Yslow for firebug is a great utility for analyzing the web pages and based on some set of rules
To download
http://developer.yahoo.com/yslow/
Wednesday, December 05, 2007
Tuesday, November 13, 2007
One URL covers many tools
Just found one URL which can cover more than 100 tools
Here we go....
http://tester.jonasjohn.de/
Here we go....
http://tester.jonasjohn.de/
Friday, October 26, 2007
SQL query optimization testing
Most of the present website uses the big big queries to get the data from the database. But are we testing how much time it will take to get the values from the data, can we improve website performance by using proper queries. For those who want to test this type of functionality there is one utility. This utility can be used as a SQL query stress tool
Download this utility Click here
Download this utility Click here
Saturday, September 01, 2007
Bad boy automated tool
Bad boy is the automation regression tool which works with view state and lots of the features in it.
To download it http://www.badboy.com.au/
It is a good record and play back tool with load testing feature also i.e we can simulate the 1000 users at a time
It not commercial tool or open source tool cheap to use
To download it http://www.badboy.com.au/
It is a good record and play back tool with load testing feature also i.e we can simulate the 1000 users at a time
It not commercial tool or open source tool cheap to use
Tuesday, February 27, 2007
Malicious code injection : Not through Sql
All code injection attacks work on the same principle: a hacker piggybacks malicious code onto good code through an input field in the application. Therefore, the protection instead has to come from the code within the application itself.The root of all code injection problems is that developers put too much trust into the users of applications. A developer should never trust the user to operate the application in a safe manner. There will always be someone who is looking to use malicious code in an exploitative manner.
Aside from SQL injections, there are several other types of malicious code injection attacks with which developers must become familiar. Three of these types of dangerous malicious code injections are
1.XPath injection
2.LDAP injection,
3.command execution injection.
XPath Injection:
The attacker inputs a string of malicious code meant to trick the application into providing access to protected information. If your website uses an XML (Extensible Markup Language) document to store data and user input is included in an XPath query against that document, you may be vulnerable to an XPath injection.
For example, consider the following XML document used by an e-commerce website to store customers’ order history:
< orders >
< customer id = " 1" >
< name > Bob Smith
bob.smith@bobsmithinc.com
1234567812345678
-
1
10.00
Sprocket
-
2
9.00
Cog
…
The website allows its users to search for items in their order history based on price. The XPath query that the application performs looks like this:
string query = "/orders/customer[@id='" +
customerId + "']/order/item[price >= '" +
priceFilter + "']";
If both the customerId and priceFilter values have not been properly validated, an attacker will be able to exploit the XPath injection vulnerability. Entering the following value for either value will select the entire XML document and return it to the attacker:
'] | /* | /foo[bar='
Find more
Aside from SQL injections, there are several other types of malicious code injection attacks with which developers must become familiar. Three of these types of dangerous malicious code injections are
1.XPath injection
2.LDAP injection,
3.command execution injection.
XPath Injection:
The attacker inputs a string of malicious code meant to trick the application into providing access to protected information. If your website uses an XML (Extensible Markup Language) document to store data and user input is included in an XPath query against that document, you may be vulnerable to an XPath injection.
For example, consider the following XML document used by an e-commerce website to store customers’ order history:
< orders >
< customer id = " 1" >
< name > Bob Smith
…
The website allows its users to search for items in their order history based on price. The XPath query that the application performs looks like this:
string query = "/orders/customer[@id='" +
customerId + "']/order/item[price >= '" +
priceFilter + "']";
If both the customerId and priceFilter values have not been properly validated, an attacker will be able to exploit the XPath injection vulnerability. Entering the following value for either value will select the entire XML document and return it to the attacker:
'] | /* | /foo[bar='
Find more
Friday, February 23, 2007
Localization Testing
What is localization (L10N)
Adapting a (software) product to a local or regional market.
Goal: Appropriate linguistic and cultural aspects
Performed by translators, localizers, language engineers
Localization
The aspect of development and testing relating to the translation of the software and ite prsentation to the end user. This includes translating the program, choosing appropriate icons and graphics, and other cultural considerations. It also may include translating the program's help files and the documentation. You could think of localization as pertaining to the presentation of your program; the things the user sees.
Internationalization (I18N)
Developing a (software) product in such a way that it will be easy to adapt it to other markets (languages and cultures)
Goal: eliminate the need to reprogram or recompile the original program
Carried out by SW-Development in conjunction with Localization
Handing foreign text and data within a program
Sorting, importing and exporting text and data, correct handing of currency and data and time formats, string parsing, upper and lower case handling.
Separating strings from the source code, and making sure that the foreign language string have enough space in your user interface to be displayed correctly
Internationalization
The aspect of development and testing relating to handling foreign text and data within a program. This would include sorting, importing and exporting text and data, correct handling of currency and date and time formats, string parsing, upper and lower case handling, and so forth. It also includes the task of separating strings (or user interface text) from the source code, and making sure that the foreign language strings have enough space in your user interface to be displayed correctly. You could think of internationalization as pertaining ot the underlying functionality and workings of your program.
What is I18N/L10N stand for ?
These two abbreviations mean internationalization and localization respectively. Using the word "internationalization" as an example; here is how these abbreviations are derived. First, you take the first letter of the word you want to abbreviate; in this case the letter "I". Next, you take the last letter in the word; in this case the letter "N". These become the first and last letters in the abbreviation. Finally, you count the remaining letters in the word between the first and last letter. In this case. "nternationalizatio" has 18 characters in it. se we will plug the number 18 between the "I" and "N"; thus I18N.
I18N and L10N
I18N and L10N comprise the whole of the offort involved in enabling a product.
I18N is "Stuff" you have to do once.
L10N is "stuff you have to do over and over again.
The more stuff you push into I18N out of L10N, the less complicated and expensive the process becomes.
Adapting a (software) product to a local or regional market.
Goal: Appropriate linguistic and cultural aspects
Performed by translators, localizers, language engineers
Localization
The aspect of development and testing relating to the translation of the software and ite prsentation to the end user. This includes translating the program, choosing appropriate icons and graphics, and other cultural considerations. It also may include translating the program's help files and the documentation. You could think of localization as pertaining to the presentation of your program; the things the user sees.
Internationalization (I18N)
Developing a (software) product in such a way that it will be easy to adapt it to other markets (languages and cultures)
Goal: eliminate the need to reprogram or recompile the original program
Carried out by SW-Development in conjunction with Localization
Handing foreign text and data within a program
Sorting, importing and exporting text and data, correct handing of currency and data and time formats, string parsing, upper and lower case handling.
Separating strings from the source code, and making sure that the foreign language string have enough space in your user interface to be displayed correctly
Internationalization
The aspect of development and testing relating to handling foreign text and data within a program. This would include sorting, importing and exporting text and data, correct handling of currency and date and time formats, string parsing, upper and lower case handling, and so forth. It also includes the task of separating strings (or user interface text) from the source code, and making sure that the foreign language strings have enough space in your user interface to be displayed correctly. You could think of internationalization as pertaining ot the underlying functionality and workings of your program.
What is I18N/L10N stand for ?
These two abbreviations mean internationalization and localization respectively. Using the word "internationalization" as an example; here is how these abbreviations are derived. First, you take the first letter of the word you want to abbreviate; in this case the letter "I". Next, you take the last letter in the word; in this case the letter "N". These become the first and last letters in the abbreviation. Finally, you count the remaining letters in the word between the first and last letter. In this case. "nternationalizatio" has 18 characters in it. se we will plug the number 18 between the "I" and "N"; thus I18N.
I18N and L10N
I18N and L10N comprise the whole of the offort involved in enabling a product.
I18N is "Stuff" you have to do once.
L10N is "stuff you have to do over and over again.
The more stuff you push into I18N out of L10N, the less complicated and expensive the process becomes.
Thursday, February 15, 2007
Finding the Text box maximum length by one click
If the Webpage you are testing contains a form fields with text boxes then, if you need to perform the boundary value analysis testing for the text box and validations for the text box use the following javascript
javascript:var x=document.getElementsByTagName('input');myVals='';for (var i=0;i
javascript:var x=document.getElementsByTagName('input');myVals='';for (var i=0;i
Tuesday, January 30, 2007
Notepad Conspiracy Bug
As every one knows about the Notepad Defect 4-3-3-5 letters crashes the notepad. If not follow the things
1. Create a notepad file
2. Type "bcd efg hij klmno" (Without quotes)
(You can try any combination like "this api can break", "this cat can split", "jane can not dance", "text wit hou tcaps" and "xxxx xxx xxx xxxxx".)
3. Save the notepad (with any name)with any one of the above mentioned phrase
4. Open the same notepad file again and verify that notepad crashes.
This is because of the ASCII to UNICODE conversion problem happening in Windows not in notepad.
for more details click here and here
1. Create a notepad file
2. Type "bcd efg hij klmno" (Without quotes)
(You can try any combination like "this api can break", "this cat can split", "jane can not dance", "text wit hou tcaps" and "xxxx xxx xxx xxxxx".)
3. Save the notepad (with any name)with any one of the above mentioned phrase
4. Open the same notepad file again and verify that notepad crashes.
This is because of the ASCII to UNICODE conversion problem happening in Windows not in notepad.
for more details click here and here
Subscribe to:
Posts (Atom)