Posts

Showing posts from September, 2019

Cloud Platform Solutions and Service Status

Image
Recently, I have started learning about Cloud Platforms and AWS Services. As Cloud was compared with a computer/server and Cloud Services is a rapid growth market.  I was thinking "What if the Cloud Applications experiences the issue? How would users get to know?"  Found below details for Google Cloud and Amazon Cloud Services, which are Top 2 Cloud Platform Solutions: Google Cloud Platform: This page provides status information on the services that are part of the Google Cloud Platform. https://status.cloud.google.com/ AWS Service Health Dashboard: This page provides status information on the services that are part of the AWS Cloud Platform. https://status.aws.amazon.com

1st Anniversary with Moolya Software Testing

Image
Exactly during July 2018, I had decided to look for new opportunities after a long sprint working with Unilog Content Solutions, Mysore. I messaged Ajay Balamurugadas  asking "What to do" and "Why I am looking for". Then I have been introduced to other friends and was going through the interview process. Finally, the day came when I was interviewed at Moolya. And I got an offer in hand on 9th August 2018 and Joined Moolya on 20th September 2018. It was not an easy decision to move from Mysore to Bangalore. My wife was supportive of this decision and then family members (from both sides). Only advice received from Ajay before I joined "Relax. Think It's your first Job with experience of all these Jobs." Let me wrap the One year Journey in Six points: Excitement: I was excited to Join Moolya, As how a fresher would join a new company. I am still excited to go to work every day. Highlighting: I never met  Pradeep Soundararajan  and Dha

Keep your Test Data Handy for Testing

Image
Before you start testing during test ideas session or design review session, you might have encountered some test data related information which needs to be tested on the web application. Now, we have a tool that can help us to update our test data and keep it handy forever. It's an elegant chrome extension written by Gojko Adzic that gives you ready access to common test inputs for form fields and you can customize the menus with your own test data. Adds common problematic values and edge cases to the context menu (right-click) for editable elements, so you can keep them handy and access them easily during exploratory testing sessions. Get the Bug Magnet Now! ... Happy Testing! Install the Extension

Identify Web Technologies used on the Websites

Image
Have you encountered a situation, where you have to test and would like to know about web technologies used on the website? The Easiest way is to install the Chrome Extension: Wappalyzer . https://chrome.google.com/webstore/detail/wappalyzer/gppongmhjkpfnbhagpmjfkannfbllamg?hl=en Wappalyzer is a cross-platform utility that uncovers the technologies used on websites. It detects content management systems, e-commerce platforms, web frameworks, server software, analytics tools and many more. How it works 1.  Navigate to any website 2. The Wappalyzer icon changes to show the main technology that's in use 3. Click the icon for the full list of identified software Click the application names in the list for additional information When I read security research news about a framework has a vulnerability and have to update with the latest version.  I have used this chrome extension to find out if we are using the framework on the webs

Identify the font details of Web Pages on Chrome

Image
Usually, we use "Chrome Web Developer Tools" or "Firefox Web Developer Tools" to inspect the element on the web page and identify the element details such as "Fonts, Color etc". But, How can we find out the fonts used in a webpage easier way? 1. Install the Chrome Extension - WhatFont https://chrome.google.com/webstore/detail/whatfont/jabopobgcpjmedljpbcaablpmlmfcogm?hl=en 2. Click on "WhatFont" Chrome Extension 3. Then Click on the Element on the webpage It tells about the Font Family, Font Style, Size, Color etc. I have used this tool majorly for testing the web applications, especially to confirm webpages are built in accordance to designs provided by client.

Testing Tool: Full Size Screenshot from Chrome

Image
Usually, We take a screenshot of a page by pressing "PrtSc" keyboard option for Print Screen and Save it as Image. But it captures only visible screen size on the web page. How can we take a whole page screenshot on Chrome? It's easy. 1.  Open the Chrome Developer Tool Command: CTRL  + SHIFT + I 2. Then Go to Console Panel 3. Then Type Command: CTRL + SHIFT + P 4. Then Type: full You'll see Capture full-Size Screenshot and just push Enter Key 5. .png file is automatically downloaded with Full-Size Screenshot of a webpage.

Web Application Security - 2018

Subject: Web Application Security Topics:  Different Security Attacks Network Firewalls Web Applications Popular Web Application Security Attacks SQL Injection Cross-Site Scripting What is Server Firewall Advantages of Firewall Can Firewall protect the web applications? Can we close with Firewall to access the web application. Does it impact end users? Can Network defenses like firewall, keep attackers out and make the web applications safe?

Web Application Security - 2018

Subject: Web Application Security Topics: Owasp #6: Unvalidated forwards and Redirects Example: When an attacker sends you a link, with malicious site embedded in URL to redirect. www.mysite.com/login?page=www.hackersite.co.au You might follow the link and use the web application after login, without looking at the URL and page redirecting to, where hackersite.co.au resembles the mysite.com This is also referred as Open redirect vulnerabilities

Web Testing 101 - How to test World Wide Web - 2018

Subject: Web Testing 101 - How to test World Wide Web Topics: ID Elements on Web: Most of the Web applications, I see there are errors in console.  Typical ones are Same Element Id is used twice. I learnt myself, that there should be unique id's instead of duplicate element ids. [DOM] Found 2 elements with non-unique id #priceVal_1412:  <input type=​"hidden" id=​"priceVal_1412" value=​"20.7">​  <input type=​"hidden" id=​"priceVal_1412" value=​"17.57">  Albert Gareev mentions:  That will also impact accessibility. Screen readers rely on id to describe relationships; for example, edit box and its label. Follow HTML guidelines Web browsers are designed with the HTML specification in mind, and going against it can lead to unexpected issues with your web page. This means: Element id attributes should be unique: no two elements should have the same id . References: https://w

Web Application Security - 2018

Image
Subject: Web Application Security Topics: OWASP - #4: Insecure Cryptographic Storage When you register a user, find out how the passwords are stored in application. If it is Plain text, then it is leads to security vulnerability. Passwords should never be stored in unencrypted format: plain text on server. Better way is to store using one-way cryptographic hash of user's password. While logging to the application, Password is computed with hash function and compares the hashed password with stored hash password. If both matches, Login is granted. Benefits: Only one-way hash, cannot compute the string from hash. Hash Functions: SHA-1 , SHA-512 etc. More better way to secure is: Adding Salt (Random text) to the password, before computing the hash function. This maximizes the password cryptography. Without Salt, when user creates a password as "Hello" and another user creates the same password as "Hello". When they are computed through Hash func

Accessibility Testing - 2018

Image
Subject: Accessibility Testing Topics: The tool used to evaluate the web application for Accessibility. WAVE - http://wave.webaim.org/ Understanding the tool, how it works. Exercise: Enter the URL of the website and Hit Enter. The summary will display errors, warnings, information, etc.

Accessibility Testing - 2018

Subject: Accessibility Testing Topics: Learning about Diversity of Disabilities Different Disabilities: Visual Auditory Physical Cognitive Learning Emotional Definition: A  disability is defined  as a physical or mental impairment that substantially limits one or more major life activities. Specifically, a qualified individual with a disability is someone who can perform the essential functions of the job with or without reasonable accommodation.

Web Application Security - 2018

Subject: Web Application Security Topics: OWASP - Open Web Application Security Project (www.owasp.org) - open source project with goal of improving web application security. OWASP Top 10 is popular list, which ranks the most risks to the low risk. Download the List from below link. https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project    Do Not Think as an Attacker, When you are not an Attacker. Learn about security principles , that can help you as a Defender.

Search Engine Optimization - 2018

Image
Subject:  Search Engine Optimization Topic:   SEO URL's (Mobile Site vs Desktop Site) If you have separate mobile site vs actual desktop site. To know, if mobile site hides any links. We have a website, which can traverse and displays results. Website Link:   http://www.thegooglecache.com/mobile-links.php   If we do not have separate sites for mobile vs desktop. Even then you can search the Website URL to see the URL Links on the site. Testing Point of View:  Understand and find out URL's which seems to be improper and does not comply with SEO Standards.

My Approach to Regression Testing - R3C'sFI

Image
I have done a fair amount of regression testing. And Sometimes I used to think "Oh..Again!" But I gained knowledge based on the experience - "When to Perform" and "What to Perform" Regression Testing. When do we do Regression Testing? Defect Fixes Performance or Security Issue Fixes on Code New Features Added  Optimization of Existing Features  Any changes in Integration Systems (Example: Payment Gateway System Software Upgraded from Version 1.0 to 2.0) Server Related Updates (Example: Movement of Application from Hosted Server Systems to Google Cloud) Software Version Updates (Example: Java Updates or JS Updates) What to Perform as Regression Testing? Testing the Recent Code Changes  -- R Testing the Core functionalities of the Application  -- C Testing the Customer Specific Features (Example: Which are developed specifically for a customer on top of core functionalities)  -- C Testing the Configuration Related Features (Example: Ve