Software testing is an investigation conducted to provide stakeholders with information about the quality of the product or service under test. Software testing can also provide an objective, independent view of the software to allow the business to appreciate and understand the risks of software implementation. Test techniques include the process of executing a program or application with the intent of finding software bugs (errors or other defects).
When we performing the testing activities , for functional testing we focus on the requirements but there are many other aspects that need to be in consideration while testing the applications
In this article I will try to explain different type of attacks that we can use during the testing activities. These attacks can be divided into two categories
When we performing the testing activities , for functional testing we focus on the requirements but there are many other aspects that need to be in consideration while testing the applications
In this article I will try to explain different type of attacks that we can use during the testing activities. These attacks can be divided into two categories
- Data Attacks
- Web Attacks
- Usability Heuristics
Data Attacks
Type | Examples |
Numbers | · Decimal points (.00,0.0009,.866) · Decimal points truncation · Negative numbers · Floating points · Amount Numbers with commas ( 100,00,00) · Amount style of different countries .e.g European Style (1.234.567,89) |
Time and Date | · Time difference between client and servers · Timeouts · Date formats (June 5, 2005; 06/05/2005; 06/05/01; 06-05-01; 6/5/20015 12:34) · Time zone differences · Leap days · Invalid Days (Feb 30, Sept 31) · Daylight Savings · Clock reset |
Strings | · Data with Long Strings (255, 256, 257, 1000, 1024, 2000, 2048 or more characters) · Arabic or other language’s like Asian languages · Special characters (( “ ‘ ` | / \ , ; : & < > ^ * ? Tab )) · SQL Injection ( ‘select * from customer ) |
Paths | · Long Name (>255 chars) · Special Characters in Name (space * ? / \ | < > , . ( ) [ ] { } ; : ‘ “ ! · @ # $ % ^ &) · Invalid paths or not path exist |
Files/Attachments | · New file · Already Exists · No Space · Minimal Space · Write-Protected · Unavailable · Locked file · On Remote Machine · Corrupted · Maximum size · Different formats · Attachment while file open · File deletion from system after attachment |
General Attacks | · Domain Violations (example: 555.999.999.999) · Email address violations (example: emails without “@” |
Web Attacks
Attack Type | Examples |
Inputs | · HTML/JavaScript Injection (allowing the user to enter arbitrary HTML tags and JavaScript commands can lead to security vulnerabilities) · > 5000 Chars in TextAreas · See data attacks in above table · Inputs while enabled and disabled java scripts |
Navigation | · Back (watch for ‘Expired’ messages and double-posted transactions) · Refresh · Bookmarks · Forward · Hack the URL (change/remove parameters · Multiple instances |
Syntax Validation | · HTML Syntax Checker (http://validator.w3.org/) · CSS Syntax Checker (http://jigsaw.w3.org/css-validator/) |
Client Preferences | · Javascript Off / ON · Cookies Off /On · Security High/Medium/Low · Resize · Change Font Size · Popup block |
Post a Comment