Tuesday, 28 August 2012

List of points to select Automation Tool

After the strong analysis and believe of automation will really help for our concern.However we have to choose a right automation tool to implement for our project requirement

Before choose the automation tool,think about the below points :

1.Do we need to automate standalone application or client/server application or both?
2.Are we ready to invest some money to buy a tool or not
3.Do we have the technical persons to train the resource or need any expert from out side
4.Is our existing testing resources capable of adopting the new technology?
5..How is the technical support available for the tool
6.How frequent update is available for the tool to handle the new technology implementation of AUT.
7.Complexity of using the tool.
 For Client/Server Application Selenium is my choice to automate my application for various reasons
  • Its Free
  • Its Compatible for many languages so i don't need a different language expert to implement. I can use any language which i am using to develop my application.
  • Its easily maintainable during frequent integration

Monday, 27 August 2012

Test Data Generator

For all projects, test data is important for application testing (Validation). So i am looking for tool to generate test data.  Here i mentioned the link which i used to generate....
We can generate different type of test data  format like HTML XML, Excel, Csv, Sql

http://www.generatedata.com/#generator


softwaretestingclub

The below mentioned link to get more information about software testing...

http://www.softwaretestingclub.com

Friday, 4 May 2012

Checklist for Security Testing


1. Is confidentiality/user privacy protected?
2. Does the site prompt for user name and password?
3. Are there Digital Certificates, both at server and client?
4. Have you verified where encryption begins and ends?
5. Are concurrent log-on  permitted?
6. Does the application include time-outs due to inactivity?
7. Is bookmarking disabled on secure pages?
8. Does the key/lock display on status bar for insecure/secure pages?
9. Is Right Click, View, Source disabled?
10. Are you prevented from doing direct searches by editing content in the URL?
11. If using Digital Certificates, test the browser Cache by enrolling for the Certificate and completing all of the required security information. After completing the application and installation of the certificate, try using the <-- BackSpace key to see if that security information is still residing in Cache. If it is, then any user could walk up to the PC and access highly sensitive Digital Certificate security information.
12. Is there an alternative way to access secure pages for browsers under version 3.0, since SSL is not compatible with those browsers?
13. Do your users know when they are entering or leaving secure portions of your site?
14. Does your server lock out an individual who has tried to access your site multiple times with invalid login/password information?
15. Test both valid and invalid login names and passwords. Are they case sensitive? Is there a limit to how many tries that are allowed? Can it be bypassed by typing the URL to a page inside directly in the browser?
16. What happens when time out is exceeded? Are users still able to navigate through the site?
17. Relevant information is written to the log files and that the information is traceable.
18. In SSL verify that the encryption is done correctly and check the integrity of the information.
19. Scripting on the server is not possible to plan or edit scripts without authorisation.
20. Have you tested the impact of Secure Proxy Server?
21. Test should be done to ensure that the Load Balancing Server is taking the session information of Server A and pooling it to Server B when A goes down.
22. Have you verified the use of 128-bit Encryption?

Thursday, 26 April 2012

Exploratory Testing & SBTM

Adhoc Testing:  Learn the application then test it.
Exploratory Testing:  Test the application while learning (or) tester test a application by exploring with his previous experience and based on the application tester writes test cases.
Example:
If a QA is asked to test an application without any concrete documents.
Adhoc: Gather information about the app from all possible sources and document and then test.
Exploratory: Gather, Document and Test the application simultaneously.
--------------------------------------------------------------------------------------------------------------
About SBTM - Session Based Test Management ?
  • For each session, a session sheet is made. The session sheet consist of the mission of testing, the tester details, duration of testing, the TBS metrics along with the data related to testing like the bugs, notes, issues etc.
  • Data files if any used in the testing would also be enclosed.
  • Data collected during different testing sessions are collected and exported to Excel or some database.
  • All the sessions, the bugs reported etc can be tracked using the unique id associated with each
  • This is easy for the client as well to keep track.
  • This concept of testers testing in sessions and producing the required output which are traceable is called as Session based test management.
A session can be broadly classified into three tasks (namely the TBS metrics).
  • Session test up: Time required in setting up the application under test.
  • Test design and execution: Time required scanning the product and test.
  • Bug investigation and reporting: Time required finding the bugs and reporting to the concerned.
The entire session report consists of these sections:
  • Session charter (includes a mission statement, and areas to be tested)
  • Tester name(s)
  • Date and time started
  • Task breakdown (the TBS metrics)
  • Data files
  • Test notes
  • Issues
  • Bugs

Monday, 23 April 2012

About Mantra Browser

Basically mantra is nothing but a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers, security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.

Mantra can be very helpful into all the phases of hacking attack like fingerprinting, enumeration and scanning, gaining access and covering tracks etc.
It contains a list of tools that are used by developers and debuggers, so mantra can be used for attacking as well as defensive way.

Mantra is available on backtrack 5, you can get it by click on Applications-->Backtrack-->Vulnerability assessment-->Vulnerability scanner-->Mantra
It is a user friendly,portable and GUI framework, you can carry it on flash drives and CD/DVD. It is a cross operating system framework that can be run on windows, Linux and MAC as well. It is a open source project so it is available on free of cost.

WCF Test Client

WCF Test Client  is an automation tool to test WCF service testing .It is inbulid in VS 2010 .  ( C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\WcfTestClient.exe )
http://blogs.msdn.com/b/rjacobs/archive/2011/09/23/using-the-wcf-test-client-to-test-your-workflow-service.aspx

http://www.dotnetfunda.com/articles/article816-understanding-the-basics-of-wcf-service-.aspx

What is WCF?
·         WCF stands for Windows Communication Foundation.
·         WCF is advanced API (Application Programming Interface) for creating distributed applications using .NET framework.
·         It is introduced in .NET 3.0.
·         Distributed system in its simplest form is two executable running and exchanging data.
·         WCF API is found in System.ServiceModel namespace.
·         WCF is based on basic concepts of Service oriented architecture (SOA)

How to test WCF service by using Visual Studio 2010 – WCF Test Client tool ?


"WCF Test Client" is a automation tool to test the WCF Service. It is in build tool in Visual studio 2010.By default, you cannot see the WCF Test Client option in VS2010.
So we have to add this tool by using below steps :
·         Open the Visual Studio 2010
·         Go to "Tools" menu
·         Click the “External tools”
·         click Add button
·         Provide a name “WCF Test Client” (any name) in Title field
·         Browse the WcfTestClient.exe from the path  “C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\WcfTestClient.exe”
·         click OK.

Now you can see the name (you provided) under the Tools menu.

Open the tool by selecting the menu Tools > WCF Test Client. The tool looks to be very simple to use. Just by right-clicking the option “My Service project”, it will prompt for the service URL. (Ex. http://localhost/applicationService/service1.svc). After adding the service URL, it will list out all the methods in the service on the left-side panel.

In order to Invoke the method, double-click any method it will list the details of the request like (Name, Value, Data Type).

To get the results/response, check the option “Start a new proxy” and click Invoke. It will display the results/response.

So now, while trying to invoke a particular method, I got the below exception like

"The maximum message size quota for incoming messages (65536) has been exceeded. To increase the quota, use the MaxReceivedMessageSize property on the appropriate binding element."

After googling, I found a solution like:

In the Client.config file, navigate to the section “binding name” and increase the value for the attributes maxBufferSize and
maxReceivedMessageSize to “2000000”.By Default, MaxBufferSize = “65536”


By default, it will prompt to reload the service and you have to click Yes/Ok. Now invoke the method, it will display the result..




 Service1.svc.cs

      using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Services;

namespace WCF_Service_sample_application
{
    /// <summary>
    /// Summary description for Service1
    /// </summary>
    //[WebService(Namespace = "http://tempuri.org/")]
    //[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
    //[System.ComponentModel.ToolboxItem(false)]
    // To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line.
    // [System.Web.Script.Services.ScriptService]
    public class Service1 : IService1
    {

        public string Add(int a, int b)
        {
            string c = string.Empty;
            c = (a + b).ToString();
            return c;

        }

        public int Multiple(int a, int b)
        {         
            return a*b;
        }

        public int subtract(int a,int b)
        {
            return a - b;
        }

        public int divide(int a, int b)
        {
            return a / b;      
        }
        //[WebMethod]
        //public string simpleMethod(String srt)
        //{
        //    return "Hello " + srt;
        //}

        //[WebMethod]
        //public int anotherSimpleMethod(int firstNum, int secondNum)
        //{
        //    return firstNum + secondNum;
        //}

    }
}

  IService1.cs

      using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.ServiceModel.Web;
using System.Text;

namespace WCF_Service_sample_application
{
    // NOTE: You can use the "Rename" command on the "Refactor" menu to change the interface name "IService1" in both code and config file together.
    [ServiceContract]
    public interface IService1
    {

        [OperationContract]
        string Add(int a,int b);

        [OperationContract]
        int Multiple(int a, int b);

        [OperationContract]
        int subtract(int a, int b);

        [OperationContract]
        int divide(int a, int b);
        //[OperationContract]
        //CompositeType GetDataUsingDataContract(CompositeType composite);

        // TODO: Add your service operations here
    }