SlideShare une entreprise Scribd logo

Risk oriented testing of web-based applications

S
sarikagrov
Technologie
1  sur  13
Télécharger pour lire hors ligne
Risk-Oriented Testing of Web-Based Applications Risk-Oriented Testing of Web-Based Applications Overview-: Web-based testing should be “RISK ORIENTED”. This article describes the risks, presents the types of testing that can be used to address those risks in testing and provides guidance in using web-based test tools. The approach for testing web-based systems should be incorporated into a test plan and that plan should be followed during test execution. This article will be helpful for beginners as well as professional testers Web-Based Systems/Applications- : In general..... Web based application is a software package that can be accessed through the web browser. The software and database reside on a central server rather than being installed on the desktop system and is accessed over a network. “Testers CONCERN Checklist” while conducting Web-based Testing S.No. Parameter Description Verified Not- N/A Verified 1 Browser Should validate consistent application performance on Compatibility a variety of browser types and configurations. 2 Functional Should validate that the application functions Correctness correctly. This includes validating links, calculations, displays of information, and navigation. 3 Integration Should validate the integration between browsers and servers, applications and data, and hardware and software. 4 Usability Should validate the overall usability of a web page or a web application, including appearance, clarity, and navigation 5 Security Should validate the adequacy and correctness of security controls, including access control and authorizations. 6 Performance Should validate the performance of the web application under load. 7 Verification Should validate that the code used in building the web of code application (HTML, Java, and so on ) has been used in a
Risk-Oriented Testing of Web-Based Applications correct manner. For example, no nonstandard coding practices should be used that would cause an application to function incorrectly in some environments. WORKBENCH - for WEB-BASED TESTING Following are the Steps-: Step-1 INPUT Step-2 Task-1 Web based Risks Step-3 Task-2 Web based Tests Step-4 Task-3 Web based Test Tools Step-5 Test Web based Systems Step-6 OUTPUT
Risk-Oriented Testing of Web-Based Applications Step-1 INPUT-: is the hardware / software that will be incorporated in the web-based system to be tested. Input to this test process is the description of web based technology used in the systems being tested. Following list shows how web based systems differ from other technologies S.No Parameter Description Verified Not- N/A Verified 1 Uncontrolled Web-browsers-: a web page must be functional on user-interfaces those browsers that you expect to be used in (browsers) accessing your web applications. Furthermore, as new releases of browsers emerge, your web applications will need to keep up with compatibility issues. BROWSER-: http://www.webdevelopersnotes.com/articles/latest- browser-versions.php 2 Complex In addition to being complex and distributed, web- distributed based applications are also remotely accessed, which systems adds even more concerns to the testing effort. While some applications may be less complex than others, it is safe to say that the trend in web applications is to become more complex rather than less. 3 Security issues Protection is needed from unauthorized access that can corrupt applications and/or data. Another security risk is that of access to confidential information. 4 Multiple layers These layers of architecture include application in architecture. servers, web servers, back-end processing, data warehouses, and secure servers for electronic commerce 5 New Just as in making the transition to client/server, new terminology skills are needed to develop, test, and use web-based and skill sets. technology effectively. 6 Object- Object-oriented languages such as Java are the oriented. mainstay of web development. STEP-2 Task 1: Select Web-Based Risks to Include in the Test Plan Risks are important to understand because they reveal what to test. Each risk points to an entire area of potential tests. In addition, the degree of testing should be based on risk. The risks are briefly listed here, followed by a more detailed description of the concerns associated
Risk-Oriented Testing of Web-Based Applications with each risk 1. Risk -1 SECURITY- One of the major risks of Internet applications is security. It is very important to validate that the application and data are protected from outside intrusion or unauthorized access. Security Concerns Following are some of the detailed security risks that need to be addressed in an Internet application test plan-: S.No Parameter Description Verified Not- N/A Verified 1 External Protecting the system from external intrusion - include intrusion intrusion from a) people who are trying to gain access to sensitive information, b) people who are trying to intentionally sabotage information 2 Protection Protecting transactions over the Internet- Especially true of secured in dealing with e-commerce transactions. transactions Many consumers are reluctant to give credit card information over the Internet for fear that information will be intercepted and used for fraudulent purposes 3 Viruses The Internet has become a vehicle for propagating tens of thousands of new viruses. These viruses are contained in downloaded files that can be distributed from web sites and e-mail. 4 Access Access control means that only authorized users have control security access to a particular application or portion of an application. This access is typically granted with a user ID and password. 5 Authorizatio Ability of the application to restrict certain transactions n levels only to those users who have a certain level of authorization 2. Risk-2 PERFORMANCE-: An Internet application with poor performance will be judged hard to use. Web sites that are slow in response will not retain the visitors they attract and will be frustrating to the people who try to use them. Performance Concerns-: System performance can make or break an Internet application.
Risk-Oriented Testing of Web-Based Applications Several types of performance testing can be performed to validate an application’s performance levels. Performance testing is a very precise kind of testing and requires the use of automated tools for testing to be accomplished with any level of accuracy and efficiency. Unfortunately, manual approaches to performance testing fall short of the accuracy needed to correctly gauge an application’s performance and may lead to a false level of confidence in the test. Typically, the most common kind of performance testing for Internet applications is LOAD TESTING. Load testing seeks to determine how the application performs under expected and greater-than- expected levels of activity. Application load can be assessed in a variety of ways: S.No Parameter Description Verified Not- N/A Verified 1 Concurrency Concurrency testing seeks to validate the performance of an application with a given number of concurrent interactive users 2 Stress Stress testing seeks to validate the performance of an application when certain aspects of the application are stretched to their maximum limits. This can include maximum number of users, and can also include maximizing table values and data values. 3 Throughput Throughput testing seeks to validate the number of transactions to be processed by an application during a given period of time. For example, one type of throughput test might be to attempt to process 100,000 transactions in one hour 3. Risk-3 CORRECTNESS-: Correctness is a very important area of risk. It is essential that the functionality and information obtained from web-based applications are correct Correctness Concerns An important areas of concern is that the application functions correctly. This can include not only the functionality of buttons and “behind the scenes” instructions but also calculations and navigation of the application. S.N Parameter Description Verified Not- N/A o Verified 1 Functionality Functional correctness means that the application performs its intended tasks as defined by a stated set of specifications. The specifications of an application are
Risk-Oriented Testing of Web-Based Applications the benchmark of what the application should do. Functional correctness is determined by performing a functional test. A functional test is performed in a cause-effect manner. In other words, if a particular action is taken, a particular result should be seen. 2 Calculations Many web-based applications include calculations. These calculations must be tested to ensure correctness and to find defects. 3 Navigation Navigation correctness can include testing links ,buttons, and general navigation through a web site or web-based application. 4. Risk -4 COMPATIBILITY (Configuration)-: A web-based application must be able to work correctly on a wide variety of system configurations including browsers, operating systems, and hardware systems. Compatibility Concerns Compatibility is the capability of the application to perform correctly in a variety of expected environments. Two of the major variables that affect web-based applications are operating systems and browsers. Currently, operating systems (or platforms) and how they support the browser of your choice will affect the appearance and functionality of a web application. This requires that test the web-based applications as accessed on a variety of common platforms and browsers. Browser Configuration Each browser has configuration options that affect how it displays information. These options vary from browser to browser and are too diverse to address in this text. The most reasonable testing strategy is to define optimal configurations on the most standard kinds of browsers and test based on those configurations. Some of the main things to consider from a hardware compatibility standpoint are the following: S.No Parameter Description Verified Not- N/A Verified 1 Monitors, If you have a web site that requires a video cards, high standard of video capability, some users will not and video be able to view your site, or will not have a positive RAM experience at your site 2 Audio, video, Once again, you need to verify that and a web application is designed to provide a level of multimedia multimedia support that a typical end-user will need to
Risk-Oriented Testing of Web-Based Applications support be able to access your site. If software plug-ins are required, you should provide links on your page to facilitate the user in downloading the plug-in. 3 Memory RAM is very important for increasing (RAM) and the performance of a browser on a particular platform. hard drive Browsers also make heavy use of caching, which is how space a browser stores graphics and other information on a user’s hard drive. This helps speed the display of web pages the next time the user visits a web site. 4 Bandwidth Many corporate users have high-speed Internet access access based on T-1 or T-3 networks, or ISDN telephone lines. Browser differences can make a web application appear differently to different people. These differences may appear in any of the following areas (this is not intended to be an exhaustive list; these are merely the more common areas of browser differences) 5 Print To make printing faster and easier, some pages add a handling link or button to print a browser-friendly version of the page being viewed. 6 Reload Some browser configurations will not automatically display updated pages if a version of the page still exists in the cache. Some pages indicate if the user should reload the page 7 Navigation Browsers vary in the ease of navigation, especially when it comes to visiting pages previously visited during a session. A web application devel- oper may need to add navigational aids to the web pages to facilitate ease of navigation 8 Graphics Browsers may handle images differently, depending on filters the graphic filters supported by the browser. In fact, some browsers may not show an image at all. By standardizing on JPG and GIF images you should be able to eliminate this concern. 9 Caching How the cache is configured (size, etc.) will have an impact on the performance of a browser to view information. 10 Dynamic This includes how a user receives information from page pages that change based on input. Examples of generation dynamic page generation include: 1) Shopping cart applications
Risk-Oriented Testing of Web-Based Applications 2) Data search applications 3) Calculation forms 11 File Movement of data from remote data storage for user downloads processing 12 E-mail Because e-mail activities can consume excessive functions processing time, guidelines should be developed. Each browser has its own interface and functionality for e-mail. Many people use separate e-mail applications outside of a browser, but for those who don’t, this can be a concern for users when it comes to compatibility. 5. Risk-5 RELIABILITY-: An Internet application must have a high level of availability and the information provided from the application must be consistent and reliable to the user. Reliability Concerns Because of the continuous uptime requirements for most Internet applications, reliability is a key concern. Reliability can be considered in more than system availability it can also be expressed in terms of the reliability of the information obtained from the application: 1. Consistently correct results 2. Server and system availability 6. Risk-6 DATA INTEGRITY-: The data entered into an Internet application must be validated to ensure its correctness. In addition, measures must be taken to ensure the data stays correct after it is entered into the application Data Integrity Concerns Not only must the data be validated when it is entered into the web application, but it must also be safeguarded to ensure the data stays correct: S.No Parameter Description Verified Not- N/A Verified 1 Ensuring only This can be achieved by validating the data at the page correct data level when it is entered by a user. is accepted 2 Ensuring data This can be achieved by procedures to back up data stays in a and ensure that controlled methods are used to correct state update data.
Risk-Oriented Testing of Web-Based Applications 7. Risk – 7 USABILITY-: Application must be easy to use. This includes things like navigation, clarity, and understandability of the information provided by the application. Usability Concerns If users or customers find an Internet application hard to use, they will likely go to a competitor’s site. Usability can be validated and usually involves the following S.No Parameter Description Verified Not- N/A Verified 1 Easy to use Ensuring the application is easy to use and understand 2 To use Ensuring that users know how to interpret and use the information delivered from the application 3 Navigation Ensuring that navigation is clear and correct 8. Risk -8 RECOVERABILITY-: In the event of an outage, the system must be recoverable. This includes recovering lost transactions, recovering from loss of communications, and ensuring that proper backups are made as a part of regular systems maintenance. Recoverability Concerns Internet applications are more prone to outages than systems that are more centralized or located on reliable, controlled networks. The remote accessibility of Internet applications makes the following recoverability concerns important: S.No Parameter Description Verified Not- N/A Verified 1 Lost No Connections connections 2 Timeouts Time Outs 3 Dropped lines Ensuring that navigation is clear and correct 4 Client system Client system crashes crashes 5 Server system Server system crashes or other application problems crashes or other application problems
Risk-Oriented Testing of Web-Based Applications STEP-3 Task 2: Select Web-Based Tests Once Risks has been addressed in the web-based applications,time to examine the types and phases of testing needed to validate them. S.No Parameter Description Verified Not- N/A Verified 1 Unit or This includes testing at the object, component, page, Component or applet level. Unit testing is the lowest level of testing in terms of detail. During unit testing, the structure of languages, such as HTML and Java, can be verified. Edits and calculations can also be tested at the unit level. 2 Integration Integration is the passing of data and/or control between units or components, which includes testing navigation (i.e., the paths the test data will follow). In web-based applications, this includes testing links, data exchanges, and flow of control in an application. 3 System System testing examines the web application as a whole and with other systems. The classic definition of system testing is that it validates that a computing system functions according to written requirements and specifications. This is also true in web- based applications. The differences apply in how the system is defined. System testing typically includes hardware, software, data, procedures, and people. In corporate web-based applications, a system might interface with Internet webpages, data warehouses, back-end processing systems, and reporting systems. 4 User This includes testing that the web application Acceptance supports business needs and processes. Main idea in user acceptance testing (or business process validation) is to ensure that the end product supports the users’ needs. For business applications, this means testing that the system allows the user to conduct business correctly and efficiently. For personal applications, this means that users are able to get the information or service they need from a web site efficiently. In a corporate web page, the end-user testers may be from end-user groups, management, or an independent test team that takes the role of end users. In public web applications, the end-user testers
Risk-Oriented Testing of Web-Based Applications may be beta testers, who receive a prototype or early release of the new web application, or independent testers who take the role of public web users. 5 Performance This includes testing that the system will perform as specified at predetermined levels, including wait times, static processes, dynamic processes, and transaction processes. Performance is also tested at the client/browser and server levels. 6 Load/Stress This type of testing checks to see that the server performs as specified at peak concurrent loads or transaction throughput. It includes stressing servers, networks, and databases. 7 Regression Regression testing checks that unchanged parts of the application work correctly after a change has been made. Many people mistakenly believe that regression testing means testing everything you ever tested in an application every time you perform a test. However, depending upon the relative risk of the application you are testing, regression testing may not need to be that intense. The main idea is to test a set of specified critical test cases each time you perform the test. Regression testing is an ideal candidate for test automation because of its repetitive nature. 8 Usability This type of testing assesses the ease of use of an application. Usability testing may be accomplished in a variety of ways, including direct observation of people using web-applications, usability surveys, and beta tests. Main objective of usability testing is to ensure that an application is easy to understand and navigate. 9 Compatibility Compatibility testing ensures that the application functions correctly on multiple browsers and system configurations. Compatibility testing may be performed in a test lab that contains a variety of platforms, or may be performed by beta testers. The downside with beta testing is the increased risk of bad publicity, the lack of control, and the lack of good data coming back from the beta testers
Risk-Oriented Testing of Web-Based Applications STEP-4 Task 3: Select Web-Based Test Tools Effective web-based testing necessitates the use of web-based testing tools. A brief description of categories of the more common web-based test tools follows: S.No Parameter Description Verified Not- N/A Verified 1 HTML tools Although many web development packages include an HTML checker, there are ways to perform a verification of HTML if you do not use/ have such a feature. 2 Site validation Site validation tools check your web applications to tools identify inconsistencies and errors, such as moved or orphaned pages and broken links. 3 Load/stress Load/stress tools evaluate web-based systems when testing tools subjected to large volumes of data or transactions 4 Test case Test case generators create transactions for use in generators testing. This tool can tell you what to test, as well as create test cases that can be used in other test tools. STEP-5 Task 4: Test Web-Based Systems The tests to be performed for web-based testing will be the types of testing. S.No Parameter Description Verified Not- N/A Verified 1 Organizing Organizing for testing 2 Test Plan Developing the test plan 3 Verification To perform Verification Testing testing 4 Validation To perform Validation Testing testing 5 Test Reports Analyzing and reporting test results 6 Acceptance Acceptance and operational testing 7 Post Post Implementation Analysis Implementati on Analysis
Risk-Oriented Testing of Web-Based Applications STEP-6 OUTPUT-: Output is to report what works and what does not work, as well as any concerns over the use of web technology. The only output from this test process is a report on the web-based system. At a minimum, this report should contain the following: S.No Parameter Description Verified Not- N/A Verified 1 Brief description A brief description of the web-based system 2 Risks Risks addressed and not addressed by the web-based test team 3 Types of Testing Types of testing performed, and types of testing not performed 4 Tools Tools used or not 5 Performed Well Web-based functionality and structure tested that performed correctly 6 Not Performed well Web-based Structure and functionality tested that did not perform correctly 7 Tester's opinion Tester's opinion regarding the adequacy of the web-based system to be placed into a production status Guideline Successful web-based testing necessitates a portfolio of web-based testing tools. It is important that these test tools are used effectively.

Recommandé

Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Krisshhna Daasaarii
 
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.IRJET Journal
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slidesBassam Al-Khatib
 
Mobile Threats and Trends Changing Mobile App Security
Mobile Threats and Trends Changing Mobile App SecurityMobile Threats and Trends Changing Mobile App Security
Mobile Threats and Trends Changing Mobile App SecurityDevOps.com
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Reportbtpsec
 
Web Application Security Guide by Qualys 2011
Web Application Security Guide by Qualys 2011 Web Application Security Guide by Qualys 2011
Web Application Security Guide by Qualys 2011 nat page
 
Nii sample pt_report
Nii sample pt_reportNii sample pt_report
Nii sample pt_reportChandan Bagai, GWAPT, CEHv8, CCNA
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsIJTET Journal
 

Recommandé

Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Krisshhna Daasaarii
 
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.IRJET Journal
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slidesBassam Al-Khatib
 
Mobile Threats and Trends Changing Mobile App Security
Mobile Threats and Trends Changing Mobile App SecurityMobile Threats and Trends Changing Mobile App Security
Mobile Threats and Trends Changing Mobile App SecurityDevOps.com
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Reportbtpsec
 
Web Application Security Guide by Qualys 2011
Web Application Security Guide by Qualys 2011 Web Application Security Guide by Qualys 2011
Web Application Security Guide by Qualys 2011 nat page
 
Nii sample pt_report
Nii sample pt_reportNii sample pt_report
Nii sample pt_reportChandan Bagai, GWAPT, CEHv8, CCNA
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsIJTET Journal
 
A26001006
A26001006A26001006
A26001006IJERA Editor
 
Security testing
Security testingSecurity testing
Security testingRihab Chebbah
 
A software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer virusesA software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer virusesUltraUploader
 
A new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkA new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkMark Jayson Fuentes
 
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...MOBIQUANT TECHNOLOGIES
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martindrewz lin
 
Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013Javier Santiago Vargas Paredes
 
Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...
Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...
Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...IBM Security
 
Security Testing
Security TestingSecurity Testing
Security TestingISsoft
 
Penetration Security Testing
Penetration Security TestingPenetration Security Testing
Penetration Security TestingSanjulika Rastogi
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec TrainingMike Spaulding
 
Android anti virus analysis
Android anti virus analysisAndroid anti virus analysis
Android anti virus analysisMuhammad Majid Majid
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
Introduction to Metascan Client
Introduction to Metascan ClientIntroduction to Metascan Client
Introduction to Metascan ClientOPSWAT
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperBhagyashri Chalakh
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...IJNSA Journal
 
Олексій Барановський “Vulnerability assessment as part software testing process”
Олексій Барановський “Vulnerability assessment as part software testing process”Олексій Барановський “Vulnerability assessment as part software testing process”
Олексій Барановський “Vulnerability assessment as part software testing process”Dakiry
 
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITWHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITTekRevol LLC
 
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORINLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORNeha Rana
 
iPhone Sample
iPhone SampleiPhone Sample
iPhone SampleWardie77
 
iPad Sample
iPad SampleiPad Sample
iPad SampleWardie77
 
Facebook share
Facebook shareFacebook share
Facebook share승호 양
 

Contenu connexe

Tendances

A software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer virusesA software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer virusesUltraUploader
 
A new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkA new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkMark Jayson Fuentes
 
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...MOBIQUANT TECHNOLOGIES
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martindrewz lin
 
Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...
Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...
Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...IBM Security
 
Security Testing
Security TestingSecurity Testing
Security TestingISsoft
 
Penetration Security Testing
Penetration Security TestingPenetration Security Testing
Penetration Security TestingSanjulika Rastogi
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec TrainingMike Spaulding
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
Introduction to Metascan Client
Introduction to Metascan ClientIntroduction to Metascan Client
Introduction to Metascan ClientOPSWAT
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperBhagyashri Chalakh
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...IJNSA Journal
 
Олексій Барановський “Vulnerability assessment as part software testing process”
Олексій Барановський “Vulnerability assessment as part software testing process”Олексій Барановський “Vulnerability assessment as part software testing process”
Олексій Барановський “Vulnerability assessment as part software testing process”Dakiry
 
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITWHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITTekRevol LLC
 
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORINLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORNeha Rana
 

Tendances (19)

A26001006
A26001006A26001006
A26001006
 
Security testing
Security testingSecurity testing
Security testing
 
A software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer virusesA software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer viruses
 
A new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkA new web application vulnerability assessment framework
A new web application vulnerability assessment framework
 
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
 
Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013
 
Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...
Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...
Pinpointing Vulnerabilities in Android Applications like Finding a Needle in ...
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Penetration Security Testing
Penetration Security TestingPenetration Security Testing
Penetration Security Testing
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec Training
 
Android anti virus analysis
Android anti virus analysisAndroid anti virus analysis
Android anti virus analysis
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample Report
 
Introduction to Metascan Client
Introduction to Metascan ClientIntroduction to Metascan Client
Introduction to Metascan Client
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
 
Олексій Барановський “Vulnerability assessment as part software testing process”
Олексій Барановський “Vulnerability assessment as part software testing process”Олексій Барановський “Vulnerability assessment as part software testing process”
Олексій Барановський “Vulnerability assessment as part software testing process”
 
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITWHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
 
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORINLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
 

En vedette

iPhone Sample
iPhone SampleiPhone Sample
iPhone SampleWardie77
 
iPad Sample
iPad SampleiPad Sample
iPad SampleWardie77
 
Facebook share
Facebook shareFacebook share
Facebook share승호 양
 
Greece we love
Greece we loveGreece we love
Greece we lovegemariot
 
HolidayIQ.com hiq!PAD Program
HolidayIQ.com hiq!PAD ProgramHolidayIQ.com hiq!PAD Program
HolidayIQ.com hiq!PAD ProgramHolidayIQ
 
Goa to the power of HolidayIQ
Goa to the power of HolidayIQGoa to the power of HolidayIQ
Goa to the power of HolidayIQHolidayIQ
 
ฟรอยด์
ฟรอยด์ฟรอยด์
ฟรอยด์tayayoh
 
OcCre. Ocio Creativo. Wagon. Novelty 2014
OcCre. Ocio Creativo. Wagon. Novelty 2014OcCre. Ocio Creativo. Wagon. Novelty 2014
OcCre. Ocio Creativo. Wagon. Novelty 2014Occre. Ocio Creativo
 

En vedette (9)

iPhone Sample
iPhone SampleiPhone Sample
iPhone Sample
 
iPad Sample
iPad SampleiPad Sample
iPad Sample
 
Facebook share
Facebook shareFacebook share
Facebook share
 
OcCre- Ocio Creativo. Hm Revenge
OcCre- Ocio Creativo. Hm RevengeOcCre- Ocio Creativo. Hm Revenge
OcCre- Ocio Creativo. Hm Revenge
 
Greece we love
Greece we loveGreece we love
Greece we love
 
HolidayIQ.com hiq!PAD Program
HolidayIQ.com hiq!PAD ProgramHolidayIQ.com hiq!PAD Program
HolidayIQ.com hiq!PAD Program
 
Goa to the power of HolidayIQ
Goa to the power of HolidayIQGoa to the power of HolidayIQ
Goa to the power of HolidayIQ
 
ฟรอยด์
ฟรอยด์ฟรอยด์
ฟรอยด์
 
OcCre. Ocio Creativo. Wagon. Novelty 2014
OcCre. Ocio Creativo. Wagon. Novelty 2014OcCre. Ocio Creativo. Wagon. Novelty 2014
OcCre. Ocio Creativo. Wagon. Novelty 2014
 

Similaire à Risk oriented testing of web-based applications

Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfAmeliaJonas2
 
Web application testing
Web application testing Web application testing
Web application testing Nora Alriyes
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxAardwolf Security
 
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdfThick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdfElanusTechnologies
 
Mastering Manual Web Application Testing- Best Practices and Techniques.pdf
Mastering Manual Web Application Testing- Best Practices and Techniques.pdfMastering Manual Web Application Testing- Best Practices and Techniques.pdf
Mastering Manual Web Application Testing- Best Practices and Techniques.pdfAmeliaJonas2
 
Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...John M. Willis
 
Challenges in Security Testing
Challenges in Security TestingChallenges in Security Testing
Challenges in Security TestingShikha Jarial
 
Most effective QA & testing types
Most effective QA & testing typesMost effective QA & testing types
Most effective QA & testing typesPaul Azorin
 
Most effective QA & testing types
Most effective QA & testing typesMost effective QA & testing types
Most effective QA & testing typesBairesDev
 
Security Testing In Application Authentication
Security Testing In Application AuthenticationSecurity Testing In Application Authentication
Security Testing In Application AuthenticationRapidValue
 
IRJET-A Review of Testing Technology in Web Application System
IRJET-A Review of Testing Technology in Web Application SystemIRJET-A Review of Testing Technology in Web Application System
IRJET-A Review of Testing Technology in Web Application SystemIRJET Journal
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessmentRavikumar Paghdal
 
CohenNancyPresentation.ppt
CohenNancyPresentation.pptCohenNancyPresentation.ppt
CohenNancyPresentation.pptmypc72
 
Testing of web based Applicatons
Testing of web based ApplicatonsTesting of web based Applicatons
Testing of web based ApplicatonsVenkatakumar Reddy
 
ByteCode pentest report example
ByteCode pentest report exampleByteCode pentest report example
ByteCode pentest report exampleIhor Uzhvenko
 
Standards and methodology for application security assessment
Standards and methodology for application security assessment Standards and methodology for application security assessment
Standards and methodology for application security assessment Mykhailo Antonishyn
 
Full-Stack Security_ Best Practices for Protecting Your Applications.pdf
Full-Stack Security_ Best Practices for Protecting Your Applications.pdfFull-Stack Security_ Best Practices for Protecting Your Applications.pdf
Full-Stack Security_ Best Practices for Protecting Your Applications.pdfuncodemy
 
Mobile Enterprise Application Platform
Mobile Enterprise Application PlatformMobile Enterprise Application Platform
Mobile Enterprise Application PlatformNugroho Gito
 

Similaire à Risk oriented testing of web-based applications (20)

Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdf
 
Web application testing
Web application testing Web application testing
Web application testing
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docx
 
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdfThick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
 
Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2
 
Mastering Manual Web Application Testing- Best Practices and Techniques.pdf
Mastering Manual Web Application Testing- Best Practices and Techniques.pdfMastering Manual Web Application Testing- Best Practices and Techniques.pdf
Mastering Manual Web Application Testing- Best Practices and Techniques.pdf
 
Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...
 
Challenges in Security Testing
Challenges in Security TestingChallenges in Security Testing
Challenges in Security Testing
 
Most effective QA & testing types
Most effective QA & testing typesMost effective QA & testing types
Most effective QA & testing types
 
Most effective QA & testing types
Most effective QA & testing typesMost effective QA & testing types
Most effective QA & testing types
 
Security Testing In Application Authentication
Security Testing In Application AuthenticationSecurity Testing In Application Authentication
Security Testing In Application Authentication
 
web security
web securityweb security
web security
 
IRJET-A Review of Testing Technology in Web Application System
IRJET-A Review of Testing Technology in Web Application SystemIRJET-A Review of Testing Technology in Web Application System
IRJET-A Review of Testing Technology in Web Application System
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessment
 
CohenNancyPresentation.ppt
CohenNancyPresentation.pptCohenNancyPresentation.ppt
CohenNancyPresentation.ppt
 
Testing of web based Applicatons
Testing of web based ApplicatonsTesting of web based Applicatons
Testing of web based Applicatons
 
ByteCode pentest report example
ByteCode pentest report exampleByteCode pentest report example
ByteCode pentest report example
 
Standards and methodology for application security assessment
Standards and methodology for application security assessment Standards and methodology for application security assessment
Standards and methodology for application security assessment
 
Full-Stack Security_ Best Practices for Protecting Your Applications.pdf
Full-Stack Security_ Best Practices for Protecting Your Applications.pdfFull-Stack Security_ Best Practices for Protecting Your Applications.pdf
Full-Stack Security_ Best Practices for Protecting Your Applications.pdf
 
Mobile Enterprise Application Platform
Mobile Enterprise Application PlatformMobile Enterprise Application Platform
Mobile Enterprise Application Platform
 

Dernier

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Dernier (20)

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

Risk oriented testing of web-based applications

  • 1. Risk-Oriented Testing of Web-Based Applications Risk-Oriented Testing of Web-Based Applications Overview-: Web-based testing should be “RISK ORIENTED”. This article describes the risks, presents the types of testing that can be used to address those risks in testing and provides guidance in using web-based test tools. The approach for testing web-based systems should be incorporated into a test plan and that plan should be followed during test execution. This article will be helpful for beginners as well as professional testers Web-Based Systems/Applications- : In general..... Web based application is a software package that can be accessed through the web browser. The software and database reside on a central server rather than being installed on the desktop system and is accessed over a network. “Testers CONCERN Checklist” while conducting Web-based Testing S.No. Parameter Description Verified Not- N/A Verified 1 Browser Should validate consistent application performance on Compatibility a variety of browser types and configurations. 2 Functional Should validate that the application functions Correctness correctly. This includes validating links, calculations, displays of information, and navigation. 3 Integration Should validate the integration between browsers and servers, applications and data, and hardware and software. 4 Usability Should validate the overall usability of a web page or a web application, including appearance, clarity, and navigation 5 Security Should validate the adequacy and correctness of security controls, including access control and authorizations. 6 Performance Should validate the performance of the web application under load. 7 Verification Should validate that the code used in building the web of code application (HTML, Java, and so on ) has been used in a
  • 2. Risk-Oriented Testing of Web-Based Applications correct manner. For example, no nonstandard coding practices should be used that would cause an application to function incorrectly in some environments. WORKBENCH - for WEB-BASED TESTING Following are the Steps-: Step-1 INPUT Step-2 Task-1 Web based Risks Step-3 Task-2 Web based Tests Step-4 Task-3 Web based Test Tools Step-5 Test Web based Systems Step-6 OUTPUT
  • 3. Risk-Oriented Testing of Web-Based Applications Step-1 INPUT-: is the hardware / software that will be incorporated in the web-based system to be tested. Input to this test process is the description of web based technology used in the systems being tested. Following list shows how web based systems differ from other technologies S.No Parameter Description Verified Not- N/A Verified 1 Uncontrolled Web-browsers-: a web page must be functional on user-interfaces those browsers that you expect to be used in (browsers) accessing your web applications. Furthermore, as new releases of browsers emerge, your web applications will need to keep up with compatibility issues. BROWSER-: http://www.webdevelopersnotes.com/articles/latest- browser-versions.php 2 Complex In addition to being complex and distributed, web- distributed based applications are also remotely accessed, which systems adds even more concerns to the testing effort. While some applications may be less complex than others, it is safe to say that the trend in web applications is to become more complex rather than less. 3 Security issues Protection is needed from unauthorized access that can corrupt applications and/or data. Another security risk is that of access to confidential information. 4 Multiple layers These layers of architecture include application in architecture. servers, web servers, back-end processing, data warehouses, and secure servers for electronic commerce 5 New Just as in making the transition to client/server, new terminology skills are needed to develop, test, and use web-based and skill sets. technology effectively. 6 Object- Object-oriented languages such as Java are the oriented. mainstay of web development. STEP-2 Task 1: Select Web-Based Risks to Include in the Test Plan Risks are important to understand because they reveal what to test. Each risk points to an entire area of potential tests. In addition, the degree of testing should be based on risk. The risks are briefly listed here, followed by a more detailed description of the concerns associated
  • 4. Risk-Oriented Testing of Web-Based Applications with each risk 1. Risk -1 SECURITY- One of the major risks of Internet applications is security. It is very important to validate that the application and data are protected from outside intrusion or unauthorized access. Security Concerns Following are some of the detailed security risks that need to be addressed in an Internet application test plan-: S.No Parameter Description Verified Not- N/A Verified 1 External Protecting the system from external intrusion - include intrusion intrusion from a) people who are trying to gain access to sensitive information, b) people who are trying to intentionally sabotage information 2 Protection Protecting transactions over the Internet- Especially true of secured in dealing with e-commerce transactions. transactions Many consumers are reluctant to give credit card information over the Internet for fear that information will be intercepted and used for fraudulent purposes 3 Viruses The Internet has become a vehicle for propagating tens of thousands of new viruses. These viruses are contained in downloaded files that can be distributed from web sites and e-mail. 4 Access Access control means that only authorized users have control security access to a particular application or portion of an application. This access is typically granted with a user ID and password. 5 Authorizatio Ability of the application to restrict certain transactions n levels only to those users who have a certain level of authorization 2. Risk-2 PERFORMANCE-: An Internet application with poor performance will be judged hard to use. Web sites that are slow in response will not retain the visitors they attract and will be frustrating to the people who try to use them. Performance Concerns-: System performance can make or break an Internet application.
  • 5. Risk-Oriented Testing of Web-Based Applications Several types of performance testing can be performed to validate an application’s performance levels. Performance testing is a very precise kind of testing and requires the use of automated tools for testing to be accomplished with any level of accuracy and efficiency. Unfortunately, manual approaches to performance testing fall short of the accuracy needed to correctly gauge an application’s performance and may lead to a false level of confidence in the test. Typically, the most common kind of performance testing for Internet applications is LOAD TESTING. Load testing seeks to determine how the application performs under expected and greater-than- expected levels of activity. Application load can be assessed in a variety of ways: S.No Parameter Description Verified Not- N/A Verified 1 Concurrency Concurrency testing seeks to validate the performance of an application with a given number of concurrent interactive users 2 Stress Stress testing seeks to validate the performance of an application when certain aspects of the application are stretched to their maximum limits. This can include maximum number of users, and can also include maximizing table values and data values. 3 Throughput Throughput testing seeks to validate the number of transactions to be processed by an application during a given period of time. For example, one type of throughput test might be to attempt to process 100,000 transactions in one hour 3. Risk-3 CORRECTNESS-: Correctness is a very important area of risk. It is essential that the functionality and information obtained from web-based applications are correct Correctness Concerns An important areas of concern is that the application functions correctly. This can include not only the functionality of buttons and “behind the scenes” instructions but also calculations and navigation of the application. S.N Parameter Description Verified Not- N/A o Verified 1 Functionality Functional correctness means that the application performs its intended tasks as defined by a stated set of specifications. The specifications of an application are
  • 6. Risk-Oriented Testing of Web-Based Applications the benchmark of what the application should do. Functional correctness is determined by performing a functional test. A functional test is performed in a cause-effect manner. In other words, if a particular action is taken, a particular result should be seen. 2 Calculations Many web-based applications include calculations. These calculations must be tested to ensure correctness and to find defects. 3 Navigation Navigation correctness can include testing links ,buttons, and general navigation through a web site or web-based application. 4. Risk -4 COMPATIBILITY (Configuration)-: A web-based application must be able to work correctly on a wide variety of system configurations including browsers, operating systems, and hardware systems. Compatibility Concerns Compatibility is the capability of the application to perform correctly in a variety of expected environments. Two of the major variables that affect web-based applications are operating systems and browsers. Currently, operating systems (or platforms) and how they support the browser of your choice will affect the appearance and functionality of a web application. This requires that test the web-based applications as accessed on a variety of common platforms and browsers. Browser Configuration Each browser has configuration options that affect how it displays information. These options vary from browser to browser and are too diverse to address in this text. The most reasonable testing strategy is to define optimal configurations on the most standard kinds of browsers and test based on those configurations. Some of the main things to consider from a hardware compatibility standpoint are the following: S.No Parameter Description Verified Not- N/A Verified 1 Monitors, If you have a web site that requires a video cards, high standard of video capability, some users will not and video be able to view your site, or will not have a positive RAM experience at your site 2 Audio, video, Once again, you need to verify that and a web application is designed to provide a level of multimedia multimedia support that a typical end-user will need to
  • 7. Risk-Oriented Testing of Web-Based Applications support be able to access your site. If software plug-ins are required, you should provide links on your page to facilitate the user in downloading the plug-in. 3 Memory RAM is very important for increasing (RAM) and the performance of a browser on a particular platform. hard drive Browsers also make heavy use of caching, which is how space a browser stores graphics and other information on a user’s hard drive. This helps speed the display of web pages the next time the user visits a web site. 4 Bandwidth Many corporate users have high-speed Internet access access based on T-1 or T-3 networks, or ISDN telephone lines. Browser differences can make a web application appear differently to different people. These differences may appear in any of the following areas (this is not intended to be an exhaustive list; these are merely the more common areas of browser differences) 5 Print To make printing faster and easier, some pages add a handling link or button to print a browser-friendly version of the page being viewed. 6 Reload Some browser configurations will not automatically display updated pages if a version of the page still exists in the cache. Some pages indicate if the user should reload the page 7 Navigation Browsers vary in the ease of navigation, especially when it comes to visiting pages previously visited during a session. A web application devel- oper may need to add navigational aids to the web pages to facilitate ease of navigation 8 Graphics Browsers may handle images differently, depending on filters the graphic filters supported by the browser. In fact, some browsers may not show an image at all. By standardizing on JPG and GIF images you should be able to eliminate this concern. 9 Caching How the cache is configured (size, etc.) will have an impact on the performance of a browser to view information. 10 Dynamic This includes how a user receives information from page pages that change based on input. Examples of generation dynamic page generation include: 1) Shopping cart applications
  • 8. Risk-Oriented Testing of Web-Based Applications 2) Data search applications 3) Calculation forms 11 File Movement of data from remote data storage for user downloads processing 12 E-mail Because e-mail activities can consume excessive functions processing time, guidelines should be developed. Each browser has its own interface and functionality for e-mail. Many people use separate e-mail applications outside of a browser, but for those who don’t, this can be a concern for users when it comes to compatibility. 5. Risk-5 RELIABILITY-: An Internet application must have a high level of availability and the information provided from the application must be consistent and reliable to the user. Reliability Concerns Because of the continuous uptime requirements for most Internet applications, reliability is a key concern. Reliability can be considered in more than system availability it can also be expressed in terms of the reliability of the information obtained from the application: 1. Consistently correct results 2. Server and system availability 6. Risk-6 DATA INTEGRITY-: The data entered into an Internet application must be validated to ensure its correctness. In addition, measures must be taken to ensure the data stays correct after it is entered into the application Data Integrity Concerns Not only must the data be validated when it is entered into the web application, but it must also be safeguarded to ensure the data stays correct: S.No Parameter Description Verified Not- N/A Verified 1 Ensuring only This can be achieved by validating the data at the page correct data level when it is entered by a user. is accepted 2 Ensuring data This can be achieved by procedures to back up data stays in a and ensure that controlled methods are used to correct state update data.
  • 9. Risk-Oriented Testing of Web-Based Applications 7. Risk – 7 USABILITY-: Application must be easy to use. This includes things like navigation, clarity, and understandability of the information provided by the application. Usability Concerns If users or customers find an Internet application hard to use, they will likely go to a competitor’s site. Usability can be validated and usually involves the following S.No Parameter Description Verified Not- N/A Verified 1 Easy to use Ensuring the application is easy to use and understand 2 To use Ensuring that users know how to interpret and use the information delivered from the application 3 Navigation Ensuring that navigation is clear and correct 8. Risk -8 RECOVERABILITY-: In the event of an outage, the system must be recoverable. This includes recovering lost transactions, recovering from loss of communications, and ensuring that proper backups are made as a part of regular systems maintenance. Recoverability Concerns Internet applications are more prone to outages than systems that are more centralized or located on reliable, controlled networks. The remote accessibility of Internet applications makes the following recoverability concerns important: S.No Parameter Description Verified Not- N/A Verified 1 Lost No Connections connections 2 Timeouts Time Outs 3 Dropped lines Ensuring that navigation is clear and correct 4 Client system Client system crashes crashes 5 Server system Server system crashes or other application problems crashes or other application problems
  • 10. Risk-Oriented Testing of Web-Based Applications STEP-3 Task 2: Select Web-Based Tests Once Risks has been addressed in the web-based applications,time to examine the types and phases of testing needed to validate them. S.No Parameter Description Verified Not- N/A Verified 1 Unit or This includes testing at the object, component, page, Component or applet level. Unit testing is the lowest level of testing in terms of detail. During unit testing, the structure of languages, such as HTML and Java, can be verified. Edits and calculations can also be tested at the unit level. 2 Integration Integration is the passing of data and/or control between units or components, which includes testing navigation (i.e., the paths the test data will follow). In web-based applications, this includes testing links, data exchanges, and flow of control in an application. 3 System System testing examines the web application as a whole and with other systems. The classic definition of system testing is that it validates that a computing system functions according to written requirements and specifications. This is also true in web- based applications. The differences apply in how the system is defined. System testing typically includes hardware, software, data, procedures, and people. In corporate web-based applications, a system might interface with Internet webpages, data warehouses, back-end processing systems, and reporting systems. 4 User This includes testing that the web application Acceptance supports business needs and processes. Main idea in user acceptance testing (or business process validation) is to ensure that the end product supports the users’ needs. For business applications, this means testing that the system allows the user to conduct business correctly and efficiently. For personal applications, this means that users are able to get the information or service they need from a web site efficiently. In a corporate web page, the end-user testers may be from end-user groups, management, or an independent test team that takes the role of end users. In public web applications, the end-user testers
  • 11. Risk-Oriented Testing of Web-Based Applications may be beta testers, who receive a prototype or early release of the new web application, or independent testers who take the role of public web users. 5 Performance This includes testing that the system will perform as specified at predetermined levels, including wait times, static processes, dynamic processes, and transaction processes. Performance is also tested at the client/browser and server levels. 6 Load/Stress This type of testing checks to see that the server performs as specified at peak concurrent loads or transaction throughput. It includes stressing servers, networks, and databases. 7 Regression Regression testing checks that unchanged parts of the application work correctly after a change has been made. Many people mistakenly believe that regression testing means testing everything you ever tested in an application every time you perform a test. However, depending upon the relative risk of the application you are testing, regression testing may not need to be that intense. The main idea is to test a set of specified critical test cases each time you perform the test. Regression testing is an ideal candidate for test automation because of its repetitive nature. 8 Usability This type of testing assesses the ease of use of an application. Usability testing may be accomplished in a variety of ways, including direct observation of people using web-applications, usability surveys, and beta tests. Main objective of usability testing is to ensure that an application is easy to understand and navigate. 9 Compatibility Compatibility testing ensures that the application functions correctly on multiple browsers and system configurations. Compatibility testing may be performed in a test lab that contains a variety of platforms, or may be performed by beta testers. The downside with beta testing is the increased risk of bad publicity, the lack of control, and the lack of good data coming back from the beta testers
  • 12. Risk-Oriented Testing of Web-Based Applications STEP-4 Task 3: Select Web-Based Test Tools Effective web-based testing necessitates the use of web-based testing tools. A brief description of categories of the more common web-based test tools follows: S.No Parameter Description Verified Not- N/A Verified 1 HTML tools Although many web development packages include an HTML checker, there are ways to perform a verification of HTML if you do not use/ have such a feature. 2 Site validation Site validation tools check your web applications to tools identify inconsistencies and errors, such as moved or orphaned pages and broken links. 3 Load/stress Load/stress tools evaluate web-based systems when testing tools subjected to large volumes of data or transactions 4 Test case Test case generators create transactions for use in generators testing. This tool can tell you what to test, as well as create test cases that can be used in other test tools. STEP-5 Task 4: Test Web-Based Systems The tests to be performed for web-based testing will be the types of testing. S.No Parameter Description Verified Not- N/A Verified 1 Organizing Organizing for testing 2 Test Plan Developing the test plan 3 Verification To perform Verification Testing testing 4 Validation To perform Validation Testing testing 5 Test Reports Analyzing and reporting test results 6 Acceptance Acceptance and operational testing 7 Post Post Implementation Analysis Implementati on Analysis
  • 13. Risk-Oriented Testing of Web-Based Applications STEP-6 OUTPUT-: Output is to report what works and what does not work, as well as any concerns over the use of web technology. The only output from this test process is a report on the web-based system. At a minimum, this report should contain the following: S.No Parameter Description Verified Not- N/A Verified 1 Brief description A brief description of the web-based system 2 Risks Risks addressed and not addressed by the web-based test team 3 Types of Testing Types of testing performed, and types of testing not performed 4 Tools Tools used or not 5 Performed Well Web-based functionality and structure tested that performed correctly 6 Not Performed well Web-based Structure and functionality tested that did not perform correctly 7 Tester's opinion Tester's opinion regarding the adequacy of the web-based system to be placed into a production status Guideline Successful web-based testing necessitates a portfolio of web-based testing tools. It is important that these test tools are used effectively.