Pages Navigation Menu

Coding is much easier than you think

Web Services

Posted by in Soap-UI, Web technology

 

‘Web services’ is the name given to a technology for providing loosely coupled and interoperable communications between computer systems over a network. Applications of this technology include enterprise application integration, enabling communications between distributed systems and interoperability with partners or other businesses. The major benefits of using web services are platform independence, flexibility and ease of maintenance, which are the result of the open standards employed and the simplified underlying request-response concept that avoids the complexity of other distributed technologies such as CORBA.

 

Web services communications are primarily XML-based and essentially provide the ability to make RPC-like function calls between remote systems, regardless of their underlying platform. Specifically, SOAP over HTTP is the most common implementation of a web service. Supporting protocols such as UDDI [OASIS 1] and WSDL [W3C 1] provide discovery and description services that contain enough information for client applications to be built to utilise the service.

 

The ability to expose functionality through HTTP provides the benefit of minimal firewall configuration but also has the effect of circumventing firewall rules that may restrict unauthorised access to these functions. The addition of UDDI and WSDL allow remote users to easily locate and use the functionality provided. This exposure poses a far greater threat than was present in the previous generation of distributed technologies that typically used proprietary binary encoding schemes and restrictive firewall rule sets to limit access.

web services architecture

 

Web services communication is based upon the Simple Object Access Protocol (SOAP). SOAP is an XML-based information packaging definition which can be used for exchanging structured and typed information between peers in a distributed environment, relying on Internet transport protocols such as HTTP. Because SOAP is standards based, it also provides interoperability in heterogeneous environments.

 

The most relevant documents are

“SOAP Version 1.2 Part 0: Primer” [W3C 2]

“SOAP Version 1.2 Part 1: Messaging Framework” [W3C 3]

“SOAP Version 1.2 Part 2: Adjuncts” [W3C 4].

Read More

What is software testing? What are the different types of testing?

Posted by in Software Testing

Software Testing

Software testing is the process of evaluation a software item to detect differences between given input and expected output. Also to assess the feature of A software item. Testing assesses the quality of the product. Software testing is a process that should be done during the development process. In other words software testing is a verification and validation process.

Verification

Verification is the process to make sure the product satisfies the conditions imposed at the start of the development phase. In other words, to make sure the product behaves the way we want it to.

Validation

Validation is the process to make sure the product satisfies the specified requirements at the end of the development phase. In other words, to make sure the product is built as per customer requirements.

Basics of software testing

There are two basics of software testing: blackbox testing and whitebox testing.

Blackbox Testing

Black box testing is a testing technique that ignores the internal mechanism of the system and focuses on the output generated against any input and execution of the system. It is also called functional testing.

Whitebox Testing 

White box testing is a testing technique that takes into account the internal mechanism of a system. It is also called structural testing and glass box testing.

Black box testing is often used for validation and white box testing is often used for verification.

Types of testing

There are many types of testing like

  • Unit Testing
  • Integration Testing
  • Functional Testing
  • System Testing
  • Stress Testing
  • Performance Testing
  • Usability Testing
  • Acceptance Testing
  • Regression Testing
  • Beta Testing

Unit Testing

Unit testing is the testing of an individual unit or group of related units. It falls under the class of white box testing. It is often done by the programmer to test that the unit he/she has implemented is producing expected output against given input.

Integration Testing

Integration testing is testing in which a group of components are combined to produce output. Also, the interaction between software and hardware is tested in integration testing if software and hardware components have any relation. It may fall under both white box testing and black box testing.

Functional Testing

Functional testing is the testing to ensure that the specified functionality required in the system requirements works. It falls under the class of black box testing.

System Testing

System testing is the testing to ensure that by putting the software in different environments (e.g., Operating Systems) it still works. System testing is done with full system implementation and environment. It falls under the class of black box testing.

Stress Testing

Stress testing is the testing to evaluate how system behaves under unfavorable conditions. Testing is conducted at beyond limits of the specifications. It falls under the class of black box testing.

Performance Testing

Performance testing is the testing to assess the speed and effectiveness of the system and to make sure it is generating results within a specified time as in performance requirements. It falls under the class of black box testing.

Usability Testing

Usability testing is performed to the perspective of the client, to evaluate how the GUI is user-friendly? How easily can the client learn? After learning how to use, how proficiently can the client perform? How pleasing is it to use its design? This falls under the class of black box testing.

Acceptance Testing

Acceptance testing is often done by the customer to ensure that the delivered product meets the requirements and works as the customer expected. It falls under the class of black box testing.

Regression Testing

Regression testing is the testing after modification of a system, component, or a group of related units to ensure that the modification is working correctly and is not damaging or imposing other modules to produce unexpected results. It falls under the class of black box testing.

Beta Testing

Beta testing is the testing which is done by end users, a team outside development, or publicly releasing full pre-version of the product which is known as beta version. The aim of beta testing is to cover unexpected errors. It falls under the class of black box testing.

 

Read More

SQL Injection – How to Test Web Applications against SQL Injection Attacks???

Posted by in Security, SQL Injection

 

 

Many applications use some type of a database. An application under test might have a user interface that accepts user input that is used to perform the following tasks:

1.    Show the relevant stored data to the user e.g. the application checks the credentials of the user using the log in information entered by the user and exposes only the relevant functionality and data to the user

2.    Save the data entered by the user to the database e.g. once the user fills up a form and submits it, the application proceeds to save the data to the database; this data is then made available to the user in the same session as well as in subsequent sessions.

 

Some of the user inputs might be used in framing SQL statements that are then executed by the application on the database. It is possible for an application NOT to handle the inputs given by the user properly. If this is the case, a malicious user could provide unexpected inputs to the application that are then used to frame and execute SQL statements on the database. This is called SQL injection. The consequences of such an action could be alarming.

 

The following things might result from SQL injection:

  • The user could log in to the application as another user, even as an administrator.
  • The user could view private information belonging to other users e.g. details of other users’ profiles, their transaction details etc.
  • The user could change application configuration information and the data of the other users.
  • The user could modify the structure of the database; even delete tables in the application database.
  • The user could take control of the database server and execute commands on it at will.

 

Since the consequences of allowing the SQL injection technique could be severe, it follows that SQL injection should be tested during the security testing of an application. Now, let us see some of the practical examples of SQL injection.

Important: The SQL injection problem should be tested only in the test environment.

Scenario/Case study:

If the application has a log in page, it is possible that the application uses a dynamic SQL such as statement below. This statement is expected to return at least a single row with the user details from the Users table as the result set when there is a row with the user name and password entered in the SQL statement.

SELECT * FROM Users WHERE User_Name = ‘” & strUserName & “‘ AND Password = ‘” & strPassword & “’;”

If the tester would enter John as the strUserName (in the textbox for user name) and Smith as strPassword (in the textbox for password), the above SQL statement would become:

SELECT * FROM Users WHERE User_Name = ‘John’ AND Password = ‘Smith’;

If the tester would enter John’– as strUserName and no strPassword, the SQL statement would become:

SELECT * FROM Users WHERE User_Name = ‘John’– AND Password = ‘Smith’;

Note: Part of the SQL statement after John is turned into a comment. If there were any user with the user name of John in the Users table, the application could allow the tester to log in as the user John. The tester could now view the private information of the user John.

What if the tester does not know the name of any existing user of the application? In such a case, the tester could try common user names like admin, administrator and sysadmin. If none of these users exist in the database, the tester could enter John’ or ‘x’=’x as strUserName and Smith’ or ‘x’=’x  as strPassword. This would cause the SQL statement to become like the one below.

SELECT * FROM Users WHERE User_Name = ‘John’ or ‘x’=’x’ AND Password = ‘Smith’ or ‘x’=’x’;

Since ‘x’=’x’ condition is always true, the result set would consist of all the rows in the Users table. The application could allow the tester to log in as the first user in the Users table.

          

Important: The tester should request the database administrator or the developer to copy the table in question before attempting the following SQL injection.

 

If the tester would enter John’; DROP table users_details;’—as strUserName and anything as strPassword, the SQL statement would become like the one below.

SELECT * FROM Users WHERE User_Name = ‘John’; DROP table users_details;’ –‘ AND Password = ‘Smith’;

This statement could cause the table “users_details” to be permanently deleted from the database.

Though the above examples deal with using the SQL injection technique only the log in page, the tester should test this technique on all the pages of the application that accept user input in textual format e.g. search pages, feedback pages etc.

Thus, SQL injection might be possible in applications that use SSL. Even a firewall might not be able to protect the application against the SQL injection technique.

 

Read More

Running functional tests from the command-line

Posted by in Soap-UI

 

Running functional tests from the command-line is straightforward and simple using the included testrunner.bat/.sh script, which takes a number of arguments to control which tests to run, output, etc:

  • e : The endpoint to use when invoking test-requests, overrides the endpoint set in the project file
  • h : The host:port to use when invoking test-requests, overrides only the host part of the endpoint set in the project file
  • s : The TestSuite to run, used to narrow down the tests to run
  • c : The TestCase to run, used to narrow down the tests to run
  • u : The username to use in any authentications, overrides any username set for any TestRequests
  • p : The password to use in any authentications, overrides any password set for any TestRequests
  • w : Sets the WSS password type, either ‘Text’ or ‘Digest’
  • d : The domain to use in any authentications, overrides any domain set for any TestRequests
  • r : Turns on printing of a small summary report (see below)
  • f : Specifies the root folder to which test results should be exported (see below)
  • j : Turns on exporting of JUnit-compatible reports, see below
  • a : Turns on exporting of all test results, not only errors
  • : Opens the generated report in a browser (SoapUI Pro only)
  • i : Enables SoapUI UI-related components, required if you use the UISupport class for prompting or displaying information
  • t : Sets the soapui-settings.xml file to use, required if you have custom proxy, ssl, http, etc setting
  • x : Sets project password for decryption if project is encrypted
  • v : Sets password for soapui-settings.xml file
  • D : Sets system property with name=value
  • G : Sets global property with name=value
  • P : Sets project property with name=value, e.g. -Pendpoint=Value1 -PsomeOtherProperty=value2
  • S : Sets to save the project file after tests have been run
  • I : Do not stop if error occurs, ignore them
  • R : Selects which report to generate for the test objects executed, for example if running the entire project, this could specify the name of a test-suite-level report that would be generated for each TestSuite. The report is saved as specified with the -F option to the folder specified with the -f option. (SoapUI Pro only)
  • F : Sets the format of the report specified with the -R option, for Printable reports this is one of PDF, XLS, HTML, RTF, CSV, TXT, and XML. For Data Export this is either XML or CSV (SoapUI Pro only)
  • g : Sets the output to include Coverage HTML reports ( SoapUI Pro only )
  • E : Sets which environment to use (SoapUI Pro only)

 

Launching the TestRunner from within SoapUI

Before getting started, with the command line testrunner, SoapUI includes a “Launch TestRunner” action available from Project, TestSuite or TestCase popup menus, which launches the bundled command-line tools from inside SoapUI.

Note: The IDE plugins do not include these runners, you will need to download/install SoapUI seperately and point the “TestRunner Path” option in this dialog to the install directory).

1_launch test runner option

 

The dialog looks as follows:

2_launch test runner dialog

Here we’ve specified some initial settings to run the current TestCase, in the Report tab we can specify which reports to generate:

3_basic tab

4_reports tab

 

Now if we run the testrunner we get:

5_start run

 

6_running

 

Scrolling back up in the opened window we can see the actual command issued at the command-line:

 7_execution complete

 

8_cmd exe

Copy and paste the below highlighted into your favorite automation tool for rerun these tests as configured.

9_cmd exe paste

 

Please find the report generated for the same.

dwd2
Download It –
Report.txt

That is all!!!

 

 

Read More

How to manually upgrade an Android smart phone or tablet

Posted by in Android

 

We all want the most up-to-date gadgets and therefore the most recent versions of the software that is available for them. Upgrading an Android device might take you to a newer version of the operating system like 4.0 Ice Cream Sandwich or bring new features or enhancements for your smart phone or tablet.

Upgrades for Android devices are generally available over-the-air (OTA) which avoid the need for cables and a PC. They also rolled out gradually and will depend on the manufacturer and mobile operator. You may receive a notification about an upgrade but you can also manually check and upgrade your device.

Follow the below steps to manually update an Android smart phone or tablet.

Step 1: As a precautionary measure its good practice to back up your data such as contacts and photos since the upgrade should not affect your data but there is no guarantee.

Step 2: Navigate to the Setting menu of your device. On any Android device this can be done via the app menu. Typically the Setting app will have a cog or spanner logo.

1

Step 3: Scroll down the Setting menu a click on ‘About Phone’ or ‘About Tablet’. This section of the menu will detail which version of Android your device is running.

2

Step 4: The menu can vary slightly from device to device but click the ‘Software Update’ or similar button.

3

Step 5: Your phone or tablet will now search for an available update. If you are taken to another menu, select the ‘Software update check’ button or similar.

If an update is available your device then you will be asked whether you wish to install it. If you select yes then the system will download and install the new software and reboot.

Note: You device may require a Wi-Fi connection to search for an update. We also recommend downloading the software over Wi-Fi because the file size can be large.

4

Read More
Page 1 of 612345...Last»