Chronicles Of Testing

Is software security of any relevance to the role that I play as a programmer, a product owner, a  business developer, a user and a tester? In the past month, a retail firm failing to fix the reported bugs concerning security led to several user's credentials landing in pastebin.com(revealed and now removed). This article is an attempt to identify every role in SDLC with that of a responsible securitista. Why security needs to be considered as a functional feature? Why should software security be identified as an integral part of SDLC? Why is there a need to build a security team? Why having a mind-set and skills required for security, a boon to any organization? In addition, it is necessary to get consumers to understand that the Application/Website built is robust and secure. And have this message conveyed with the security features that your application provides the users with. The image below is one such attempt by Amazon.   Image courtesy: Amaz...

DNS - Domain Name System Is a Server which can be in-house or with an ISP, which caches in the IP addresses of the frequently visited web pages. DNS Server - can be configured for recursive search, which forwards the request to other DNS servers. Why the browser/DNS client contacts the DNS server? To fetch the IP address of the web server to which the client needs access. Why IP addresses are required by the client and server? To help two computers connect and transfer data. What is DNS Spoofing? Overriding the DNS server with the server information which the attacker wants the client to connect to. Overwrite the DNS settings on your computer. What happens if the DNS server is unavailable? The user will not be able to access the internet. How can this add on from Firefox: Flagfox be used? Flagfox provides the user with the server location, domain name and the IP address of the requested webpage (and much more). Configure the host file ...

Open Source Firefox Web Browser offers free and purchasable add-ons - Install and use it for Testing the Web Applications and do more with it.  Image Courtesy:  https://addons.mozilla.org/ 1) Tamper Data Used for web security/penetration testing. Install this feature and tamper the data/request/cookies being sent to the server. Check for client side and server side validation. Validate input fields with valid and invalid data and posted messages. 2) DoNotTrackMe Many sites are tracking user's web activity, if you had like to obscure your activity on the web. Go for this. DoNotTrackMe does not ensure to obscure your web activity wholly. It checks against a list of sites and blocks them for you. Who will track your web activity? Hosts of tracking companies and social networking sites. What would they do with this data? Use it to provide you suggestions/recommendations. Misuse it to sell you something or sell the data. 3) Ghostery ...