Your SlideShare is downloading. ×
How to Break Software: Web 101+ Edition
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

How to Break Software: Web 101+ Edition

309
views

Published on

When testing web applications, you may feel overwhelmed by the technologies of today's web environments. Web testing today requires more than just exercising a system’s functionality. Each system is …

When testing web applications, you may feel overwhelmed by the technologies of today's web environments. Web testing today requires more than just exercising a system’s functionality. Each system is composed of a customized mix of various layers of technology, each implemented in a different programming language and requiring unique testing strategies. This “stew” often leads to puzzling behavior across browsers; performance problems due to page design and content, server locations, and architecture; and inconsistent operation of navigation controls. Dawn Haynes shares an extensive set of test design ideas, standards, and software attacks. She explains their general applicability, effort needed to execute, and technical skill required for success, so you can determine what’s useful in your situation. Dawn demonstrates a variety of tools to help you improve your web testing of HTML syntax, page layout, download speeds, 508 compliance, readability, and more. From the easy and quick to implement to the techie hard stuff, Dawn has something for every web tester.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
309
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. TQ PM Tutorial 10/1/2013 1:00:00 PM "How to Break Software: Web 101+ Edition" Presented by: Dawn Haynes PerfTestPlus, Inc. Brought to you by: 340 Corporate Way, Suite 300, Orange Park, FL 32073 888-268-8770 ∙ 904-278-0524 ∙ sqeinfo@sqe.com ∙ www.sqe.com
  • 2. Dawn Haynes PerfTestPlus, Inc. Dawn Haynes is COO, principal trainer, and consultant for PerfTestPlus, Inc., and a former director of the Association for Software Testing. Dawn’s unique blend of experience, humor, and effectiveness at providing tools and techniques that help students at all levels generate new approaches to common and complex software testing problems has resulted in her international recognition as an elite trainer of testers. She provides consulting services and is a frequent speaker at testing conferences, local groups, and intimate gatherings of testers.
  • 3. Who am I? Enhance your strategies for  testing Web applications Introductions Who are you? Goals • Show a variety of approaches  to testing Web apps • Add to your toolbox Agenda • Why is Web testing different? ‐ A Web primer • What’s easy to break? • How do you approach what’s  harder? © 2013 PerfTestPlus, Inc. 1
  • 4. © 2013 PerfTestPlus, Inc. Business processes Scenarios Use cases Biz Rules Procedures Workflows Stored Procs. Events Batch Functionality Files Data Usability Behavior Records Algorithms Calculations Operations © 2013 PerfTestPlus, Inc. 2
  • 5. TCP/IP HTTP(S) JVMs Browsers JavaScript Hosted PPTP SOAP Flash Protocol Implementation architecture, design & deployment BI/DW Tiers SOA Plug-ins Adobe AJAX GUI elements Layers H/XTML Objects Biz Objects Navigation Constraints Layout Conventions © 2013 PerfTestPlus, Inc. © 2013 PerfTestPlus, Inc. 3
  • 6. © 2013 PerfTestPlus, Inc. © 2013 PerfTestPlus, Inc. 4
  • 7. © 2013 PerfTestPlus, Inc. © 2013 PerfTestPlus, Inc. 5
  • 8. © 2013 PerfTestPlus, Inc. © 2013 PerfTestPlus, Inc. 6
  • 9. © 2013 PerfTestPlus, Inc. © 2013 PerfTestPlus, Inc. 7
  • 10.  Cross-site scripting  SQL injection  Directory traversal Language Based Attacks  Buffer overflows  Canonicalization  NULL-string attacks Attacking the Server  SQL injection II – Stored procedures  Command injection  Fingerprinting the server  Denial of service Authentication     Fake Cryptography Breaking authentication Cross-site tracing Forcing weak cryptography © 2013 PerfTestPlus, Inc. 8
  • 11. © 2013 PerfTestPlus, Inc. © 2013 PerfTestPlus, Inc. 9
  • 12. HTTP is called a stateless protocol because each command is executed independently, without any knowledge of the commands that came before it. This is the main reason that it is difficult to implement Web sites that react intelligently to user input. This shortcoming of HTTP is being addressed in a number of new technologies, including ActiveX, Java, JavaScript and cookies. [Reference: wiki.answers.com] © 2013 PerfTestPlus, Inc. © 2013 PerfTestPlus, Inc. 10
  • 13. © 2013 PerfTestPlus, Inc. © 2013 PerfTestPlus, Inc. 11
  • 14. © 2013 PerfTestPlus, Inc. © 2013 PerfTestPlus, Inc. 12
  • 15. Functionality •Links •Cookies •HTML/CSS •Database Security Usability •Bypass login •URL tampering •Input attacks •Error msgs Performance •Load (users, connections, page requests…) •Stress (exceed limits for fields, login, memory…) •Navigation •Content checks •Help, search … Test Plan Interfaces •Web server •Application server •Database server Compatibility •Browser •O/S •Mobile •Printing •508 [Ref: www.softwaretestinghelp.com] © 2013 PerfTestPlus, Inc. © 2013 PerfTestPlus, Inc. 13
  • 16. © 2013 PerfTestPlus, Inc. 14