Archive for 2018

Learning Something New: 06/08/2018

                                     What have I enjoyed today?

1. Took a new approach to test a case at work. Found defects in the application.
2. Started learning about Web Application Security Testing

                                       What have I learned today?

1.  Started learning about a Tool: Burp Suite. Lessons from @SunnyWear
2.  What is meant by Proxy?
3.  How Burp Suite tool interacts between Browser and Application.
2.  Task: Configuring the browser to use Burp Suite as local proxy.
3.  Task: Did a Automated Web Spidering on a website using the Burp Suite.
4.  Task: Reviewing the site map generated by Burp Suite.
5.  Task: Reviewing the content which site map has discovered.

Posted in , | Leave a comment

Learning Something New: 20/07/2018

Allow nothing or no one to slow your pace or affect your energy; stay consistently flowing, forever growing.

Subject: Java Fundamentals

  1. Arithmetic Operators
    • Basic Operators: + - * / %
    • Prefix/Post fix Operators:  ++  --
    • Compound/Assignment Operators:  +=  -=   /=   *=   %=
  2. Basic Operators Example:
 public class BasicOperators {  
      public static void main(String[] args) {  
            * Floating Point Examples  
           //Addition of two variables  
           float valAddA = 1.0f;  
           float valAddB = 2.0f;  
           System.out.println("valAddA + valAddB: " + (valAddA + valAddB));  
           //Subtraction of two variables  
           float valSubA = 5.0f;  
           float valSubB = 4.0f;  
           System.out.println("valSubA - valSubB: " + (valSubA - valSubB));  
           //Multiplication of two variables  
           float valMulA = 4.0f;  
           float valMulB = 2.0f;  
           System.out.println("valMulA * valMulB: " + (valMulA * valMulB));  
           //Division of two variables  
           float valDivA = 13.0f;  
           float valDivB = 5.0f;  
           System.out.println("ValDivA / ValDivB: " + (valDivA / valDivB));  
           //Modulus of two variables  
           float valModA = 13.0f;  
           float valModB = 5.0f;  
           System.out.println("valModA % valModB: " + (valModA % valModB));  
            * Integer Examples  
           //Addition of two variables  
           int valAddAB = 1;  
           int valAddBA = 2;  
           System.out.println("valAddAB + valAddBA: " + (valAddAB + valAddBA));  
           //Subtraction of two variables  
           float valSubAB = 5;  
           float valSubBA = 4;  
           System.out.println("valSubAB - valSubBA: " + (valSubAB - valSubBA));  
           //Multiplication of two variables  
           int valMulAB = 4;  
           int valMulBA = 2;  
           System.out.println("valMulAB * valMulBA: " + (valMulAB * valMulBA));  
           //Division of two variables  
           int valDivAB = 13;  
           int valDivBA = 5;  
           System.out.println("ValDivAB / ValDivBA: " + (valDivAB / valDivBA));  
           //Modulus of two variables  
           int valModAB = 13;  
           int valModBA = 5;  
           System.out.println("valModAB % valModBA: " + (valModAB % valModBA));  

valAddA + valAddB: 3.0
valSubA - valSubB: 1.0
valMulA * valMulB: 8.0
ValDivA / ValDivB: 2.6
valModA % valModB: 3.0
valAddAB + valAddBA: 3
valSubAB - valSubBA: 1.0
valMulAB * valMulBA: 8
ValDivAB / ValDivBA: 2
valModAB % valModBA: 3

Subject: Web Application Security


  1. Owasp #6: Unvalidated forwards and Redirects
    • Example: When an attacker sends you a link, with malicious site embedded in URL to redirect.
    • You might follow the link and use the web application after login, without looking at the URL and page redirecting to, where resembles the
    • This is also referred as Open redirect vulnerabilities

Posted in , , | Leave a comment

Learning Something New: 19/07/2018

An investment in knowledge pays the best interest.

Subject: Web Testing 101 - How to test World Wide Web

  1. HTML <input> readonly Attribute
The readonly attribute is a boolean attribute.

When present, it specifies that an input field is read-only.

A read-only input field cannot be modified (however, a user can tab to it, highlight it, and copy the text from it).

The readonly attribute can be set to keep a user from changing the value until some other conditions have been met (like selecting a checkbox, etc.). Then, a JavaScript can remove the readonly value, and make the input field editable.

 <!DOCTYPE html>  
 <form action="/action_page.php">  
  Email: <input type="text" name="email"><br>  
  Country: <input type="text" name="country" value="Norway" readonly="readönly"><br>  
  <input type="submit" value="Submit">  

When any application shows: read-only attribute field.

Perform below steps.

a. Open chrome web developer tools 
b. Right-click on the button you want to test, and click "Inspect".  
c. In the developer tools panel, you will now see the html for that field highlighted.
d. Right-click on that highlighted text and choose "Edit as HTML".  An editable text window will open up.  
e. If you see text such as readonly="readonly" delete the attribute.  
f. Click away from the editable field, and see if your button is now enabled. 
g. If it is, click on it, update the values and see what happens in the database.

A note on Security, It's important to remind that even using readonly attribute, you should never trust user input which includes form submissions. Because, it can still be modified with Firebug, DOM Inspector, etc, or they can just submit a HTTP request without using the browser at all. 
Validate to check if there are client Side and Server Side Validations.
Or Provide only the text value of email address.

Posted in , | Leave a comment

Learning Something New: 18/07/2018

“When we compare ourselves to others, we reject ourselves. In the moment, we’re defined by that breadth of comparison rather than the extraordinary uniqueness that makes us who we are.”.

Subject: Java Fundamentals

    1. Primitive Data Types for Variables
      • Integer
      • Floating
      • Character
      • Boolean
    2. Data Types - Size in Bits - Min Value - Max Value - Literal Format
    3. Integer Types:
      • long type: uses literal formal 'L'
    4. Floating Types:
      • float type: uses literal format 'f'
      • double type: uses literal format 'd'
    5. Character Types:
      • Literal values are stored in single quotes.
      • Also stores unicode characters.
    6. Boolean Types:
      • Stores either True or False
    7. Primitive Data Types are stored by Value.

    Subject: Web Testing 101 - How to test World Wide Web

    1. ID Elements on Web:
      • Most of the Web applications, I see there are errors in console. 
      • Typical ones are Same Element Id is used twice. I learnt myself, that there should be unique id's instead of duplicate element ids.

    [DOM] Found 2 elements with non-unique id #priceVal_1412: 
    <input type=​"hidden" id=​"priceVal_1412" value=​"20.7">​ 
    <input type=​"hidden" id=​"priceVal_1412" value=​"17.57"> 

    Albert Gareev mentions: That will also impact accessibility. Screen readers rely on id to describe relationships; for example, edit box and its label.

    Follow HTML guidelines

    Web browsers are designed with the HTML specification in mind, and going against it can lead to unexpected issues with your web page. This means:
    Element id attributes should be unique: no two elements should have the same id.


    Posted in , , | Leave a comment

    Learning Something New: 17/07/2018

    "It always seems impossible until it's done."

    Subject: Java Fundamentals

    1. Variables
    2. Declaration of Variables
    3. Assignment of Values to Variables
    4. Variables = Ability to store and manipulate values (Named Data Storage)
    5. Declaration and Assignment of Values in a single statement
    6. Naming Variables
      • Combination of Rules and Conventions.
      • Rules: Allows use of letters, numbers, $ and underscore
      • Convention: Only letters and numbers are used.
      • Rules: First character is not a number
      • Convention: First character is always a letter
      • Convention: Follow "Camel Casing"
        • First letter is lowerCase
        • Start of each word after first is UpperCase
        • All other letters are lower case.
    7. We can assign a value to variable and later modify it to other.
    8. Local Variables: 
      • Variables declared inside the main method
     public class Variables {  
          public static void main(String[] args) {  
                * Declaring only the local variable and printing the variable.  
                * int myVar;  
                * System.out.println(myVar);  
                * Error during compilation:  
                * Exception in thread "main" java.lang.Error: Unresolved compilation problem:   
                * The local variable myVar may not have been initialized  
                * at Variables.main(  
               int myVar; //Declaring the local variable  
               myVar = 50; //Assigning the value to local variable  
               System.out.println("myVar=" + myVar);  
               int anotherVar = 100; //Declaring and assigning another local variable  
               System.out.println("anotherVar=" + anotherVar);  
               myVar = anotherVar ; //Assigning copy of value of anotherVar to myVar  
               System.out.println("myVar=" + myVar);  
               System.out.println("anotherVar=" + anotherVar);  
               anotherVar=200; //Assigning another value to anotherVar. As it is already declared earlier.  
               System.out.println("myVar=" + myVar);  
               System.out.println("anotherVar=" + anotherVar);  

      Subject: Web Application Security


      1. OWASP - #4: Insecure Cryptographic Storage
        • When you register a user, find out how the passwords are stored in application.
        • If it is Plain text, then it is leads to security vulnerability.
        • Passwords should never be stored in unencrypted format: plain text on server.
        • Better way is to store using one-way cryptographic hash of user's password.
        • While logging to the application, Password is computed with hash function and compares the hashed password with stored hash password. If both matches, Login is granted.
        • Benefits: Only one-way hash, cannot compute the string from hash.
        • Hash Functions: SHA-1 , SHA-512 etc.
        • More better way to secure is: Adding Salt (Random text) to the password, before computing the hash function. This maximizes the password cryptography.
        • Without Salt, when user creates a password as "Hello" and another user creates the same password as "Hello". When they are computed through Hash function. Both Hashed Passwords will be same.
        • Reference: Web Application Security - What Testers can do.
      2. OWASP - #5: Failure to Restrict URL Access
        • Keep unauthorized users out of access of modules from UI Navigation and By URL.

      Posted in , , | Leave a comment

      Learning Something New: 16/07/2018

      "Be more consistent than everyone around you and you will win

      Subject: Web Application Security

      1. OWASP - #1: Broken Authentication and Session Management
        • What is HTTP
        • How web server communicates with web application
        • What is meant by Stateless protocol.
        • What is Session Identifier (ID)
        • Why do web applications use Session ID
        • Identify the pattern of Session ID's in your application.
        • Is your session ID displaying in the URL of the web aplication?
          • Can anyone use the same URL and impersonate the session

      Subject: Accessibility Testing

      1. Tool used to evaluate the web application for Accessibility.
          • WAVE -
      2. Understanding the tool, how it works.

      Exercise: Enter the URL of the website and Hit Enter.
      Summary will display errors, warnings, information etc.

          Posted in , , | Leave a comment

          Learning Something New: 12/07/2018

          "You learn more from losing than winning. You learn how to keep going. Think Beyond Winning and Losing" 

          Subject: Web Application Security

          1. OWASP - #1: Injection
            • What is Injection
            • How attacker injects the code into web application
            • Different types of Injection Attacks
              • SQL Injection
              • XPATH/XQuery Injection
              • LDAP Injection
              • Command Injection
          2. OWASP - #2: Cross - Site Scripting (XSS)
            • What is Cross-Site Scripting
            • How attacker injects the code into web application
            • What happens when attacker injects the code

          Subject: Accessibility Testing


          1. Learning about Diversity of Disabilities
          2. Different Disabilities:
            • Visual
            • Auditory
            • Physical
            • Cognitive
            • Learning
            • Emotional
          3. Definition: A disability is defined as a physical or mental impairment that substantially limits one or more major life activities. Specifically, a qualified individual with a disability is someone who can perform the essential functions of the job with or without reasonable accommodation.

          Posted in , , | Leave a comment

          Learning Something New: 11/07/2018

          "Move out of your comfort zone. You can only grow if you are willing to feel awkward and uncomfortable when you try something new."

          Subject: Java Fundamentals

          1. Statements Structure
            • Statements ends with semicolon.
            • Usage of Comments in code
            • Types of Comments
              • Line Comments
              • Block Comments
              • Java Doc Comments
          3. What is package
          4. Package Naming Conventions
            • Example: package com.strls.testing.learnjava
          5. Correlation between package names and Source file structure.
          6. Before adding package name to the java file. Structure of Folders in IDE.
            • src ->
          7. After adding package name to java file. Structure of Folders in IDE.
            • src -> com -> strls -> testing -> learnjava -> HelloWorldOrganized ->
           package com.strls.testing.learnjava;  
           public class HelloOrganized {  
           public static void main(String[] args) {  
                System.out.println("Hello Get Organized");  

          Subject: Web Application Security

          1. OWASP - Open Web Application Security Project ( - open source project with goal of improving web application security.
          2. OWASP Top 10 is popular list, which ranks the most risks to the low risk.
          3. Download the List from below link.

          Do Not Think as an Attacker, When you are not an Attacker. Learn about security principles , that can help you as a Defender.

          Posted in , , | Leave a comment

          Learning Something New: 10/07/2018

          If you learn something new every day, you can teach something new every day.

          Image result for time machine

          Subject: Java Fundamentals


          • Verifying Java JDK installation is correct or not from command line.

          • Installation of Eclipse IDE
          • Creating a Simple Java Application. (Hello World Program)
          •  /**  
              * This class implements the HelloWorld program  
              * @author srinivas.kadiyala  
              * @version 1.0  
             public class HelloWorld {  
                   * Using comments in HelloWorld  
                  public static void main(String[] args)   
                       //Hello World Program  
                       System.out.println("Hello World Again");  
                       //Hello World Output - Spaces within the braces  
                       System.out.println( "Hello World before Space in braces");  
                       //Hello World Output - Spaces outside the spaces  
                       System.out.println("Hello world before space outside braces") ;  
                       //Hello World Output - New Line and Spaces within the braces  
                                 "Hello  World"  
                       //Commenting out the program.  
                       //System.out.println("Hello World Last Time");  

          • Run the program from Eclipse

          • Run the Program from Command Line.

          Step 1: Compilation of Java Code. - Successful.
          Compiled without any errors.

          Step 2: Running the Program.
          Error: Could not find or load main class HelloWorld.

          Tried different ways to make it correct. But after few minutes, with help of stackoverflow. Performed Step 3.

          Step 3: Running the Program.
          D:> java -cp . HelloWorld

          -cp . means referring current classpath.

          Program ran successfully and displayed the Output.

          Subject:  Search Engine Optimization

          Topic:  SEO URL's (Mobile Site vs Desktop Site)

          If you have separate mobile site vs actual desktop site. To know, if mobile site hides any links.

          We have a website, which can traverse and displays results.

          If we do not have separate sites for mobile vs desktop. Even then you can search the Website URL to see the URL Links on the site.

          Testing Point of View: Understand and find out URL's which seems to be improper and does not comply with SEO Standards.

          Posted in , , | Leave a comment

          Learning Something New: 08/07/2018 - 09/07/2018

          Learn Something New Every Day (And Actually Do Something With It)

          Subject: Java Fundamentals


          1. What is Java
          2. JRE vs JDK 
          3. Installation of Java
          4. How Java code converts to Class File
          5. What is IDE
          6. Popular IDE's available
            • NetBeans
            • Eclipse
            • IntelliJ Idea

          Subject: Web Application Security


          1.  Different Security Attacks
            • Network Firewalls
            • Web Applications
          2. Popular Web Application Security Attacks
            1. SQL Injection
            2. Cross-Site Scripting
          3. What is Server Firewall
            1. Advantages of Firewall
            2. Can Firewall protect the web applications?
            3. Can we close with Firewall to access the web application.
              1. Does it impact end users?
          4. Can Network defenses like firewall, keep attackers out and make the web applications safe?

          Posted in , , | Leave a comment

          TestingDriveThru: Challenge from last week - Comparing two large text or excel files

          TestingDriveThru: Challenge from last week and How I dealt with it.

          Challenge: Comparing two text or excel files

          Initially, the challenge does look like simpler to read. 
          But the challenging part is to Comparing Huge File which contains records more than 100k.

          I was advised to use Araxis Merge. It is a Desktop App.
          It has 30-day trial version and Commercial Version.

          This is very simple tool. Easy to install in few steps.

          Tool is self-explanatory. We just need to explore the options to try out.

          When we Open the desktop the Araxis Merge. We see two split windows, to compare two files.

          Note: We can compare 3 files also.

          We can drag and drop the files into Text Comparison 1 and Text Comparison 2

          Araxis Automatically compares the files. The Non-Matching text will be highlighted between two files.

          We can generate the report of comparison. By clicking on the Report Option.

          And it generates HTML Report:

          It is simple to do and use in quick way.

          Posted in | Leave a comment

          TestingDriveThru: Challenge from last week - Count No.of Commas in excel column values

          TestingDriveThru: Challenge from last week and How I dealt with it.

          Challenge: Count No.of Commas in excel column values

          Initially, the challenge does look like simpler. But the challenging part is to count commas if the column values contains more than 500+ commas.

          So, I have used excel formula: Which can calculate no. of commas in the column value.

          Excel Formula:  =LEN(A1)-LEN(SUBSTITUTE(A1,",","")) 

          Posted in | Leave a comment

          TestingDriveThru: Challenge from last week - Finding Old site url's on google search after new site is launched.

          TestingDriveThru: Challenge from last week and How I dealt with it.

          Challenge: Finding Old site URL's on google search after New site is launched.

          • Most of the times, when a new or redesigned site is launched, the old site URL's still remains on the google web search
          • Problem: If URL re-directions are not specified to the URL's displaying on google search, when a user clicks on the old site URL , It redirects to Blank/No content available pages.
          • This can reduce the Google page ranking or loss of ranking for the site.

          • Challenge: When the customer is not aware of the URL Re-directions to be done, Be proactive to find out the Old site URL's and inform the stakeholders to get the re-directions to them.
          •  How to Find:
            • Go to google search
            • Enter as -
            • This displays results of site urls starting with
          • Challenge: Ok, we found the results. But how can we extract all these urls to a file ?
          • How can we do ?

            • Install the ginfinity plugin for Chrome. This will un-restrict the number of search results per page by seamlessly appending the next page of search results to the current list.
            • Drag and Drop Chris Ainsworth’s Extractor ‘bookmarklet’  on bookmark bar.
            • Navigate to google search results of
            • Then click on settings of google search 
            • Then click on Search settings
            • Then increase the results per page = 100

            • Then scroll down  the search results of :
            • Using ginfinity, it shows all pages results in a single page

            • Then click on Google SERP's Extractor Bookmark
          It lists all the URL's and Anchor text for the results listed.

          Now, we can copy the URL's from the results list.

          Posted in | Leave a comment

          TestingDriveThru: Challenge from last week - Finding Zero Kb files from the files directory

          TestingDriveThru: Challenge from last week and How I dealt with it.

          Challenge: Finding Zero Kb files from the files directory

          • Windows+R = Run : Enter "Powershell" and Hit Enter
          • It opens the Powershell
          • It shows Current directory: PS C:\Users\srinivas.kadiyala>
          • Navigate to the directory where files are stored and where we want to find Zero Kb Files.
          • Use command: CD C:\Users\srinivas.kadiyala\Downloads\FolderTest\   and Hit Enter
          • Now Current directory will be: C:\Users\srinivas.kadiyala\Downloads\FolderTest>
          • Now copy the below script and Hit Enter:
          Below scripts helps you to find files with zero file size.
          • Get-Childitem -Recurse | foreach-object {
             if(!$_.PSIsContainer -and $_.length -eq 0) {
             write-host (“{0} -> {1}” -f $_.FullName, $_.Length)

          Result: It will display files which has 0kb.
          C:\Users\srinivas.kadiyala\Downloads\FolderTest>DocumentTest.docx -> 0

          This can reduce the testing time.

          Posted in | Leave a comment