srinivasulub1981

 Profile Answers by srinivasulub1981 Questions by srinivasulub1981

• Mar 9th, 2009

 

1)How you can calculate the session time?

[Ans] For our application one global setting is defined with the time, if the time is 1 min, system is idle for 1 min then current session should be timed out. Calculating the time means we can calculate using stop watch.

2)How to test the interface?
 
[Ans] Testing can follow below steps.

  -> Open the application and observe the session timed out time set in the system
  -> Put the system in idle stage upto reaching the session timed out.
  -> Again try to invoke the application
  -> If the current session is time out then ok or else need to raise the issue


3)Describe procedure to conduct load,stress,compatibility,security testing for web-based application?

[Ans]

Load: It's depends on no.of users ie how many users can access the application and mean while application should not be crashed, it can be done using automation tool like Load runner. Here we can create the virtual users.
 
  For ex, client wants 300 users capacity of his application then we need to create more than 300 virtual users and start working on load runner, if still application works well then no problem or else need to raise the issue.

Stress: It's depends on no.of clicks on the button/application, for ex: there is a buttong in application page 'Submit', if users keep on clicking on submit button then application needs to handle this situation in a better  way, if it's responds in ri8 way then no pb, or else need to raise an issue.

Compativility : This can be done using diff environments , for ex: ONe application is developed in IE and this should be behave as same as how it behaves in IE when user invokes in Mozilla, if not need to raise an issue

Security: This is a big process, there are so many types of testings, we follow below ones
 
 XSS : Try to enter simple XML functions into all editable fields and verify whether it has vulnerability or not.

Ex: <script>alert ('XSS');</script>

Buffer over flow: Try to enter data morethan the length of the field into all editable fields and observe the application thrown the concerned validation messages or not.

SQL injection: Try to enter hackable sql queries into all editable fields and observe user is able to logged into system or not, if logged in then need to raise issue.

  syntax:  use this while checking the user id   " testuser10' or 1=1 "


CGI Parameters: Although hidden form fields are a good way of passing data between pages, there is a big drawback in using this method: The user has to submit a form to an "action handler," usually by pressing a button. It may seem like a small point, but users are more used to clicking on hyperlinks or images for their navigation than form Submit buttons.


URL Jumping: Try to invoke the next stage by passing the current step, for example while doing online transaction there would be 3 stages, 1st stage contains the credit card verification, if user by passes the first stage then he can do the transaction successfully, if he done like this need to raise the issue.


Srinivas