New blog post on Basic Security Testing…
New blog post on Basic Security Testing for websites #securitytesting #websitesecurity #basicsecurity #testing #qa www.patwalsh.co.uk/basic-security-testing/
Basic Security Testing
High profile websites being hacked is nothing new nowadays - we hear about a different hack every week, if not every day. Hackers will use many different techniques to break into high profile websites and systems - including targeting weaknesses in the website's security, social engineering [...]
-
Device testing in the cloud – I’m now using Kobiton GalleryDevice testing in the cloud – I’m now using Kobiton
Amazon, Android, Android App Testing, App Testing, Apple, Apps, Automation, AWS, Cloud, Google, iOS, iOS App Testing, iPad, iPhone, Mobile, Mobile Testing, Software Testing, Test Automation, Website Testing
Device testing in the cloud – I’m now using Kobiton
I've recently started using the Kobiton device testing cloud, to enhance the range of iOS and Android devices that I can test apps and websites on. Over the last few years, I've looked into several other device testing cloud platforms from all sorts of companies and [...]
Testing invisible reCAPTCHA
This is a rehash of my own posts on the Ministry of Testing regarding testing Invisible reCAPTCHA. Google provides various information on Invisible reCAPTCHA, such as the links below, but none of these provide much information. https://developers.google.com/recaptcha/docs/invisible https://www.google.com/recaptcha/intro/invisible https://developers.google.com/recaptcha Here's what I've found out so far from [...]
Firefox Quantum browser’s built-in screenshots tool
While trying out the updated Firefox browser - Firefox Quantum - one of the handiest features I've found is the built-in screenshots functionality. I'd read briefly about it at https://screenshots.firefox.com and was expecting it to be available via a button or a menu option, but its actually [...]
Using Charles Proxy to test different HTTP Response Codes
Note: If you're new to Charles Proxy, you may need to read my earlier post on Using Charles Proxy for bandwidth throttling testing to get started on this. Charles Proxy really is a neat box of tricks and two of the best are the Rewrite Tool [...]
Using Charles Proxy to test Apps and Websites using SSL
Note: If you’re new to Charles Proxy, you may need to read my earlier post on Using Charles Proxy for bandwidth throttling testing to get started on this. Update: There is now also a Charles Proxy iOS app, which allows you to do the following: Capture HTTP and [...]
Mobile Device Quick Comparison Chart
Update - August 2019 - lots of phones and tablets added to the list. Update - September 2018 - I've now added the latest devices to the list - iPhone XS Max, iPhone XS, iPhone XR, Samsung Galaxy Note 9, 9.7 iPad (2018) Update - October [...]
Annotating iOS 10 screenshots using Markup in Photos app
In iOS 10 you can annotate your screenshots within the Photos app, using the Markup editor. I only found this by accident the other day, but it's a very useful tool if you're taking screenshots for iOS App Testing and/or Website Testing on iOS 10 devices. [...]
Mobile Device Quick Comparison Chart – Feb 2016
Update - the latest version of the Mobile Device Quick Comparison Chart will now always be at https://www.patwalsh.co.uk/mobile-device-quick-comparison-chart/ It can be difficult keeping track of all the different mobile devices - smartphones and tablets - and the differences between them. With each new version of the [...]
Testing projects so far in 2016
2016 has been busy so far, I’ve worked on lots of different testing projects, with a brief outline of some of them below: Property crowdfunding website testing: mobile device testing Coastal ecosystem website testing Cinema info and booking website testing Cinema iOS 9 app testing Cinema [...]
2015 – Overview of my projects and training
2015 was a busy year for me, with a wide range of projects worked on and also some excellent training and education completed, including the Rapid Software Testing Applied course run by James Bach, which I completed in July. And to give a flavour of the [...]
WordPress Website Healthcheck service added
I've recently formalised and added a new service to my offerings - a WordPress Website Healthcheck. This service is ideal if you’re launching (or re-launching) a WordPress website and want to give the website a healthcheck before the go-live.
Quick Intro to Gherkin
Having used Gherkin in a couple of different testing projects, I thought I'd provide a Quick Intro to Gherkin, for those not familiar with it. So far, I've used Gherkin as a way of documenting tests, rather than automating tests, but it's used in both scenarios. [...]
Website Testing – Checking Network Requests and Activity
Sometimes when Website Testing (or Debugging) you may want to check exactly what's being loaded into the browser from the Network/Internet. You may need to check the sequence that files are loaded in, in order to see what's being run and where it's being accessed from. [...]
iPhone 6 bug raised with Apple – Bug Nr 19094247
Here's the full bug details as I raised on Apple's Bug Reporter (it's nr 19094247) Summary: On iPhone 6, I need to enter a Manual Http Proxy setting via Settings/Wifi I choose the Manual tab, then enter Server nr and Port nr - but this setting [...]
Website Security Testing training – Module 11
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 11 - Web Services Module 11 covers Web Services, including an introduction to Web Services, their possible vulnerabilities and attacks that hackers may carry out. It covers the [...]
Website Security Testing training – Module 10
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 10 - Common Vulnerabilities Module 10 covers common vulnerabilities including some of the OWASP Top 10 Security Risks, plus a wide range of different security threats. It covers [...]
Website Security Testing training – Module 9
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 9 - HTML5 & New Frontiers Module 9 covers the attack vectors and weaknesses introduced in HTML5 and other new standards and protocols. It covers the following: Cross [...]
Website Security Testing training – Module 8
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 8 - Authentication Module 8 covers Authentication, including the most common authentication mechanisms, their weaknesses and the related attacks. It covers the following: Single-factor Authentication Two-factor Authentication Credentials [...]
Website Security Testing training – Module 7
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 7 - Flash Security & Attacks Module 7 covers Flash Security and possible security breaches within web applications using Flash. It covers the Flash Security model and its [...]
Website Security Testing training – Module 6
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 6 - Session Security & Attacks Module 6 covers the use of the Session Identifier, various methods of Session Hijacking and also how it can be prevented. It [...]
Website Security Testing training – Module 5
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 5 - SQL Injection Module 5 covers SQL Injection, where malicious SQL queries can be used to access the database and data that are used to run a [...]
Website Security Testing training – Module 4
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 4 - Cross Site Scripting (XSS) Module 4 covers XSS, one of the oldest types of hacks which is still top of the OWASP Top 10. XSS is [...]
Website Security Testing training – Module 3
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 3 - Information Gathering Module 3 covers the Information Gathering process. This is where the security tester gains an understanding of the web application and collects useful information [...]
Website Security Testing training – Module 2
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 2 - The Penetration Testing Engagement Module 2 covers the overall process of a Penetration Test - from pre-engagement to reporting. A Penetration Test is a complex process [...]
Website Security Testing training – Module 1
As mentioned previously, I'm doing an online training course – Web Application Penetration Testing – from ELearnSecurity. Module 1 - Web Application Essentials Module 1 is an Introduction to the subject, covering Web Application Essentials. It covers the following: HTTP Protocol - HTTP Requests - HTTP [...]
Upgrading Avada from version 3.0.1 to 3.4.3
It had been a while since I'd updated the Avada theme that this website uses and it seems the longer you leave it, the more there is to consider - what will I need to backup, what about WordPress versions, what about my plugins etc? Anyway, [...]
Google Chrome URLs
As a website tester I always need to know which version of a browser a machine is running, so that I can provide accurate results of a test, on a particular machine and browser. Google Chrome allows you to do this by using the About Google [...]
Projects this week include: a Cinema/Movies websit…
Projects this week include: a Cinema/Movies website test, a Language Learning website test #websites #web #testing