New blog post on Basic Security Testing…
New blog post on Basic Security Testing for websites #securitytesting #websitesecurity #basicsecurity #testing #qa www.patwalsh.co.uk/basic-security-testing/
New blog post on Basic Security Testing for websites #securitytesting #websitesecurity #basicsecurity #testing #qa www.patwalsh.co.uk/basic-security-testing/
High profile websites being hacked is nothing new nowadays - we hear about a different hack every week, if not every day. Hackers will use many different techniques to break into high profile websites and systems - including targeting weaknesses in the website's security, social engineering [...]
I've recently started using the Kobiton device testing cloud, to enhance the range of iOS and Android devices that I can test apps and websites on. Over the last few years, I've looked into several other device testing cloud platforms from all sorts of companies and [...]
This is a rehash of my own posts on the Ministry of Testing regarding testing Invisible reCAPTCHA. Google provides various information on Invisible reCAPTCHA, such as the links below, but none of these provide much information. https://developers.google.com/recaptcha/docs/invisible https://www.google.com/recaptcha/intro/invisible https://developers.google.com/recaptcha Here's what I've found out so far from [...]
While trying out the updated Firefox browser - Firefox Quantum - one of the handiest features I've found is the built-in screenshots functionality. I'd read briefly about it at https://screenshots.firefox.com and was expecting it to be available via a button or a menu option, but its actually [...]
Note: If you're new to Charles Proxy, you may need to read my earlier post on Using Charles Proxy for bandwidth throttling testing to get started on this. Charles Proxy really is a neat box of tricks and two of the best are the Rewrite Tool [...]
Note: If you’re new to Charles Proxy, you may need to read my earlier post on Using Charles Proxy for bandwidth throttling testing to get started on this. Update: There is now also a Charles Proxy iOS app, which allows you to do the following: Capture HTTP and [...]
Update - September 2019 - new iPhones added to the list. Update - August 2019 - lots of phones and tablets added to the list. Update - September 2018 - I've now added the latest devices to the list - iPhone XS Max, iPhone XS, iPhone [...]
In iOS 10 you can annotate your screenshots within the Photos app, using the Markup editor. I only found this by accident the other day, but it's a very useful tool if you're taking screenshots for iOS App Testing and/or Website Testing on iOS 10 devices. [...]
Update - the latest version of the Mobile Device Quick Comparison Chart will now always be at https://www.patwalsh.co.uk/mobile-device-quick-comparison-chart/ It can be difficult keeping track of all the different mobile devices - smartphones and tablets - and the differences between them. With each new version of the [...]
2016 has been busy so far, I’ve worked on lots of different testing projects, with a brief outline of some of them below: Property crowdfunding website testing: mobile device testing Coastal ecosystem website testing Cinema info and booking website testing Cinema iOS 9 app testing Cinema [...]
2015 was a busy year for me, with a wide range of projects worked on and also some excellent training and education completed, including the Rapid Software Testing Applied course run by James Bach, which I completed in July. And to give a flavour of the [...]
I've recently formalised and added a new service to my offerings - a WordPress Website Healthcheck. This service is ideal if you’re launching (or re-launching) a WordPress website and want to give the website a healthcheck before the go-live.
Having used Gherkin in a couple of different testing projects, I thought I'd provide a Quick Intro to Gherkin, for those not familiar with it. So far, I've used Gherkin as a way of documenting tests, rather than automating tests, but it's used in both scenarios. [...]
Sometimes when Website Testing (or Debugging) you may want to check exactly what's being loaded into the browser from the Network/Internet. You may need to check the sequence that files are loaded in, in order to see what's being run and where it's being accessed from. [...]
Here's the full bug details as I raised on Apple's Bug Reporter (it's nr 19094247) Summary: On iPhone 6, I need to enter a Manual Http Proxy setting via Settings/Wifi I choose the Manual tab, then enter Server nr and Port nr - but this setting [...]
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 10 - Common Vulnerabilities Module 10 covers common vulnerabilities including some of the OWASP Top 10 Security Risks, plus a wide range of different security threats. It covers [...]
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 9 - HTML5 & New Frontiers Module 9 covers the attack vectors and weaknesses introduced in HTML5 and other new standards and protocols. It covers the following: Cross [...]
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 8 - Authentication Module 8 covers Authentication, including the most common authentication mechanisms, their weaknesses and the related attacks. It covers the following: Single-factor Authentication Two-factor Authentication Credentials [...]
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 7 - Flash Security & Attacks Module 7 covers Flash Security and possible security breaches within web applications using Flash. It covers the Flash Security model and its [...]
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 6 - Session Security & Attacks Module 6 covers the use of the Session Identifier, various methods of Session Hijacking and also how it can be prevented. It [...]
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 5 - SQL Injection Module 5 covers SQL Injection, where malicious SQL queries can be used to access the database and data that are used to run a [...]
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 4 - Cross Site Scripting (XSS) Module 4 covers XSS, one of the oldest types of hacks which is still top of the OWASP Top 10. XSS is [...]
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 3 - Information Gathering Module 3 covers the Information Gathering process. This is where the security tester gains an understanding of the web application and collects useful information [...]
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 2 - The Penetration Testing Engagement Module 2 covers the overall process of a Penetration Test - from pre-engagement to reporting. A Penetration Test is a complex process [...]
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 1 - Web Application Essentials Module 1 is an Introduction to the subject, covering Web Application Essentials. It covers the following: HTTP Protocol - HTTP Requests - HTTP [...]
It had been a while since I'd updated the Avada theme that this website uses and it seems the longer you leave it, the more there is to consider - what will I need to backup, what about WordPress versions, what about my plugins etc? Anyway, [...]
As a website tester I always need to know which version of a browser a machine is running, so that I can provide accurate results of a test, on a particular machine and browser. Google Chrome allows you to do this by using the About Google [...]
Projects this week include: a Cinema/Movies website test, a Language Learning website test #websites #web #testing