Month: November 2015
Penetration testing is a part of the software testing life cycle that checks out how the particular application being tested react to various attacks which can be both internal and external in nature. However, as the technology is advancing, applications are becoming more complex which leads to the development of certain challenges related to penetration testing.
- Session State Management: One of the most ardent problem of penetration testing is the fact that it becomes difficult for the testers to keep logged into a particular system while testing it. Various developers use various kinds of session tracking systems to keep a track of the traffic inflow into various software. Hence penetration testing will require the testers to manually set the various limitation depending upon the setting of the particular software related to the testing procedure. Often sending an attack to check the vulnerability leads to invalidating the current session.
- Logical Flow: When testing a website, penetration testing may become a bit problematic as certain websites act in different manner than certain others leading to changes in the process of penetration testing of the these software. Some websites provide direct access to the visitors to the main page of the site whereas others have to undergo some steps before they can access the main page or perform their actions related to the website.
- Custom URLs: Yet another problem which is faced during the penetration testing of a particular web application is the presence of various URLs that act in varied ways when they are implemented. Some of them are pretty simple and can be tested with simple methods and yet others make it difficult to fathom which portions or which kinds of attacks are to be implemented.
- Privilege Escalation: These days applications are customized more and more so as to fit the people who are using them completely. This leads to a problem as a single penetration testing method fails to test the vulnerabilities of all the individual custom settings that may be linked to the particular application. It also becomes quite difficult to conjure all the various custom settings that are possible and it kind of becomes a very difficult and time consuming job to detect the various short comings that may be linked with the various custom settings.
- False Negatives/Positives: It often becomes difficult to pin point he vulnerability that is associated with a particular software. Moreover it may so happen that you have created an attack which provides a certain result to the test process which is a false signal of either positivity or negativity. Working on further development of the software based on these results becomes difficult as they do not actually exist in reality or it may also lead to overlooking a problem which is actually present.
These are some of the most raging challenges which are faced by the testers while performing penetration testing on a particular software or web application and with the advancement of technology these challenges will become more persistent.
When it comes to software, banks probably have some of the most complicated software systems which have a lot of factors to deal with. The primary complication of the banking systems is the fact that they are integrated to a large number of other systems and have to perform transaction with them. Another key factor is the multi-tier security system that it has to support in order to safe keep the monetary as well as personal details of the customers. It also has to deal with a large number of customers at any given time. The banking systems also have to maintain a detailed database of all the customers as well as the daily transactions that are being performed by each of them on a daily basis. It also has to be ready to solve any kind of issues that the customers face and not to mention the varying range of transaction that may occur on any given day. This is why banking systems have to be up to date and running at all time.
All these factors makes software testing, an absolute essential for the banking systems, especially when it comes to performance and security. Banking systems have to be upgraded regularly and it has to be seen that their security is of the top level so that it can’t be easily breached by hackers in order to protect the interest of their customers. Software testing ensures that the systems used by the banks are of top notch quality.
Software testing is that part of the software development life cycle which ensures that the software performs exactly how it is intended to and is devoid of any complications which may be caused by various bugs that creep in during coding. Software testing actually begins before the developmental process with the feasibility testing which ensures the plausibility of the existence of the software and ends with the beta testing which is conducted after the completion of the development of the software to check the various aspects of the software such as user friendliness, security, performance, load capacity, functionality of the software and other vital issues.
The software which are used in the banking systems are some of the busiest ones available which requires to be up and running almost 24×7 for the ease of the customers. It also safe keeps the most valuable asset of the customers, i.e. money. This is why the banking systems need to be top notch in performance and highly secure in nature, so as to prevent the risk of being hacked. Also the banking systems need to be linked to a huge number of other systems like payment gateways and billing desks and hence requires to be tested for proper integration with these systems. Another feature of these banking systems are the varying amount of load which it may have to tackle and there might be an excess amount of load at any given point of time. Load testing is very essential for these systems as well as spike testing which will ensure that the system will be able to work under all load conditions and does not crash. Software testing is also required to make sure that the banking system gets up and running in a short time even if it crashes under a great amount of load.
This is a overview of software testing for the banking industry which helps in keeping the system in workable condition for the customers at all time and also protect the money and personal information provided by them.
Software testing procedure is the key to the success of any software application and it is a proven fact. The software which undergo software testing procedure prior to launching has better customer satisfaction and success rate than their counterpart which was released without any testing. This is because software testing helps in detection of the various flaws that may ultimately result in the dissatisfaction of the customers. The detection of these flaws helps the developers to rectify them and make the software a stronger one.
Automated testing or test automation is a part of the software testing procedure where the certain pre written codes or special software which automatically test the software under examination and provides the tester with the results and at times can also compare the results of a current test with a past one to show the improvements made on the software after rectification or to give an idea about the most persistent problems that have been lingering on for quite some time now so that special heed may be given to these problems.
Automated testing helps in betterment of the software being tested which in turn leads to the success of the same. But before deciding whether test automation is the key to the successful application or not, first let us check out the various benefits of test automation.
- Testing Improves Accuracy: Monotonous software testing leads to mistakes. Even the most experienced and professional tester is prone to committing mistakes when they are performing manual testing for a long period of time. This can be avoided completely with the help of test automation as it is conducted by the machines and can run the same tests for hours at a go without a single mistake and same consistency.
- Increase Test Coverage: Test automation increases the depth of testing procedures along with the scope. While manually testing a software, testers often omit the lengthy tests for obvious reasons of time. Test automation helps in conduction these tests. Also test automation can take a peek into factors like memory contents, data tables, file contents, and internal program which are usually surpassed by manual testing to provide a detailed report of whether the software at stake is performing in a desired way or not.
- Automation Does What Manual Testing Cannot: Controlled web application test with the help of thousands of users is something which can only be achieved by the help of test automation. It can create scenarios of tens or hundreds or even thousands of virtual users who will be using the software at the same time. This is something which can never be achieved by manual testing methods.
- Automated QA Testing Helps Developers and Testers: As test automation is conducted by machines so even developers with little knowledge about software testing will be able to conduct them. This helps them to rectify the preliminary errors before sending them for software testing which helps in saving time and effort on both fronts.
- Team Morale Improves: This is quite obvious. Test automation takes care of the monotonous and time consuming jobs which leave the team members free for attending the more challenging jobs and for developing better testing procedures which will provide them with more accurate results about the working of the software thus helping them to make even better software.
Thus you can now see that it is pretty evident that test automation hugely enhances the chances of success of an application by improving it in terms of quality leading to greater customer satisfaction.
Unlike normal software, enterprise resource planning (ERP) applications are designed to help businesses to collect data on various business activities, and analyze the data to form an integrated overview of core business processes. So these applications are designed by integrating a variety of software application. Also, each ERP system is customized according to the specific needs of the business. The business has to make and implement custom test plans according to the specific features and functionality of the ERP application. At the same time, the QA professionals need to keep in mind a number of best practices to test the ERP application effectively.
Best Practices for Testing ERP Applications Efficiently
Understand Different Testing Approaches
The QA professionals need to perform a variety of tests to assess the performance of an ERP application accurately. They have to perform functional testing to check if the application provides the expected solutions to the business problems. Likewise, they have to perform integration testing to ensure that different components integrated into the system are working flawlessly together as a single application. Also, they need to conduct performance testing to check how the integrated components of the system are performing in specific situations. However, each type of testing must be performed with a particular objective. For instance, performance testing will aim to check how the application performs under specific conditions, without focusing of the defects or flaws in the system.
Gather Detailed Information about the ERP Application
A business can use ERP systems to monitor and manage various processes. So the features, functionality and usage of individual ERP applications differ according to their usage and requirements. To test the software effectively, each member of the QA team must understand key aspects of the project. Before testing the application, each tester must know number of modules to be tested, along with identifying the system users, business requirements, and industry verticals. The project manager can easily provide the key information to testers by making a comprehensive test plan.
Estimate the Testing Efforts
Often testers have to perform all tests required for assessing the performance of the ERP application within a stipulated amount of time. So the project manager must estimate the amount of time and efforts required for performing each type of tests. He need to calculate the amount of time required for writing test cases and test suites, executing all test cases, and preparing test reports. The manager can always refer to the previous testing strategies and test execution plans to estimate the time required to assess the performance of the ERP application comprehensively.
A business can always faster and reliable test results by automating the performance testing efforts. The test automation tools will enable testers to repeat certain tests to assess the performance of the ERP application more accurately. But a business cannot automate all manual testing efforts. So the project manager must decide the business processes testing and test scenarios to be automated. At the same time, he also needs to identify the right tools to make the testers more productive and get better test results. However, he still need to compare the manual and automated test results to assess the performance of the system more effectively.
Define the Process for Test Data Collection and Evaluation
It is also important for the businesses to deploy testers who have prior experience in ERP applications testing. The experience will help them to write test automation scripts by keeping in mind all business requirements and usage scenarios. However, the manager still needs to evaluate the test cases to ensure that all business use case scenarios are covered. At the same time, he also needs to define the process for collection of test data for both input and output. Further, the output data must be evaluated by a domain expert to ensure that the ERP application is performing according to the predefined requirements and specifications.
On the whole, the testers must understand the business requirements and processes clearly to test the ERP application efficiently. The project manager must make a comprehensive test plan to help testers obtain detailed and relevant information instantaneously. They can further refer to the test plan to ensure that all aspects of the application are tested within a shorter amount of time.
Security testing is an important part of software testing life cycle and its popularity is increasing day by day due to the advancement which is observable in the cyber crime era. Hackers are becoming more and more powerful day by day leading to the enhancement of the security level of the various apps and sites so that all the loopholes can be covered and the security system of the app is foolproof. As your client will be trusting you with their personal info, it is up to you to safeguard the same too.
- Is the privacy and the confidentiality of your customer protected?
- Does the software you are testing require user name and password for the purpose of logging in?
- Do the client and or the server have any kind of Digital Certificate for operating?
- Did you make sure to verify the beginning and end of the encryption?
- Multiple log-ins at the same time is available or not?
- Is lapse of session due to inactivity applicable to the software?
- Secure pages allow or deny bookmarking of the system?
- Is there a option for the display or the key on both the secure as well as insecure pages?
- Are viewing, right clicking and source enabled?
- Editing the content URL and searching them directly is available or not on the pages?
- Check whether the Digital Certificate which is being used on the page either on the client end or the server ends gets registered on the Cache or not? Security information of the Digital certificate can be crucial and it needs to get deleted from the Cache once you are leaving the application or backspacing from the same. This information should be checked properly.
- Are there any alternate methods to access a page which is secure if the SSL server is not accessible in versions of the app or the device?
- Is the log in and log out from the respective app known or unknown to the user accessing them?
- If there are multiple attempts of logging in to the app or site using misinformation, does the person gets locked out automatically?
- Know if there are user name required and how the system reacts to both valid and invalid usernames and passwords. How many times can a person attempt to log in before being locked? What other ways can the system are surpassed from not putting in the password?
- If the time period of a session expires, how does the system react? Does the user still have access to the site or is he locked out?
- Is the information of the log files traceable easily?
- Information integrity and encryption of files in SSL should be carefully tested for security purpose.
- Is scripting of the software accessible? Can the source code be edited without proper authorization?
- How does the various proxy security servers impact on the software and what is the outcome of the impact?
- Is the load balancing server well capable of transmission of information from one server to another when either one breaks down?
- Is the 128 bit Encryption which is being used, properly verified and tested?
These are some of the main points which should be considered before getting into security testing. These considerations will help you to design the plan of the security testing which will have maximum coverage as well as test the important criteria of the subject under consideration to provide your client with a superior product.
The massive popularity of mobile apps encourages many businesses to develop innovative applications by targeting popular mobile platforms. But users now have option to choose from millions of mobile apps available in different app stores. So it becomes essential for the business to focus on the app’s quality and user experience to get higher returns.
However, the enterprises require testers to test all aspects of the application within a shorter amount of time to reduce time to market. Many businesses automate their mobile application testing efforts to help testers to complete all tests without putting any extra time and effort. However, each business has to address a number of key challenges to automate their mobile application testing efforts effectively.
Addressing Top 4 Challenges in Mobile App Testing Automation
1) Choosing the Right Devices
Each mobile app needs to deliver quality user experience across a wide variety of devices. Often developers find it easier for test the iOS and Windows Phone apps as these platforms power only specific devices. But Android apps need to run on various models of smartphones, tablets and phablets. So the test automation must clearly define the targeted devices to make it easier for QA professionals to perform the tests. However, a business cannot invest in a large number of mobile devices. That is why, it is important for the project manager to pick some of the commonly used mobile devices, and use simulators to cover the rest.
2) Picking the Best Software
Each business has option to choose from a large number of mobile app testing tools and frameworks. Some of these tools are commercial, whereas others are open source and free. That is why; enterprises often find it challenging to pick the right software. It is always important for businesses to explore ways to reduce project overheads by using open source testing tools and solutions. But the open source tools do not provide IDEs that can be used for designing, executing, refactoring and maintaining tests. So it becomes essential for businesses to invest in commercial testing tools. To address the challenge, the business must spend some time in assessing the pros and cons of each tool according to the needs of the project. The evaluation will help it to pick the right software without spending a lot of money.
3) Monitoring Changes in Application’s Behaviour
Unlike conventional software applications, mobile apps are used in a variety of environments. The performance and user experience of an app will differ according to the connection. For instance, a user may access the mobile app with a number of internet connections like Wi-Fi, 2G, 3G and 4G. The performance of the app will vary according to user’s internet connectivity. That is why; the testers need to assess the functionality and performance of the app across many environments. At the same time, they also need to identify the bottlenecks affecting the app’s performance in individual environments. The business has to invest additional funds to emulate the probable environments for testing purpose. So it needs to identify the common factors that affect the app’s performance in various environments. The testers can use tools to assess the application’s performance based on these common parameters.
4) Implementing Data Driven Automation
While automating their mobile application testing efforts, many enterprises opt for data-driven automation. The automation technique enables testers to process a large number of business requirements within a shorter amount of time. For instance, data driven automation will help testers to check if the app displays appropriate error message for specific input submitted by the users. The business can simplify date-driven automation by asking testers to list the minor business requirements to be tested in a spreadsheet, and execute the test script to assess these requirements sequentially. The test script will gather business requirements from the spreadsheet and execute the tests in sequence. The testers can further enhance the scope of the test strategy simply by increasing the number of rows in the spreadsheet.
However, no business can automate all its mobile application testing efforts. The test automation tools cannot assess the application’s user experience accurately. As the app’s user experience will have a direct impact on its popularity, specific tests have to be conducted manually. That is why; the business must identify the tests that can be automated effectively to address the key challenges in an easier way.
Security testing of the developed applications is very important in order to protect the data saved in it from the hands of the hackers. Following are the list of best security testing tools which you can use to make your software a better and more secure one for your customer’s benefit.
- Acunetix: Acunetix is one of the best possible security testing tools available in the market which is available in a paid as well as a free version. This tool not only helps in hacking the system in order to check the security level but also has many additional security features and generates a detailed report.
- Aircrack-ng: Aircrack-ng is the next security testing tool to be featured on our list. This tool comes with a number of various features that helps in checking the security of the application under various circumstances.
- Cain & Abel: Cain & Abel or just Cain allows the tester to penetrate into the database of a particular application to reveal the various data stored in it. It is primarily a password recovery tool which is more or less a script kiddle but is an awesome tool as far as security testing is concerned.
- Ettercap: Most often, Ettercap is used along with Cain & Abel as an additional security testing tool. However Ettercap by itself is pretty good at analysing the network being tested and the best part about this tool is that it comes for free and has an open source.
- John The Ripper: John The Ripper was primarily created for security testing of applications which runs on UNIX. But with time it has been developed to work on all the major operating systems. This free security testing tool is used by most professionals to break into a system.
- Metasploit: If you are looking for a security testing tool which is used by majority of the ethical hackers available, then look into Metasploit. Developed by Rapid7, this tool provides important information about the security vulnerability issues of the application to the said tester.
- Nessus: Nessus, which is available in both free and paid versions, is one of the top notch tools for vulnerability testing of a software. It helps in checking the loopholes which can be exploited by the various hackers as well as the misconfigurations which can be used for a dictionary attack.
- Nmap: Unlike most of the security testing tools available in the market, Nmap specializes in sending small packets of information regarding a particular breach in the security system of an application to the tester. The security testing tool which has been around for a long time is one of the most advanced testing tools used by the testers.
- Kismet: Combine the likes of a sniffer, a wireless network detector and an intrusion detection security testing tool and you get Kismet. The fact that it tests and sends reports to the tester in a passive manner makes Kismet better than other testing tools. It checks the wireless access points to generate the reports.
- Wireshark: If your are on the lookout for a security testing tool which will help you to put your application on a promiscuous mode to check in all the traffics then try out Wireshark. The tool is power packed with multiple features like capturing data from networks that are live.
These are some of the top notch security testing tools which can be utilised by pen testers in order to detect the glitches that can make your application vulnerable in the hands of hackers.