Posts

Showing posts from 2019

Tools to convert Unix Time to Human Readable Format

Image
UnixTimestamps: While working on a project, the timestamp for the export or batch process was in Unix TimeStamp. Unix Time is based on Epoch Timestamps. To read the UnixTime, I used to use " https://www.epochconverter.com/ " website. We can use it to convert Unix Time to Human Readable Format. Now, we can also access directly from Chrome Extension. Chrome Extension:  https://chrome.google.com/webstore/detail/utime/kpcibgnngaaabebmcabmkocdokepdaki?hl=en Converts Unix Epoch timestamps to human-readable dates (and dates to timestamps) quickly and easily with Utime.

Lessons Learned about Availability Zones

Image
Understanding How AWS is Physically Set Up For the latest on AWS Infrastructure, see: https://aws.amazon.com/about-aws/global-infrastructure/ This tells us about how physically AWS is set up across the globe. In this map, it shows AWS Regions and few upcoming regions. What is AWS Region? Each region is a geographical area that is the collection of availability zones and data centers. The AWS Regions are kept across the world, where data transmission from the physical device would take less time and to provide the best performance to the customers. There are some consumer-based regions and government based regions (GovCloud). What is an Availability Zone? Availability Zone is a geographical physical location that holds an AWS data center. This is where physical hardware is present and any data that is stored in AWS will be located here. Why Multiple Availability Zones? Considering the High Availability and Fault Tolerance, if there is

Lessons Learned about Cloud

Image
What is Cloud? Think about like a Computer, which has a storage or processing power  and utilizing it, Which is present somewhere and  can be connected by Internet Connection. In Reality, It is not just one computer.  It’s more like datacenters having server computers that we would be utilizing. Example: Dropbox, iCloud, Amazon Web Services. Why do we use Cloud? Files that we upload to DropBox/iCloud are going to stored on Server Computers,  which is one of the racks in the datacenter. What are the Benefits of using the Cloud? Common Personal Uses:  Storing the data in Cloud, Backups, Sharing across different devices  (Home Computer, Mobile Devices, Work Computer) and access from different devices. Common Enterprise Uses: On-Premises Data Center: Costly, Takes time for Process of ordering, Installation,  Test them up, Install Operating Systems, Softwares and get them all Up and Running. Disadvantages: Money is wasted if the resources and servers are not used. N

Cloud Platform Solutions and Service Status

Image
Recently, I have started learning about Cloud Platforms and AWS Services. As Cloud was compared with a computer/server and Cloud Services is a rapid growth market.  I was thinking "What if the Cloud Applications experiences the issue? How would users get to know?"  Found below details for Google Cloud and Amazon Cloud Services, which are Top 2 Cloud Platform Solutions: Google Cloud Platform: This page provides status information on the services that are part of the Google Cloud Platform. https://status.cloud.google.com/ AWS Service Health Dashboard: This page provides status information on the services that are part of the AWS Cloud Platform. https://status.aws.amazon.com

1st Anniversary with Moolya Software Testing

Image
Exactly during July 2018, I had decided to look for new opportunities after a long sprint working with Unilog Content Solutions, Mysore. I messaged Ajay Balamurugadas  asking "What to do" and "Why I am looking for". Then I have been introduced to other friends and was going through the interview process. Finally, the day came when I was interviewed at Moolya. And I got an offer in hand on 9th August 2018 and Joined Moolya on 20th September 2018. It was not an easy decision to move from Mysore to Bangalore. My wife was supportive of this decision and then family members (from both sides). Only advice received from Ajay before I joined "Relax. Think It's your first Job with experience of all these Jobs." Let me wrap the One year Journey in Six points: Excitement: I was excited to Join Moolya, As how a fresher would join a new company. I am still excited to go to work every day. Highlighting: I never met  Pradeep Soundararajan  and Dha

Keep your Test Data Handy for Testing

Image
Before you start testing during test ideas session or design review session, you might have encountered some test data related information which needs to be tested on the web application. Now, we have a tool that can help us to update our test data and keep it handy forever. It's an elegant chrome extension written by Gojko Adzic that gives you ready access to common test inputs for form fields and you can customize the menus with your own test data. Adds common problematic values and edge cases to the context menu (right-click) for editable elements, so you can keep them handy and access them easily during exploratory testing sessions. Get the Bug Magnet Now! ... Happy Testing! Install the Extension

Identify Web Technologies used on the Websites

Image
Have you encountered a situation, where you have to test and would like to know about web technologies used on the website? The Easiest way is to install the Chrome Extension: Wappalyzer . https://chrome.google.com/webstore/detail/wappalyzer/gppongmhjkpfnbhagpmjfkannfbllamg?hl=en Wappalyzer is a cross-platform utility that uncovers the technologies used on websites. It detects content management systems, e-commerce platforms, web frameworks, server software, analytics tools and many more. How it works 1.  Navigate to any website 2. The Wappalyzer icon changes to show the main technology that's in use 3. Click the icon for the full list of identified software Click the application names in the list for additional information When I read security research news about a framework has a vulnerability and have to update with the latest version.  I have used this chrome extension to find out if we are using the framework on the webs

Identify the font details of Web Pages on Chrome

Image
Usually, we use "Chrome Web Developer Tools" or "Firefox Web Developer Tools" to inspect the element on the web page and identify the element details such as "Fonts, Color etc". But, How can we find out the fonts used in a webpage easier way? 1. Install the Chrome Extension - WhatFont https://chrome.google.com/webstore/detail/whatfont/jabopobgcpjmedljpbcaablpmlmfcogm?hl=en 2. Click on "WhatFont" Chrome Extension 3. Then Click on the Element on the webpage It tells about the Font Family, Font Style, Size, Color etc. I have used this tool majorly for testing the web applications, especially to confirm webpages are built in accordance to designs provided by client.

Testing Tool: Full Size Screenshot from Chrome

Image
Usually, We take a screenshot of a page by pressing "PrtSc" keyboard option for Print Screen and Save it as Image. But it captures only visible screen size on the web page. How can we take a whole page screenshot on Chrome? It's easy. 1.  Open the Chrome Developer Tool Command: CTRL  + SHIFT + I 2. Then Go to Console Panel 3. Then Type Command: CTRL + SHIFT + P 4. Then Type: full You'll see Capture full-Size Screenshot and just push Enter Key 5. .png file is automatically downloaded with Full-Size Screenshot of a webpage.

Web Application Security - 2018

Subject: Web Application Security Topics:  Different Security Attacks Network Firewalls Web Applications Popular Web Application Security Attacks SQL Injection Cross-Site Scripting What is Server Firewall Advantages of Firewall Can Firewall protect the web applications? Can we close with Firewall to access the web application. Does it impact end users? Can Network defenses like firewall, keep attackers out and make the web applications safe?

Web Application Security - 2018

Subject: Web Application Security Topics: Owasp #6: Unvalidated forwards and Redirects Example: When an attacker sends you a link, with malicious site embedded in URL to redirect. www.mysite.com/login?page=www.hackersite.co.au You might follow the link and use the web application after login, without looking at the URL and page redirecting to, where hackersite.co.au resembles the mysite.com This is also referred as Open redirect vulnerabilities

Web Testing 101 - How to test World Wide Web - 2018

Subject: Web Testing 101 - How to test World Wide Web Topics: ID Elements on Web: Most of the Web applications, I see there are errors in console.  Typical ones are Same Element Id is used twice. I learnt myself, that there should be unique id's instead of duplicate element ids. [DOM] Found 2 elements with non-unique id #priceVal_1412:  <input type=​"hidden" id=​"priceVal_1412" value=​"20.7">​  <input type=​"hidden" id=​"priceVal_1412" value=​"17.57">  Albert Gareev mentions:  That will also impact accessibility. Screen readers rely on id to describe relationships; for example, edit box and its label. Follow HTML guidelines Web browsers are designed with the HTML specification in mind, and going against it can lead to unexpected issues with your web page. This means: Element id attributes should be unique: no two elements should have the same id . References: https://w

Web Application Security - 2018

Image
Subject: Web Application Security Topics: OWASP - #4: Insecure Cryptographic Storage When you register a user, find out how the passwords are stored in application. If it is Plain text, then it is leads to security vulnerability. Passwords should never be stored in unencrypted format: plain text on server. Better way is to store using one-way cryptographic hash of user's password. While logging to the application, Password is computed with hash function and compares the hashed password with stored hash password. If both matches, Login is granted. Benefits: Only one-way hash, cannot compute the string from hash. Hash Functions: SHA-1 , SHA-512 etc. More better way to secure is: Adding Salt (Random text) to the password, before computing the hash function. This maximizes the password cryptography. Without Salt, when user creates a password as "Hello" and another user creates the same password as "Hello". When they are computed through Hash func

Accessibility Testing - 2018

Image
Subject: Accessibility Testing Topics: The tool used to evaluate the web application for Accessibility. WAVE - http://wave.webaim.org/ Understanding the tool, how it works. Exercise: Enter the URL of the website and Hit Enter. The summary will display errors, warnings, information, etc.

Accessibility Testing - 2018

Subject: Accessibility Testing Topics: Learning about Diversity of Disabilities Different Disabilities: Visual Auditory Physical Cognitive Learning Emotional Definition: A  disability is defined  as a physical or mental impairment that substantially limits one or more major life activities. Specifically, a qualified individual with a disability is someone who can perform the essential functions of the job with or without reasonable accommodation.

Web Application Security - 2018

Subject: Web Application Security Topics: OWASP - Open Web Application Security Project (www.owasp.org) - open source project with goal of improving web application security. OWASP Top 10 is popular list, which ranks the most risks to the low risk. Download the List from below link. https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project    Do Not Think as an Attacker, When you are not an Attacker. Learn about security principles , that can help you as a Defender.

Search Engine Optimization - 2018

Image
Subject:  Search Engine Optimization Topic:   SEO URL's (Mobile Site vs Desktop Site) If you have separate mobile site vs actual desktop site. To know, if mobile site hides any links. We have a website, which can traverse and displays results. Website Link:   http://www.thegooglecache.com/mobile-links.php   If we do not have separate sites for mobile vs desktop. Even then you can search the Website URL to see the URL Links on the site. Testing Point of View:  Understand and find out URL's which seems to be improper and does not comply with SEO Standards.

My Approach to Regression Testing - R3C'sFI

Image
I have done a fair amount of regression testing. And Sometimes I used to think "Oh..Again!" But I gained knowledge based on the experience - "When to Perform" and "What to Perform" Regression Testing. When do we do Regression Testing? Defect Fixes Performance or Security Issue Fixes on Code New Features Added  Optimization of Existing Features  Any changes in Integration Systems (Example: Payment Gateway System Software Upgraded from Version 1.0 to 2.0) Server Related Updates (Example: Movement of Application from Hosted Server Systems to Google Cloud) Software Version Updates (Example: Java Updates or JS Updates) What to Perform as Regression Testing? Testing the Recent Code Changes  -- R Testing the Core functionalities of the Application  -- C Testing the Customer Specific Features (Example: Which are developed specifically for a customer on top of core functionalities)  -- C Testing the Configuration Related Features (Example: Ve

How Debugging Skills helped me to solve a problem?

Image
What is a Problem? According to Wikipedia,  A  problem  is a situation preventing something from being achieved. What to do when you get a problem? Before spending time to solve the problem, It is essential to understand the Problem. Recently, I was working on configuring the MYSQL Server and encountered below error when I executed the file. C:\Program Files\MySQL\MySQL Server 8.0\bin>mysql -uroot -p myhome <c:\Users\srinivas\projects\myhome\schema\schema.mysql.sql File Name: scheme.mysql.sql As usual, I had only one question in my mind: "Why did I receive this error?" And then It clocked 1.30pm, It was my break time. During the break time, I was thinking about the Error and it bought me a few questions: "Which function?" "What does that error mean?" Here, Debugging Skills helped me to solve this error: First, I read the Error Message again and divided into parts ERROR 1418 (HY000) Line 15677: The function has

Testing Tools: Duplicate Ids on Webpage

Image
I was learning about HTML Grouping by Attributes using Classes and IDs. I have learned why do we have classes and Ids as part of HTML Attributes. As part of this, I have learned that the webpage should not contain more than one same ids for an HTML Element. <h1>Airports</h1> <h2 class="air-header">Hyderabad</h2> <p class="air-content" id="air-content-1">I have travelled from Hyderabd Airport</p> <h2 class="air-header">Bangalore</h2> <p class="air-content">I have travelled from Bangalore Airport</p> Found a Chrome Extension Dup-ID - Scans HTML for duplicate ID attributes. https://chrome.google.com/webstore/detail/dup-id-scans-html-for-dup/nggpgolddgjmkjioagggmnmddbgedice This simple extension will scan the webpage Html tags and look for duplicate ID attributes.  I have used the chrome extension on https://www.cognizant.com/  and  https://www.infosys.com/  websit

Security Testing: Security Headers - X-Frame-Options

Image
Recently, I wrote an HTML Code to learn about HTML Attributes. <a href="https://www.google.com">Google</a> </br> </br> <a href="https://www.youtube.com" target="_blank">Youtube</a> I have written this on CodePen website, which is an online code editor tool. When I clicked on Youtube link, It has opened the Youtube website on a new tab in the browser as target attribute has been set to blank. When I clicked on Google Link, as the target attribute is not added. It should open the Google Website in the same results page. But, I observed the result page shows:  www.google.com  refused to connect. As part of the investigation, I have opened F12 - Chrome Web Developer Tools and Navigated to Console.  Observed: " X-Frame-Options" is set to "SameOrigin" and refused to display "www.google.com" Security Concepts: Also, I have checked the Network Tab with Oewrbm resource name.