Archive for 2019

Testing Tools: Duplicate Ids on Webpage

I was learning about HTML Grouping by Attributes using Classes and IDs.

I have learned why do we have classes and Ids as part of HTML Attributes.
As part of this, I have learned that the webpage should not contain more than one same ids for an HTML Element.

<h1>Airports</h1>
<h2 class="air-header">Hyderabad</h2>
<p class="air-content" id="air-content-1">I have travelled from Hyderabd Airport</p>
<h2 class="air-header">Bangalore</h2>
<p class="air-content">I have travelled from Bangalore Airport</p>

Found a Chrome Extension
Dup-ID - Scans HTML for duplicate ID attributes.
https://chrome.google.com/webstore/detail/dup-id-scans-html-for-dup/nggpgolddgjmkjioagggmnmddbgedice

This simple extension will scan the webpage Html tags and look for duplicate ID attributes. 


I have used the chrome extension on
https://www.cognizant.com/ and https://www.infosys.com/ website.


This tool displays duplicate IDs found with a number of times they are used.
And Sorted by ID names.





Reference:

https://stackoverflow.com/questions/5611963/can-multiple-different-html-elements-have-the-same-id-if-theyre-different-eleme

Posted in , , | Leave a comment

Security Testing: Security Headers - X-Frame-Options

Recently, I wrote an HTML Code to learn about HTML Attributes.

<a href="https://www.google.com">Google</a>
</br>
</br>
<a href="https://www.youtube.com" target="_blank">Youtube</a>

I have written this on CodePen website, which is an online code editor tool.

When I clicked on Youtube link, It has opened the Youtube website on a new tab in the browser as target attribute has been set to blank.

When I clicked on Google Link, as the target attribute is not added. It should open the Google Website in the same results page.

But, I observed the result page shows: www.google.com refused to connect.

As part of the investigation, I have opened F12 - Chrome Web Developer Tools and Navigated to Console. 

Observed: "X-Frame-Options" is set to "SameOrigin" and refused to display "www.google.com"



Security Concepts:
Also, I have checked the Network Tab with Oewrbm resource name.


The reason because not all browsers support info for the X-Frame-Options header.

I usually refer to this website "https://securityheaders.com" to analyze the security headers.

Ran the URL: https://codepen.io/srinivasskc/pen/Oewrbm on the security headers webpage.





The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page inside a frame or iframe.

References: 
https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options

https://www.whitehatsec.com/blog/x-frame-options/

https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Clickjacking_Defense_Cheat_Sheet.md

https://erlend.oftedal.no/blog/tools/xframeoptions/

Posted in , , | Leave a comment Location: Bengaluru, Karnataka, India

Testing Tools: Screencapture the Webpage

I mostly use "Jing" for a screen capture of the visible part of the page.

For a Particular test, I had to take full screenshot of a page.

I have searched for google chrome extensions which can help me in taking the screen capture of Entire page.

Found Two Chrome Extensions:
1. Nimbus Screenshot
https://chrome.google.com/webstore/detail/nimbus-screenshot-screen/bpconcjcammlapcogcnnelfmaeghhagj?hl=en
2. Full Page Screen Capture
https://chrome.google.com/webstore/detail/full-page-screen-capture/fdpohaocaechififmbbbbbknoalclacl?hl=en

I have used both the chrome extensions on https://testautomationu.applitools.com/ website.


Full page Screenshot has captured Entire page in a go and saved in .png format.
Size of the File: 1,639Kb.


Nimbus Screenshot has captured Entire page in a go and saved in .png format.
Size of the File: 1,632kb


There is very less difference in file size between the two screenshots.

But still, I have a problem here.

Both screenshot capture chrome extensions did not capture the contents inside the <div> element.


Dear Testers,
Do you experience a similar kind of problem in the workplace? 

How would you take the screenshot of the Entire Page including the contents of <div> or <iframe> elements?

Posted in , , | Leave a comment Location: Bengaluru, Karnataka, India

May Learning Update - Part 1

My Goal from April 2019 is to learn about BDD.

As I Joined Moolya in the month of September 2018 and working on a Client Project, I have encountered many new things which I never experienced before.

One of the Topic is Feature Files and Step Definitions.

Now, for every new learning. I think and co-relate them to Golden Circles.

Image result for simon sinek why ted talk



WHY - I Wanted to know why Feature Files and Step Definitions are Built, What is the Usage of doing them in the Software Development Process.

HOW - I wanted to know how they are built, and I started looking for books to read, asking the testing community about what to read and learn about them.

WHAT - Started reading the Book: "BDD In Action". Now, Completed Chapter -1 from the Book.

Image result for bdd in action

Highlights from Learning:

  • Creator of BDD - Dan North
  • Why Building Software makes a difference - Building Software right vs Building right Software.
  • BDD tools can help turn these requirements into automated tests that help guide the developer, verify the feature, and document what the application does.
  • BDD isn’t a software development methodology in its own right. It’s not a replacement for Scrum, XP, Kanban, RUP, or whatever methodology you’re currently using.
  • BDD incorporates, builds on, and enhances ideas from many of these methodologies.
  • How BDD In Action improves the software development process, eliminates the uncertainty and locks down the requirements.
  • BDD Principles and Practices
  • Gherkin style of writing Features in a Feature Files (Given, When, Then, And, But)
  • Scenarios and Examples
  • Writing an executable specification for each step in scenarios: Step Definitions (High Level)
  • Writing unit tests for the high-level specifications. (Low-Level Executable Specifications ~ Unit Tests)
  • Tools to use for writing High-Level Executable Specifications in general and in Project
  • Tools to use for writing Low-level Executable Specifications in general and in Project.
  • Benefits and Potential Challenges with BDD.

Posted in , | Leave a comment Location: Bengaluru, Karnataka, India

Lessons Learned Posts: #3 - Heuristics and Oracles

As part of the "Learn Something New Every Day" challenge, I had decided to read an article a day and write short notes on Lessons Learned.


Image result for LESSONS LEARNED



The topic of the week: Heuristics and Oracles

The words "Heuristics and Oracles" are new concepts, for testers who have not heard about it.
I have not used these terminologies in the last 6 years at my job.

I heard about the words "Heuristics, Oracles" in Weekend Testing session.
From a long time, I wanted to learn about Heuristics and Oracles more in detail and to Understand it in a better way.

Heuristics:

When we have a Testing Problem in Application, we try with different options or test ideas which we know how to test it and see if it works. The different options which we try are the test heuristics.

Heuristics are simply experience-based techniques for problem-solving, learning, and discovery. 

In Real Time, you might be experienced with testing an application which has scheduling functionality.
Now, the testing problem in an application is "To Test and Validate if scheduled Jobs are running or not"

The Test Heuristics can be:
  • Jobs can be scheduled in different ways: Day, Week, Month, Year and Time.
    • We would be testing if the job is scheduled for 5.00 am UTC is started to execute at a specified time or not, considering the Application server is running on UTC Timezone. --  The test heuristic is running at a specified time.
    • We would also test if the job at the specified day of the week and time is started to execute -- The test heuristic is waiting for the specified day of the week and time.

When we run out of test ideas, we can use heuristics to assist in exploratory testing.
Note: We cannot apply all heuristics, but we must try as much as possible.

Test Heuristics Cheat Sheet

Heuristic Test Strategy Model


Oracles:

While testing an application, we might discover a bug and immediately shouts "Got a Bug".
But there might be some cases, where the developer would not agree and asks for "why it is a bug? Is it part of the requirement document?"

we might think that "It should not work like this right?  Is it really a Bug?" 
There are number of ways, we can determine if its a bug or not. These are called as "Test oracles"

Oracles are simply the principle or mechanism by which we recognize a problem.

Oracles help to discover the real reason, why I think it is a bug.

Testers often say, We recognized the problem as "Product does not meet its expectations/requirements"



Few Hiccups


Posted in , | Leave a comment

Lessons Learned Posts: #2 - Security Testing Terminologies

As part of the "Learn Something New Every Day" challenge, I had decided to read an article a day and write short notes on Lessons Learned.





The topic of the day: Security Testing Terminologies


Last month, I have encountered with new terminology in security testing: False Positive.

I have understood in short, It is not an issue to fix. But wanted to learn more in detail.

Below are the references which I have used to learn about Security Terminologies:

https://www.contrastsecurity.com/security-influencers/the-true-cost-of-false-positive-vulnerabilities-in-application-security

https://www.owasp.org/index.php/Benchmark

https://community.softwaregrp.com/t5/ArcSight-User-Discussions/what-is-false-positive-false-negetive-true-positive-and-true/td-p/1582039


After going through these links, It was easy for me to correlate and understand easily.

What I have learned:

Below is the representation of Security Testing Terminologies.

1. False Positives
2. False Negatives
3. True Positives
4. True Negatives


Posted in , , | Leave a comment

Lessons Learned Posts: #1 - A Transpection Session: Inputs and Expected Results

As part of the "Learn Something New Every Day" challenge, I had decided to read an article a day and write short notes on Lessons Learned.





The topic of the day: A Transpection Session: Inputs and Expected Results

https://www.developsense.com/blog/2010/05/a-transpection-session-inputs-and-expected-results/


First, I was not aware of the word: Transpection.
The definition I understood from http://www.satisfice.com/blog/archives/62 :

Transpection is Learning about a product, by putting yourself in someone's place.
Asking someone a question, then thinking through the same question and comparing the answers with others while listening to them.


Definitions of Testing:
James - "Ask Questions in Order to Evaluate It"
Jerry Weinberg - "Gather Information with the intention of informing a decision"

Testing is not just about "Inputs and Expected Results"

What is Input?
Different types of Inputs: Symbolic Input, Non-Symbolic Input; Explicit Input and Implicit Input.

Symbolic input is data processed by the computer; data meaning “bits”, and “processed” meaning processed using the microprocessor. 
Non-symbolic input would be anything else, such as heat or shock.

Explicit input—the input you knowingly provide.
Implicit input: the input that influences the system without your knowledge or intent. Once you set an option, that option becomes implicit input for the function that refers to it.

Tests consist of "Coverage, Oracles, Procedures"


  • Coverage means observation of some aspect of the product in action. 
  • Oracle means a principle or mechanism by which we recognize a problem. 
  • Procedures mean “knowing how to do the test”


a. Observing and Evaluating the Product.
b. Recognizing the Problem if it occurs.
c. Knowing when to Stop the Tests by applying a Stopping Heuristic.
d. Reporting the Results.


I have learned about:
  • Different types of Inputs - Symbolic, Non-Symbolic, Explicit, Implicit Inputs.
  • Transpection Session
  • What is Testing all about?
    • Coverage
    • Oracles
    • Procedures

Posted in , | Leave a comment