Archive for 2018

Day 5: Contribute to the list of publicly available APIs over on The Club, that we can utilise to practice API testing.

Yet Another Challenge! Ministry of Testing got us 30 days Testing Challenge.

This time topic is on API Testing.


It has been long time I have worked on API Testing, after learning from API Testing Dojo (year 2015).

Fifth Challenge is Contribute to the list of publicly available APIs over on The Club, that we can utilise to practice API testing.




Knowledge is of no value unless you put it into practice..

If you are looking to practice API testing, Below places are good to start with.

The Star Wars API - https://swapi.co/
This resource is good for practice in API testing using GET Calls.


Restful-API Broker  - https://restful-booker.herokuapp.com/apidoc/index.html
This resource is good for practicing API Testing using GET, POST, PUT, PATCH, DELETE calls.


Other Available Public API's:

APIs Marketplace:  https://market.mashape.com/explore

Public list of APIs from round the web: https://github.com/abhishekbanthia/Public-APIs 

API Directory:  https://www.programmableweb.com/apis/directory

Public JSON APIs for use in web development: https://github.com/toddmotto/public-apis

Ministry of Testing Discussion Thread:  https://club.ministryoftesting.com/t/30-days-of-api-testing-day-5-publicly-available-apis-to-practice-api-testing/19648/26

Posted in , , , | Leave a comment

Day 4 : Share a resource on HTTP and how it works

Yet Another Challenge! Ministry of Testing got us 30 days Testing Challenge.

This time topic is on API Testing.


It has been long time I have worked on API Testing, after learning from API Testing Dojo (year 2015).

Fourth Challenge is Share a resource on HTTP and how it works



HTTP is very common term used whether you are testing API, Web Application, Security and  Performance, you need to know what is HTTP and How it Works.

APIs use HTTP as a protocol to communicate.

Below resources will help you in understanding HTTP and How it works:

HTTP Tutorial - How Does HTTP Work - FullStack Academy
https://www.youtube.com/watch?v=M_oTNuVNkms 

Introduction to HTTP - Hypertext Transfer Protocol


How HTTP Works:



Posted in , , , | Leave a comment

Day 3: Begin reading an API testing related book and share something you’ve learnt by day 30

Yet Another Challenge! Ministry of Testing got us 30 days Testing Challenge.

This time topic is on API Testing.


It has been long time I have worked on API Testing, after learning from API Testing Dojo (year 2015).


Third Challenge is Begin reading an API testing related book and share something you’ve learnt by day 30


I have purchased the book: Automating and Testing a REST API


I have choosen this book for three reasons.
  1. It covers the API Fundamentals
  2. It covers a case study to do with Tools like Postman, Curl, OWASP ZAP Proxy
  3. Automation of the API.

My main focus is to cover first two reasons by end of this month.

I will share about my learnings by end of the month.

Posted in , , , | Leave a comment

Day 2: How would you approach API Exploratory Testing?

Yet Another Challenge! Ministry of Testing got us 30 days Testing Challenge.

This time topic is on API Testing.


It has been long time I have worked on API Testing, after learning from API Testing Dojo (year 2015).


Second Challenge is How would you approach API Exploratory Testing?



Posted in , , , | Leave a comment

Day 1: Define What API testing is, Share your definition

Yet Another Challenge! Ministry of Testing got us 30 days Testing Challenge.

This time topic is on API Testing.


It has been long time I have worked on API Testing, after learning from API Testing Dojo (year 2015).

The First One in the list is:  Day 1: Define What API testing is, Share your definition 


Posted in , , , | Leave a comment

Learning Something New: 17/10/2018

Problem Steps Recorder:

I have heard about this application in the session by James Bach on Exploratory Testing.

To start up Problem Steps Recorder type in “psr.exe” (no quotes) into the Start menu Search box.
Start the recording as you progress the steps in the application.


In windows 10, It is called as Step Recorder.

Benefits:
It records everything including the steps performed and click actions along with screenshots.You can additionally add the comments (Additional information) for the steps performed.



Posted in , | Leave a comment

Learning Something New: 06/08/2018




                                     What have I enjoyed today?

1. Took a new approach to test a case at work. Found defects in the application.
--------------------------------------------------------------------------------------------------
2. Started learning about Web Application Security Testing
--------------------------------------------------------------------------------------------------

                                       What have I learned today?

1.  Started learning about a Tool: Burp Suite. Lessons from @SunnyWear
2.  What is meant by Proxy?
3.  How Burp Suite tool interacts between Browser and Application.
--------------------------------------------------------------------------------------------------
2.  Task: Configuring the browser to use Burp Suite as local proxy.
3.  Task: Did a Automated Web Spidering on a website using the Burp Suite.
4.  Task: Reviewing the site map generated by Burp Suite.
5.  Task: Reviewing the content which site map has discovered.


Posted in , | Leave a comment

Learning Something New: 20/07/2018

Allow nothing or no one to slow your pace or affect your energy; stay consistently flowing, forever growing.




Subject: Java Fundamentals


Topics:
  1. Arithmetic Operators
    • Basic Operators: + - * / %
    • Prefix/Post fix Operators:  ++  --
    • Compound/Assignment Operators:  +=  -=   /=   *=   %=
  2. Basic Operators Example:
 public class BasicOperators {  
      public static void main(String[] args) {  
           /**  
            * Floating Point Examples  
            */  
           //Addition of two variables  
           float valAddA = 1.0f;  
           float valAddB = 2.0f;  
           System.out.println("valAddA + valAddB: " + (valAddA + valAddB));  
           //Subtraction of two variables  
           float valSubA = 5.0f;  
           float valSubB = 4.0f;  
           System.out.println("valSubA - valSubB: " + (valSubA - valSubB));  
           //Multiplication of two variables  
           float valMulA = 4.0f;  
           float valMulB = 2.0f;  
           System.out.println("valMulA * valMulB: " + (valMulA * valMulB));  
           //Division of two variables  
           float valDivA = 13.0f;  
           float valDivB = 5.0f;  
           System.out.println("ValDivA / ValDivB: " + (valDivA / valDivB));  
           //Modulus of two variables  
           float valModA = 13.0f;  
           float valModB = 5.0f;  
           System.out.println("valModA % valModB: " + (valModA % valModB));  
           /**  
            * Integer Examples  
            */  
           //Addition of two variables  
           int valAddAB = 1;  
           int valAddBA = 2;  
           System.out.println("valAddAB + valAddBA: " + (valAddAB + valAddBA));  
           //Subtraction of two variables  
           float valSubAB = 5;  
           float valSubBA = 4;  
           System.out.println("valSubAB - valSubBA: " + (valSubAB - valSubBA));  
           //Multiplication of two variables  
           int valMulAB = 4;  
           int valMulBA = 2;  
           System.out.println("valMulAB * valMulBA: " + (valMulAB * valMulBA));  
           //Division of two variables  
           int valDivAB = 13;  
           int valDivBA = 5;  
           System.out.println("ValDivAB / ValDivBA: " + (valDivAB / valDivBA));  
           //Modulus of two variables  
           int valModAB = 13;  
           int valModBA = 5;  
           System.out.println("valModAB % valModBA: " + (valModAB % valModBA));  
      }  
 }  

Output:
valAddA + valAddB: 3.0
valSubA - valSubB: 1.0
valMulA * valMulB: 8.0
ValDivA / ValDivB: 2.6
valModA % valModB: 3.0
valAddAB + valAddBA: 3
valSubAB - valSubBA: 1.0
valMulAB * valMulBA: 8
ValDivAB / ValDivBA: 2
valModAB % valModBA: 3



Subject: Web Application Security

Topics:

  1. Owasp #6: Unvalidated forwards and Redirects
    • Example: When an attacker sends you a link, with malicious site embedded in URL to redirect.
    • www.mysite.com/login?page=www.hackersite.co.au
    • You might follow the link and use the web application after login, without looking at the URL and page redirecting to, where hackersite.co.au resembles the mysite.com
    • This is also referred as Open redirect vulnerabilities

Posted in , , | Leave a comment

Learning Something New: 19/07/2018


An investment in knowledge pays the best interest.




Subject: Web Testing 101 - How to test World Wide Web

Topics:
  1. HTML <input> readonly Attribute
The readonly attribute is a boolean attribute.

When present, it specifies that an input field is read-only.

A read-only input field cannot be modified (however, a user can tab to it, highlight it, and copy the text from it).

The readonly attribute can be set to keep a user from changing the value until some other conditions have been met (like selecting a checkbox, etc.). Then, a JavaScript can remove the readonly value, and make the input field editable.

 <!DOCTYPE html>  
 <html>  
 <body>  
 <form action="/action_page.php">  
  Email: <input type="text" name="email"><br>  
  Country: <input type="text" name="country" value="Norway" readonly="readönly"><br>  
  <input type="submit" value="Submit">  
 </form>  
 </body>  
 </html>  


When any application shows: read-only attribute field.

Perform below steps.

a. Open chrome web developer tools 
b. Right-click on the button you want to test, and click "Inspect".  
c. In the developer tools panel, you will now see the html for that field highlighted.
d. Right-click on that highlighted text and choose "Edit as HTML".  An editable text window will open up.  
e. If you see text such as readonly="readonly" delete the attribute.  
f. Click away from the editable field, and see if your button is now enabled. 
g. If it is, click on it, update the values and see what happens in the database.








A note on Security, It's important to remind that even using readonly attribute, you should never trust user input which includes form submissions. Because, it can still be modified with Firebug, DOM Inspector, etc, or they can just submit a HTTP request without using the browser at all. 
Validate to check if there are client Side and Server Side Validations.
Or Provide only the text value of email address.

Posted in , | Leave a comment

Learning Something New: 18/07/2018

“When we compare ourselves to others, we reject ourselves. In the moment, we’re defined by that breadth of comparison rather than the extraordinary uniqueness that makes us who we are.”.



Subject: Java Fundamentals


    Topics:
    1. Primitive Data Types for Variables
      • Integer
      • Floating
      • Character
      • Boolean
    2. Data Types - Size in Bits - Min Value - Max Value - Literal Format
    3. Integer Types:
      • long type: uses literal formal 'L'
    4. Floating Types:
      • float type: uses literal format 'f'
      • double type: uses literal format 'd'
    5. Character Types:
      • Literal values are stored in single quotes.
      • Also stores unicode characters.
    6. Boolean Types:
      • Stores either True or False
    7. Primitive Data Types are stored by Value.



    Subject: Web Testing 101 - How to test World Wide Web

    Topics:
    1. ID Elements on Web:
      • Most of the Web applications, I see there are errors in console. 
      • Typical ones are Same Element Id is used twice. I learnt myself, that there should be unique id's instead of duplicate element ids.

    [DOM] Found 2 elements with non-unique id #priceVal_1412: 
    <input type=​"hidden" id=​"priceVal_1412" value=​"20.7">​ 
    <input type=​"hidden" id=​"priceVal_1412" value=​"17.57"> 

    Albert Gareev mentions: That will also impact accessibility. Screen readers rely on id to describe relationships; for example, edit box and its label.


    Follow HTML guidelines

    Web browsers are designed with the HTML specification in mind, and going against it can lead to unexpected issues with your web page. This means:
    Element id attributes should be unique: no two elements should have the same id.


    References: https://www.chromium.org/developers/design-documents/create-amazing-password-forms

    Posted in , , | Leave a comment

    Learning Something New: 17/07/2018

    "It always seems impossible until it's done."




    Subject: Java Fundamentals


    Topics:
    1. Variables
    2. Declaration of Variables
    3. Assignment of Values to Variables
    4. Variables = Ability to store and manipulate values (Named Data Storage)
    5. Declaration and Assignment of Values in a single statement
    6. Naming Variables
      • Combination of Rules and Conventions.
      • Rules: Allows use of letters, numbers, $ and underscore
      • Convention: Only letters and numbers are used.
      • Rules: First character is not a number
      • Convention: First character is always a letter
      • Convention: Follow "Camel Casing"
        • First letter is lowerCase
        • Start of each word after first is UpperCase
        • All other letters are lower case.
    7. We can assign a value to variable and later modify it to other.
    8. Local Variables: 
      • Variables declared inside the main method
     public class Variables {  
          public static void main(String[] args) {  
               /**  
                * Declaring only the local variable and printing the variable.  
                *   
                * int myVar;  
                * System.out.println(myVar);  
                *   
                * Error during compilation:  
                * Exception in thread "main" java.lang.Error: Unresolved compilation problem:   
                * The local variable myVar may not have been initialized  
                * at Variables.main(Variables.java:8)  
                */  
               int myVar; //Declaring the local variable  
               myVar = 50; //Assigning the value to local variable  
               System.out.println("myVar=" + myVar);  
               int anotherVar = 100; //Declaring and assigning another local variable  
               System.out.println("anotherVar=" + anotherVar);  
               myVar = anotherVar ; //Assigning copy of value of anotherVar to myVar  
               System.out.println("myVar=" + myVar);  
               System.out.println("anotherVar=" + anotherVar);  
               anotherVar=200; //Assigning another value to anotherVar. As it is already declared earlier.  
               System.out.println("myVar=" + myVar);  
               System.out.println("anotherVar=" + anotherVar);  
          }  
     }  
    




      Subject: Web Application Security

      Topics:


      1. OWASP - #4: Insecure Cryptographic Storage
        • When you register a user, find out how the passwords are stored in application.
        • If it is Plain text, then it is leads to security vulnerability.
        • Passwords should never be stored in unencrypted format: plain text on server.
        • Better way is to store using one-way cryptographic hash of user's password.
        • While logging to the application, Password is computed with hash function and compares the hashed password with stored hash password. If both matches, Login is granted.
        • Benefits: Only one-way hash, cannot compute the string from hash.
        • Hash Functions: SHA-1 , SHA-512 etc.
        • More better way to secure is: Adding Salt (Random text) to the password, before computing the hash function. This maximizes the password cryptography.
        • Without Salt, when user creates a password as "Hello" and another user creates the same password as "Hello". When they are computed through Hash function. Both Hashed Passwords will be same.
        • Reference: Web Application Security - What Testers can do.
      2. OWASP - #5: Failure to Restrict URL Access
        • Keep unauthorized users out of access of modules from UI Navigation and By URL.

      Posted in , , | Leave a comment

      Learning Something New: 16/07/2018



      "Be more consistent than everyone around you and you will win



      Subject: Web Application Security

      Topics:
      1. OWASP - #1: Broken Authentication and Session Management
        • What is HTTP
        • How web server communicates with web application
        • What is meant by Stateless protocol.
        • What is Session Identifier (ID)
        • Why do web applications use Session ID
        • Identify the pattern of Session ID's in your application.
        • Is your session ID displaying in the URL of the web aplication?
          • Can anyone use the same URL and impersonate the session

      Subject: Accessibility Testing

      Topics:
      1. Tool used to evaluate the web application for Accessibility.
          • WAVE - http://wave.webaim.org/
      2. Understanding the tool, how it works.


      Exercise: Enter the URL of the website and Hit Enter.
      Summary will display errors, warnings, information etc.


          Posted in , , | Leave a comment

          Learning Something New: 12/07/2018

          "You learn more from losing than winning. You learn how to keep going. Think Beyond Winning and Losing" 




          Subject: Web Application Security

          Topics:
          1. OWASP - #1: Injection
            • What is Injection
            • How attacker injects the code into web application
            • Different types of Injection Attacks
              • SQL Injection
              • XPATH/XQuery Injection
              • LDAP Injection
              • Command Injection
          2. OWASP - #2: Cross - Site Scripting (XSS)
            • What is Cross-Site Scripting
            • How attacker injects the code into web application
            • What happens when attacker injects the code


          Subject: Accessibility Testing

          Topics:

          1. Learning about Diversity of Disabilities
          2. Different Disabilities:
            • Visual
            • Auditory
            • Physical
            • Cognitive
            • Learning
            • Emotional
          3. Definition: A disability is defined as a physical or mental impairment that substantially limits one or more major life activities. Specifically, a qualified individual with a disability is someone who can perform the essential functions of the job with or without reasonable accommodation.

          Posted in , , | Leave a comment

          Learning Something New: 11/07/2018

          "Move out of your comfort zone. You can only grow if you are willing to feel awkward and uncomfortable when you try something new."




          Subject: Java Fundamentals

          Topics:
          1. Statements Structure
            • Statements ends with semicolon.
          2. Comments 
            • Usage of Comments in code
            • Types of Comments
              • Line Comments
              • Block Comments
              • Java Doc Comments
          3. What is package
          4. Package Naming Conventions
            • Example: package com.strls.testing.learnjava
          5. Correlation between package names and Source file structure.
          6. Before adding package name to the java file. Structure of Folders in IDE.
            • src -> main.java
          7. After adding package name to java file. Structure of Folders in IDE.
            • src -> com -> strls -> testing -> learnjava -> HelloWorldOrganized -> main.java
           package com.strls.testing.learnjava;  
           public class HelloOrganized {  
           public static void main(String[] args) {  
                System.out.println("Hello Get Organized");  
           }  
           }  
          


          Subject: Web Application Security

          Topics:
          1. OWASP - Open Web Application Security Project (www.owasp.org) - open source project with goal of improving web application security.
          2. OWASP Top 10 is popular list, which ranks the most risks to the low risk.
          3. Download the List from below link.
          https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project  

          Do Not Think as an Attacker, When you are not an Attacker. Learn about security principles , that can help you as a Defender.

          Posted in , , | Leave a comment

          Learning Something New: 10/07/2018

          If you learn something new every day, you can teach something new every day.

          Image result for time machine

          Subject: Java Fundamentals

          Topics:

          • Verifying Java JDK installation is correct or not from command line.

          • Installation of Eclipse IDE
          • Creating a Simple Java Application. (Hello World Program)
          •  /**  
              * This class implements the HelloWorld program  
              * @author srinivas.kadiyala  
              * @version 1.0  
              *  
              */  
             public class HelloWorld {  
                  /*  
                   * Using comments in HelloWorld  
                   */  
                  public static void main(String[] args)   
                  {  
                       //Hello World Program  
                       System.out.println("Hello World Again");  
                       //Hello World Output - Spaces within the braces  
                       System.out.println( "Hello World before Space in braces");  
                       //Hello World Output - Spaces outside the spaces  
                       System.out.println("Hello world before space outside braces") ;  
                       //Hello World Output - New Line and Spaces within the braces  
                       System.out.println(  
                                 "Hello  World"  
                                 );  
                       //Commenting out the program.  
                       //System.out.println("Hello World Last Time");  
                  }  
             }  
            

          • Run the program from Eclipse

          • Run the Program from Command Line.

          Step 1: Compilation of Java Code. - Successful.
          Compiled without any errors.

          Step 2: Running the Program.
          Error: Could not find or load main class HelloWorld.

          Tried different ways to make it correct. But after few minutes, with help of stackoverflow. Performed Step 3.

          Step 3: Running the Program.
          D:> java -cp . HelloWorld

          -cp . means referring current classpath.

          Program ran successfully and displayed the Output.


          Subject:  Search Engine Optimization

          Topic:  SEO URL's (Mobile Site vs Desktop Site)

          If you have separate mobile site vs actual desktop site. To know, if mobile site hides any links.

          We have a website, which can traverse and displays results.






          If we do not have separate sites for mobile vs desktop. Even then you can search the Website URL to see the URL Links on the site.

          Testing Point of View: Understand and find out URL's which seems to be improper and does not comply with SEO Standards.

          Posted in , , | Leave a comment

          Learning Something New: 08/07/2018 - 09/07/2018

          Learn Something New Every Day (And Actually Do Something With It)




          Subject: Java Fundamentals

          Topics:

          1. What is Java
          2. JRE vs JDK 
          3. Installation of Java
          4. How Java code converts to Class File
          5. What is IDE
          6. Popular IDE's available
            • NetBeans
            • Eclipse
            • IntelliJ Idea


          Subject: Web Application Security

          Topics:

          1.  Different Security Attacks
            • Network Firewalls
            • Web Applications
          2. Popular Web Application Security Attacks
            1. SQL Injection
            2. Cross-Site Scripting
          3. What is Server Firewall
            1. Advantages of Firewall
            2. Can Firewall protect the web applications?
            3. Can we close with Firewall to access the web application.
              1. Does it impact end users?
          4. Can Network defenses like firewall, keep attackers out and make the web applications safe?

          Posted in , , | Leave a comment

          TestingDriveThru: Challenge from last week - Comparing two large text or excel files

          TestingDriveThru: Challenge from last week and How I dealt with it.

          Challenge: Comparing two text or excel files


          Initially, the challenge does look like simpler to read. 
          But the challenging part is to Comparing Huge File which contains records more than 100k.

          I was advised to use Araxis Merge. It is a Desktop App.
          It has 30-day trial version and Commercial Version.
          https://www.araxis.com/merge/index.en 

          This is very simple tool. Easy to install in few steps.

          Tool is self-explanatory. We just need to explore the options to try out.

          When we Open the desktop the Araxis Merge. We see two split windows, to compare two files.

          Note: We can compare 3 files also.






          We can drag and drop the files into Text Comparison 1 and Text Comparison 2




          Araxis Automatically compares the files. The Non-Matching text will be highlighted between two files.

          We can generate the report of comparison. By clicking on the Report Option.





          And it generates HTML Report:

          It is simple to do and use in quick way.

          Posted in | Leave a comment

          TestingDriveThru: Challenge from last week - Count No.of Commas in excel column values

          TestingDriveThru: Challenge from last week and How I dealt with it.

          Challenge: Count No.of Commas in excel column values

          Initially, the challenge does look like simpler. But the challenging part is to count commas if the column values contains more than 500+ commas.




          So, I have used excel formula: Which can calculate no. of commas in the column value.

          Excel Formula:  =LEN(A1)-LEN(SUBSTITUTE(A1,",","")) 




          Posted in | Leave a comment

          TestingDriveThru: Challenge from last week - Finding Old site url's on google search after new site is launched.

          TestingDriveThru: Challenge from last week and How I dealt with it.


          Challenge: Finding Old site URL's on google search after New site is launched.

          • Most of the times, when a new or redesigned site is launched, the old site URL's still remains on the google web search
          • Problem: If URL re-directions are not specified to the URL's displaying on google search, when a user clicks on the old site URL , It redirects to Blank/No content available pages.
          • This can reduce the Google page ranking or loss of ranking for the site.

          • Challenge: When the customer is not aware of the URL Re-directions to be done, Be proactive to find out the Old site URL's and inform the stakeholders to get the re-directions to them.
          •  How to Find:
            • Go to google search
            • Enter as -  site:svit.ac.in
            • This displays results of site urls starting with svit.ac.in
          • Challenge: Ok, we found the results. But how can we extract all these urls to a file ?
          • How can we do ?

            • Install the ginfinity plugin for Chrome. This will un-restrict the number of search results per page by seamlessly appending the next page of search results to the current list.
            • Drag and Drop Chris Ainsworth’s Extractor ‘bookmarklet’ http://www.chrisains.com/seo-tools/extract-urls-from-web-serps/  on bookmark bar.
            • Navigate to google search results of site:svit.ac.in
            • Then click on settings of google search 
            • Then click on Search settings
            • Then increase the results per page = 100


            • Then scroll down  the search results of :  site:svit.ac.in
            • Using ginfinity, it shows all pages results in a single page

            • Then click on Google SERP's Extractor Bookmark
          It lists all the URL's and Anchor text for the results listed.


          Now, we can copy the URL's from the results list.

          Posted in | Leave a comment

          TestingDriveThru: Challenge from last week - Finding Zero Kb files from the files directory

          TestingDriveThru: Challenge from last week and How I dealt with it.


          Challenge: Finding Zero Kb files from the files directory

          • Windows+R = Run : Enter "Powershell" and Hit Enter
          • It opens the Powershell
          • It shows Current directory: PS C:\Users\srinivas.kadiyala>
          • Navigate to the directory where files are stored and where we want to find Zero Kb Files.
          • Use command: CD C:\Users\srinivas.kadiyala\Downloads\FolderTest\   and Hit Enter
          • Now Current directory will be: C:\Users\srinivas.kadiyala\Downloads\FolderTest>
          • Now copy the below script and Hit Enter:
          Below scripts helps you to find files with zero file size.
          • Get-Childitem -Recurse | foreach-object {
             if(!$_.PSIsContainer -and $_.length -eq 0) {
             write-host (“{0} -> {1}” -f $_.FullName, $_.Length)
             }
            }

          Result: It will display files which has 0kb.
          C:\Users\srinivas.kadiyala\Downloads\FolderTest>DocumentTest.docx -> 0

          This can reduce the testing time.

          Posted in | Leave a comment