Archive for 2019

Lessons Learned about Availability Zones

Understanding How AWS is Physically Set Up



For the latest on AWS Infrastructure, see: https://aws.amazon.com/about-aws/global-infrastructure/


This tells us about how physically AWS is set up across the globe.





In this map, it shows AWS Regions and few upcoming regions.


What is AWS Region?
Each region is a geographical area that is the collection of availability zones and data centers.



The AWS Regions are kept across the world, where data transmission from the physical device would take less time and to provide the best performance to the customers.


There are some consumer-based regions and government based regions (GovCloud).


What is an Availability Zone?
Availability Zone is a geographical physical location that holds an AWS data center.


This is where physical hardware is present and any data that is stored in AWS will be located here.


Why Multiple Availability Zones?
Considering the High Availability and Fault Tolerance, if there is any natural disaster in one of the availability zones data center. 


For redundancy, Most of the data files are backed up in the other two availability zones. As long as the entire Region is not knocked out, we should be able to access the files or data stored in AWS.


Within the datacenters, we have AWS Resources like S3 Bucket connected with EC2 Instances, etc.




For each Amazon Region, there is an End-Point.





More Information:  
https://docs.aws.amazon.com/en_pv/general/latest/gr/rande.html#endpoint-tables
Now, Find out your AWS Region and No. of Availability Zones in your Continuous Deployment Tool/Project.

Posted in | Leave a comment

Lessons Learned about Cloud

What is Cloud?
Think about like a Computer, which has a storage or processing power 
and utilizing it, Which is present somewhere and 
can be connected by Internet Connection.

In Reality, It is not just one computer. 
It’s more like datacenters having server computers that we would be utilizing.
Example: Dropbox, iCloud, Amazon Web Services.

Why do we use Cloud?
Files that we upload to DropBox/iCloud are going to stored on Server Computers, 
which is one of the racks in the datacenter.

What are the Benefits of using the Cloud?
Common Personal Uses: 
Storing the data in Cloud, Backups, Sharing across different devices 
(Home Computer, Mobile Devices, Work Computer) and access from different devices.

Common Enterprise Uses:
On-Premises Data Center: Costly, Takes time for Process of ordering, Installation, 
Test them up, Install Operating Systems, Softwares and get them all Up and Running.
Disadvantages: Money is wasted if the resources and servers are not used.

Now, Cloud Services Solves the Problem:
As the user base increases, Cloud Service Providers automatically and instantly add servers any time without estimation of growth within 2 minutes with software 
and up and running. When User base drops, Cloud Service Providers decommission the server and the company is no longer charged for the unused server. (On-Demand Basis)
I had worked on projects, where there was a migration from data centers to Google Cloud.
Now, I understand what is the purpose of having projects on the cloud.

Image result for what is cloud technology

Posted in | Leave a comment

Cloud Platform Solutions and Service Status

Recently, I have started learning about Cloud Platforms and AWS Services.

As Cloud was compared with a computer/server and Cloud Services is a rapid growth market. 

I was thinking "What if the Cloud Applications experiences the issue? How would users get to know?" 

Cloud Solutions provider and Platforms



Found below details for Google Cloud and Amazon Cloud Services, which are Top 2 Cloud Platform Solutions:





Google Cloud Platform:
This page provides status information on the services that are part of the Google Cloud Platform.
https://status.cloud.google.com/

AWS Service Health Dashboard:

This page provides status information on the services that are part of the AWS Cloud Platform.

https://status.aws.amazon.com

Posted in | Leave a comment

1st Anniversary with Moolya Software Testing

Exactly during July 2018, I had decided to look for new opportunities after a long sprint working with Unilog Content Solutions, Mysore.

I messaged Ajay Balamurugadas asking "What to do" and "Why I am looking for".

Then I have been introduced to other friends and was going through the interview process.

Finally, the day came when I was interviewed at Moolya.
And I got an offer in hand on 9th August 2018 and Joined Moolya on 20th September 2018.

It was not an easy decision to move from Mysore to Bangalore.
My wife was supportive of this decision and then family members (from both sides).

Only advice received from Ajay before I joined
"Relax. Think It's your first Job with experience of all these Jobs."


Let me wrap the One year Journey in Six points:

Excitement: I was excited to Join Moolya, As how a fresher would join a new company. I am still excited to go to work every day.

Highlighting: I never met Pradeep Soundararajan and Dhanasekar before, but read their notes and articles. It was good to meet them in person.

Challenges: I was asked before looking for jobs, "Are you challenged at your work? Did you test more complex projects than at your workplace"
I am thankful, for the opportunity provided at Moolya Project. 
I felt working on Challenging Complex domain project helped me to recognize the strengths and weakness of my testing/technology aspects.

Learning: I am thankful to my colleagues, developers and other stakeholders on the project, as they helped me to learn new things. I started to make notes of every day and to see where to improve in my current work. As after every sprint ticket, I make notes "What I could do better" and try to learn from other good practices. Learning about "Mindmapping, Exploratory Testing, and Session-Based Test Management" and Practicing on a legacy product.
Got an opportunity to attend "Leadership Workshop with Pradeep" and Learn from it.

Moving to Bangalore also helped me to attend testing events (meetups) and learn and meet from people.

Fun and Happiness: I had got the opportunity to travel outside India (London, UK) for the first time. And received the first award in Moolya as "Rising Star - Exploratory Tester". It added more responsibility under my belt 😇
It is always fun working with people. Something changed in my life "Smile".

Expectations: I joined with one expectation that "I should learn something new here and continue to provide value from my work" and Learn from Mistakes. 

Thank you Moolya 😊




       Need Testing Help?        Visit: Moolya Software Testing

Posted in | Leave a comment

Keep your Test Data Handy for Testing

Before you start testing during test ideas session or design review session, you might have encountered some test data related information which needs to be tested on the web application.


Now, we have a tool that can help us to update our test data and keep it handy forever.


It's an elegant chrome extension written by Gojko Adzic that gives you ready access to common test inputs for form fields and you can customize the menus with your own test data.

Adds common problematic values and edge cases to the context menu (right-click) for editable elements, so you can keep them handy and access them easily during exploratory testing sessions.


Get the Bug Magnet Now! ... Happy Testing!

Posted in | Leave a comment

Identify Web Technologies used on the Websites

Have you encountered a situation, where you have to test and would like to know about web technologies used on the website?
The Easiest way is to install the Chrome Extension: Wappalyzer.
https://chrome.google.com/webstore/detail/wappalyzer/gppongmhjkpfnbhagpmjfkannfbllamg?hl=en

Wappalyzer is a cross-platform utility that uncovers the technologies used on websites. It detects content management systems, e-commerce platforms, web frameworks, server software, analytics tools and many more.
How it works
1. Navigate to any website
2. The Wappalyzer icon changes to show the main technology that's in use
3. Click the icon for the full list of identified software







Click the application names in the list for additional information





When I read security research news about a framework has a vulnerability and have to update with the latest version. 



I have used this chrome extension to find out if we are using the framework on the website. This helps for a tester who is not having access to the code or details about Platform of the web application.

Posted in | Leave a comment

Identify the font details of Web Pages on Chrome

Usually, we use "Chrome Web Developer Tools" or "Firefox Web Developer Tools" to inspect the element on the web page and identify the element details such as "Fonts, Color etc".



But, How can we find out the fonts used in a webpage easier way?

1. Install the Chrome Extension - WhatFont
https://chrome.google.com/webstore/detail/whatfont/jabopobgcpjmedljpbcaablpmlmfcogm?hl=en

2. Click on "WhatFont" Chrome Extension

3. Then Click on the Element on the webpage

It tells about the Font Family, Font Style, Size, Color etc.


I have used this tool majorly for testing the web applications, especially to confirm webpages are built in accordance to designs provided by client.

Posted in | Leave a comment

Capture a full size screenshot on Chrome

Usually, We take a screenshot of a page by pressing "PrtSc" keyboard option for Print Screen and Save it as Image. But it captures only visible screen size on the web page.

How can we take a whole page screenshot on Chrome? It's easy.

1.  Open the Chrome Developer Tool

Command: CTRL  + SHIFT + I

2. Then Go to Console Panel

3. Then Type Command: CTRL + SHIFT + P

4. Then Type: full

You'll see Capture full-Size Screenshot
and just push Enter Key

5. .png file is automatically downloaded with Full-Size Screenshot of a webpage.


Posted in | Leave a comment

Web Application Security - 2018

Subject: Web Application Security

Topics:

  1.  Different Security Attacks
    • Network Firewalls
    • Web Applications
  2. Popular Web Application Security Attacks
    1. SQL Injection
    2. Cross-Site Scripting
  3. What is Server Firewall
    1. Advantages of Firewall
    2. Can Firewall protect the web applications?
    3. Can we close with Firewall to access the web application.
      1. Does it impact end users?
  4. Can Network defenses like firewall, keep attackers out and make the web applications safe?

Posted in | Leave a comment

Web Application Security - 2018

Subject: Web Application Security

Topics:

  1. Owasp #6: Unvalidated forwards and Redirects
    • Example: When an attacker sends you a link, with malicious site embedded in URL to redirect.
    • www.mysite.com/login?page=www.hackersite.co.au
    • You might follow the link and use the web application after login, without looking at the URL and page redirecting to, where hackersite.co.au resembles the mysite.com
    • This is also referred as Open redirect vulnerabilities

Posted in | Leave a comment

Web Testing 101 - How to test World Wide Web - 2018

Subject: Web Testing 101 - How to test World Wide Web

Topics:

  1. ID Elements on Web:
    • Most of the Web applications, I see there are errors in console. 
    • Typical ones are Same Element Id is used twice. I learnt myself, that there should be unique id's instead of duplicate element ids.

[DOM] Found 2 elements with non-unique id #priceVal_1412: 
<input type=​"hidden" id=​"priceVal_1412" value=​"20.7">​ 
<input type=​"hidden" id=​"priceVal_1412" value=​"17.57"> 

Albert Gareev mentions: That will also impact accessibility. Screen readers rely on id to describe relationships; for example, edit box and its label.


Follow HTML guidelines

Web browsers are designed with the HTML specification in mind, and going against it can lead to unexpected issues with your web page. This means:
Element id attributes should be unique: no two elements should have the same id.


References: https://www.chromium.org/developers/design-documents/create-amazing-password-forms

Posted in | Leave a comment

Web Application Security - 2018

Subject: Web Application Security

Topics:


  1. OWASP - #4: Insecure Cryptographic Storage
    • When you register a user, find out how the passwords are stored in application.
    • If it is Plain text, then it is leads to security vulnerability.
    • Passwords should never be stored in unencrypted format: plain text on server.
    • Better way is to store using one-way cryptographic hash of user's password.
    • While logging to the application, Password is computed with hash function and compares the hashed password with stored hash password. If both matches, Login is granted.
    • Benefits: Only one-way hash, cannot compute the string from hash.
    • Hash Functions: SHA-1 , SHA-512 etc.
    • More better way to secure is: Adding Salt (Random text) to the password, before computing the hash function. This maximizes the password cryptography.
    • Without Salt, when user creates a password as "Hello" and another user creates the same password as "Hello". When they are computed through Hash function. Both Hashed Passwords will be same.
    • Reference: Web Application Security - What Testers can do.
  2. OWASP - #5: Failure to Restrict URL Access
    • Keep unauthorized users out of access of modules from UI Navigation and By URL.

Posted in | Leave a comment

Accessibility Testing - 2018

Subject: Accessibility Testing

Topics:
  1. The tool used to evaluate the web application for Accessibility.
      • WAVE - http://wave.webaim.org/
  2. Understanding the tool, how it works.


Exercise: Enter the URL of the website and Hit Enter.
The summary will display errors, warnings, information, etc.


Posted in | Leave a comment

Accessibility Testing - 2018

Subject: Accessibility Testing


Topics:

  1. Learning about Diversity of Disabilities
  2. Different Disabilities:
    • Visual
    • Auditory
    • Physical
    • Cognitive
    • Learning
    • Emotional
  3. Definition: A disability is defined as a physical or mental impairment that substantially limits one or more major life activities. Specifically, a qualified individual with a disability is someone who can perform the essential functions of the job with or without reasonable accommodation.

Posted in | Leave a comment

Web Application Security - 2018

Subject: Web Application Security

Topics:
  1. OWASP - Open Web Application Security Project (www.owasp.org) - open source project with goal of improving web application security.
  2. OWASP Top 10 is popular list, which ranks the most risks to the low risk.
  3. Download the List from below link.
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project  

Do Not Think as an Attacker, When you are not an Attacker. Learn about security principles , that can help you as a Defender.

Posted in | Leave a comment

Search Engine Optimization - 2018

Subject:  Search Engine Optimization

Topic:  SEO URL's (Mobile Site vs Desktop Site)

If you have separate mobile site vs actual desktop site. To know, if mobile site hides any links.

We have a website, which can traverse and displays results.






If we do not have separate sites for mobile vs desktop. Even then you can search the Website URL to see the URL Links on the site.

Testing Point of View: Understand and find out URL's which seems to be improper and does not comply with SEO Standards.

Posted in | Leave a comment

My Approach to Regression Testing - R3C'sFI

I have done a fair amount of regression testing. And Sometimes I used to think "Oh..Again!"

But I gained knowledge based on the experience - "When to Perform" and "What to Perform" Regression Testing.


When do we do Regression Testing?


  1. Defect Fixes
  2. Performance or Security Issue Fixes on Code
  3. New Features Added 
  4. Optimization of Existing Features 
  5. Any changes in Integration Systems (Example: Payment Gateway System Software Upgraded from Version 1.0 to 2.0)
  6. Server Related Updates (Example: Movement of Application from Hosted Server Systems to Google Cloud)
  7. Software Version Updates (Example: Java Updates or JS Updates)

What to Perform as Regression Testing?
  1. Testing the Recent Code Changes  -- R
  2. Testing the Core functionalities of the Application  -- C
  3. Testing the Customer Specific Features (Example: Which are developed specifically for a customer on top of core functionalities)  -- C
  4. Testing the Configuration Related Features (Example: Verifying the Application is enabled with Email Configurations)  -- C
  5. Testing the frequent issues which were encountered after every deployment or release  --- F
  6. Testing the Integration Features (Example: API Integration with ERP System - Order Placement, Payment Gateway Integration - Credit Card Order Placement)  --- I


I devised a mnemonic: RCCCFI  (R-3C's-FI)





PS: This post is inspired after reading the below posts.
http://karennicolejohnson.com/2009/11/a-heuristic-for-regression-testing/
http://www.kohl.ca/2006/learning-testing-heuristics/



Now, I can remember this, as it is created by me. ☺☺

Posted in | Leave a comment

How Debugging Skills helped me to solve a problem?

What is a Problem?
According to Wikipedia, problem is a situation preventing something from being achieved.

What to do when you get a problem?
Before spending time to solve the problem, It is essential to understand the Problem.

Recently, I was working on configuring the MYSQL Server and encountered below error when I executed the file.

C:\Program Files\MySQL\MySQL Server 8.0\bin>mysql -uroot -p myhome <c:\Users\srinivas\projects\myhome\schema\schema.mysql.sql

File Name: scheme.mysql.sql



As usual, I had only one question in my mind: "Why did I receive this error?"



And then It clocked 1.30pm, It was my break time.

During the break time, I was thinking about the Error and it bought me a few questions:


  1. "Which function?"
  2. "What does that error mean?"

Here, Debugging Skills helped me to solve this error:

First, I read the Error Message again and divided into parts

  • ERROR 1418 (HY000)
  • Line 15677:
  • The function has None of
  • DETERMINISTIC, NO SQL or READS SQL DATA

This triggered to open the file first and went to the line "15677".

There I saw a Function() written in the file, similar to the below.


CREATE FUNCTION f2()
RETURNS CHAR(36) CHARACTER SET utf8
BEGIN
Then I googled to find out "DETERMINISTIC, NO SQL or READS SQL DATA"

Found a comment on StackOverflow: https://stackoverflow.com/a/26015334


If there is no declaration, so I always put at least one declaration of "DETERMINISTIC", "NOT DETERMINISTIC", "NO SQL" or "READS SQL DATA" regardless other declarations I may have.

Then read another solution about where to add the declarations in the function.
https://stackoverflow.com/a/31185234



This immediately solved the error for the Line 15677.
When I re-executed the command, again encountered the same error on a different line And Solved with the Same Fix.
Thus, Debugging Skills helped me to solve a problem rather than leaving the problem out.

Posted in | Leave a comment

Testing Tools: Duplicate Ids on Webpage

I was learning about HTML Grouping by Attributes using Classes and IDs.

I have learned why do we have classes and Ids as part of HTML Attributes.
As part of this, I have learned that the webpage should not contain more than one same ids for an HTML Element.

<h1>Airports</h1>
<h2 class="air-header">Hyderabad</h2>
<p class="air-content" id="air-content-1">I have travelled from Hyderabd Airport</p>
<h2 class="air-header">Bangalore</h2>
<p class="air-content">I have travelled from Bangalore Airport</p>

Found a Chrome Extension
Dup-ID - Scans HTML for duplicate ID attributes.
https://chrome.google.com/webstore/detail/dup-id-scans-html-for-dup/nggpgolddgjmkjioagggmnmddbgedice

This simple extension will scan the webpage Html tags and look for duplicate ID attributes. 


I have used the chrome extension on
https://www.cognizant.com/ and https://www.infosys.com/ website.


This tool displays duplicate IDs found with a number of times they are used.
And Sorted by ID names.





Reference:

https://stackoverflow.com/questions/5611963/can-multiple-different-html-elements-have-the-same-id-if-theyre-different-eleme

Posted in | Leave a comment

Security Testing: Security Headers - X-Frame-Options

Recently, I wrote an HTML Code to learn about HTML Attributes.

<a href="https://www.google.com">Google</a>
</br>
</br>
<a href="https://www.youtube.com" target="_blank">Youtube</a>

I have written this on CodePen website, which is an online code editor tool.

When I clicked on Youtube link, It has opened the Youtube website on a new tab in the browser as target attribute has been set to blank.

When I clicked on Google Link, as the target attribute is not added. It should open the Google Website in the same results page.

But, I observed the result page shows: www.google.com refused to connect.

As part of the investigation, I have opened F12 - Chrome Web Developer Tools and Navigated to Console. 

Observed: "X-Frame-Options" is set to "SameOrigin" and refused to display "www.google.com"




Security Concepts:
Also, I have checked the Network Tab with Oewrbm resource name.



The reason because not all browsers support info for the X-Frame-Options header.

I usually refer to this website "https://securityheaders.com" to analyze the security headers.

Ran the URL: https://codepen.io/srinivasskc/pen/Oewrbm on the security headers webpage.






The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page inside a frame or iframe.

References: 
https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options

https://www.whitehatsec.com/blog/x-frame-options/

https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Clickjacking_Defense_Cheat_Sheet.md

https://erlend.oftedal.no/blog/tools/xframeoptions/

Posted in | Leave a comment Location: Bengaluru, Karnataka, India

Testing Tools: Screencapture the Webpage

I mostly use "Jing" for a screen capture of the visible part of the page.

For a Particular test, I had to take full screenshot of a page.

I have searched for google chrome extensions which can help me in taking the screen capture of Entire page.

Found Two Chrome Extensions:
1. Nimbus Screenshot
https://chrome.google.com/webstore/detail/nimbus-screenshot-screen/bpconcjcammlapcogcnnelfmaeghhagj?hl=en
2. Full Page Screen Capture
https://chrome.google.com/webstore/detail/full-page-screen-capture/fdpohaocaechififmbbbbbknoalclacl?hl=en

I have used both the chrome extensions on https://testautomationu.applitools.com/ website.


Full page Screenshot has captured Entire page in a go and saved in .png format.
Size of the File: 1,639Kb.



Nimbus Screenshot has captured Entire page in a go and saved in .png format.
Size of the File: 1,632kb



There is very less difference in file size between the two screenshots.

But still, I have a problem here.

Both screenshot capture chrome extensions did not capture the contents inside the <div> element.


Dear Testers,
Do you experience a similar kind of problem in the workplace? 

How would you take the screenshot of the Entire Page including the contents of <div> or <iframe> elements?

Posted in | Leave a comment Location: Bengaluru, Karnataka, India