- Server-side Request Forgery
Server-side Request Forgery (a.k.a SSRF) occurs when a malicious user initiates an outbound request to another server from the vulnerable server. This is a server-side attack that arises due to a lack of sanitization wherein a target server gets affected (this is not a client-side attack).
Here, I am describing a ...
- Subdomain Takeover Attack
I am briefing out a method that can be used when testing for subdomain takeover. Let us first understand what a subdomain takeover is.
Subdomain takeover is a situation where a malicious user is able to claim a subdomain on behalf of a legitimate site.
Figure 1: Subdomain Illustration
Let us take ...
- Distributed Performance Testing using JMeter on AWS
What is the need to do Distributed Testing?
When we do a Performance Test with a high number of Virtual Users, our test machine tends to get overwhelmed leading with high CPU, memory usage leading to failure of client/test machines. In such cases, the test machine bears the load but it ...
- ChatBot with Microsoft Bot Framework and QnA
The rising wave of artificial intelligence (AI) in the last couple of years has given a massive push to the idea of conversational interfaces, commonly known as chatbots. Many companies (like IBM. Google, Microsoft, Facebook) have joined forces to boost the growth of various aspects of AI, including natural language processing and ...
- API Test Generator
APIs should be functionally correct, fast, secure, and reliable. Functional API tests are the equivalent of unit tests for software: a way to ensure that the API returns the desired output for a given input and most API tests also fall under the umbrella term “performance tests” because their purpose ...
- Test Automation using Robot Framework
What Exactly is a Test Automation Framework?
Below are the characters and components of a good automation framework:
The first thing to consider is a language like Python, Java, etc. that we can use to write our tests. It gives us the ability to create scripts.
The reusable page or entity objects.
Supporting libraries ...
- AWS Temporary Credentials Leakage
AWS secret keys are exposed by the client application in the browser during authentication to AWS services.
During penetration testing of an application, I reported a critical sensitive information disclosure issue on AWS keys being exposed in cleartext. The client application via the browser was making an API call to ...
- Scaling Product Development From Agile To DevOps
Software development is changing at a breakneck pace. If you don’t keep up, you are not really in the game. This is exactly why Agile is so widely popular and accepted by software developers- to catch up with the changes and customer demands as and when they come. While the ...
- The Very Latest on The Role of AI in Software Testing and Test Automation
The power that AI possesses in terms of reasoning, problem-solving, and learning through experience has resulted in its widespread adoption across business units. It is estimated that the AI market will grow to $22.6 billion in 2020. In the world of software testing, one of the most basic capabilities AI ...
- Top 30 GIT Commands With Setup and Advantages
Git SCM was invented by Linus Torvald, the creator or Linux in 2005. These commands are used to develop commercial and non-commercial projects as well as for managing repositories. It is an open-source Version Control System (VCS) tool. This tool is designed to handle every type of project in the ...