not expired, and issued by a trusted Certificate Authority (CA). The API root endpoint will be tested for consistent redirection behavior. Additionally, the SSL/TLS certificates will be checked for validity, proper configuration, and certificate chain. The tests will be conducted in a staging environment mirroring the production setup, with any issues documented and recommendations provided.

These test cases are being run for the first time on this version of the medical device.

Run environment​

Here are the technical specifications of the runtime environment in which the test was conducted:

  • Operating system: macOS Sonoma (version 14.5)
  • Hardware specifications:
    • CPU:
      • Model name: Intel Core i9
      • Number of cores: 8
      • Thread(s) per core: 2
    • GPU:
      • Devices:
        • Intel UHD Graphics 630 (1536 MB)
    • RAM: 16 GB
    • Storage: 1 TB
    • Network:
      • Mean speed: 380 Mbps
      • Mean latency: 5 ms
  • Other relevant software: No particular software was used.

Test case runs​

The following test cases have been executed in this batch:

TEST_015_001​

Outcome​

  • Passed
  • Failed

Expected results​

  • The HTTP request is redirected to the HTTPS URL (e.g., from http://medical-device-pre.legit.health/login to https://medical-device-pre.legit.health/login).
  • The HTTPS request is successfully processed by the API endpoint, and the response is received without any security warnings.

Actual results​

  • The HTTP request is redirected to the HTTPS URL (e.g., from http://medical-device-pre.legit.health/login to https://medical-device-pre.legit.health/login):

  • There are several ways to demonstrate this test, and for this instance, I've chosen to use the Google Chrome browser. In the video below, I start by entering the medical device API URL in the browser with the HTTP protocol. The browser then automatically redirects me to the HTTPS version of the URL.

  • The HTTPS request is successfully processed by the API endpoint, and the response is received without any security warnings:

  • The video below demonstrates that when accessing the API via the HTTPS version of the URL, the API responds with a health check message confirming the device is accessible. The status key indicates that everything is operational and functioning as expected.

Remarks​

No comments to add. The test was carried out manually without any issues.

TEST_015_002​

Outcome​

  • Passed
  • Failed

Expected results​

  • The browser dialog box shows that the connection is secure and confirms a valid SSL certificate.
  • The certificate is issued by Let's Encrypt and has not expired.

Actual results​

  • The browser dialog box shows that the connection is secure and confirms a valid SSL certificate:

  • The certificate is issued by Let's Encrypt and has not expired:

Remarks​

No comments to add. The test was carried out manually without any issues.

Summary of results​

  • Total cases: 2
  • Passed: 2
  • Failed: 0
  • Pass rate: 100 %

Defects and issues​

Defect IDDescriptionSeverityStatusReported byAssigned toActivities generatedRemarks

Observations and recommendations​

All planned test cases were executed successfully, with a 100% pass rate. This indicates that the system performed as expected under the defined scenarios.

Additionally, no defects were found during this testing cycle. The absence of defects suggests a high level of system stability and reliability.

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Tester: JD-017, JD-009, JD-004
  • Approver: JD-005
Previous
TEST-014 The user authentication feature is functioning correctly
Next
TEST_016 Ensure API compliance with Base64 image format and FHIR standard
  • Test type
  • Linked activities
  • Result
  • Description
  • Run environment
  • Test case runs
    • TEST_015_001
      • Outcome
      • Expected results
      • Actual results
      • Remarks
    • TEST_015_002
      • Outcome
      • Expected results
      • Actual results
      • Remarks
  • Summary of results
  • Defects and issues
  • Observations and recommendations
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)