Monthly Archives: July 2012

Mastering UI for Beginners

You know the situation: you’re about to get on an airplane for five hours and you just hope to not get stuck next to the loud snorer or the crying baby. Fortunately for me, my last flight yielded a more interesting fellow traveler.

As I was beginning to nod off around 20,000 feet, I noticed out of the corner of my bleary eyes that my seatmate blueprint_uiwas tapping away on an iPad app that I had never seen before. My fellow flyer was actually using Blueprint, an iOS UI design tool. After striking up a conversation, I learned that the man busy toiling in app interfaces was no master developer but rather a middle school teacher who had an idea or two.

Frustrated with a manual methodology for tracking students in his classroom, he began jotting ideas on napkins on how to make the process more efficient by creating his own app. He tracked down a developer and got to work. After a successful launch in the Apple App Store, my new acquaintance is now on the path to creating his next app. This time though, he is using the more refined method of Blueprint to map out his idea.

This amazes me. The power to create and design apps isn’t just for developers anymore. Now it is within reach of the everyman. No longer can someone sit on the couch, watch a commercial and say, “well, yeah but I thought about that five years ago.” Instead, they can take matters into their own hands (or finger tips!) and start designing.

Now, with the help of tools like Blueprint, App Cooker and iMockups, developers can gain clear guidance from passionate consumers with great ideas. Here’s to the people and the potential for exciting apps in the future.

source: http://blog.utest.com/mastering-ui-for-beginners/2012/07/

Did you like this? Share it:

Mobile App Testing – An Overview

Mobile app testing as an entity and a profession is relatively new in the field of Information Technology. Some people perceive mobile app testing as just an extension of traditional software testing, while others see it as an entirely new concept. While, the concept, and for that matter ‘mobile devices’ are new; from purely a testing perspective, there is one statement that rings true, and that is “good software testing principles can be applied to any software, regardless of the platform.”

The experience required to adequately test a mobile app can be significantly reduced if the tester has experience testing other forms of software. Once the tester understands the new processes involved in mobile apps, then they should be able to quickly be in a position to test a mobile app with confidence. For someone new to the field of software testing who wishes to start their career in mobile app testing, then this is not advisable, as key software testing principles can be easily overlooked by the way that the software is presented in a mobile format.

Mobile apps normally fall into two categories, either they are professionally developed for a specific purpose with a clear business goal in mind, or they are developed for fun, often the latter is developed by a single person. Testing of any application is critical and I won’t go into the reasons here, but it is clear that with the vast amount of mobile apps out there and in development, if the quality is poor it will not be a success….fact!

All apps need to be tested, and while a developer may think that they can effectively test their own work, nothing can replace the effectiveness of a professional tester’s expertise. Software companies who have developed their app may choose to test the app themselves (in-house) or choose to pay a professional outsourced mobile app testing company.  Often the decision to outsource the testing is made easier due to compatibility issues. While an iPhone app can be tested on a handful of Apple devices, it is virtually impossible to do the same with Android devices, which is why they predominantly choose to outsource to a testing company that holds a wide selection of Apple and Android devices.

A mobile app tester is considered to be a niche role at this moment in time. As mobile apps are the fastest growing form of software development, the niche will disappear and be replaced by a dedicated industry. While some perceive a split between traditional software testing and mobile app testing, there is no evidence to support this and the two entities will undoubtedly remain tied together, and rightfully so.

The importance of software testing has risen in recent years, and this is now reflected in the world of mobile app testing. These testers effectively hold the key to an app’s success, and ultimately the success of the business or person who developed it.

source: http://www.testing4success.com/t4sblog/mobile-app-testing-an-overview/

Did you like this? Share it:

Software Testing 101 Ideas on how to Write Test Cases That Will Find More Defects in Less Time

Every system usually get upgraded sometimes for different causes like change of policy, development or product simply to identify a limited. Requirement ought to be utilized as a baseline for testing to confirm that the existing plus brand-new performance work. Test case is extracted for every prerequisite as a option of proving which the system or changes being used is prepared for day to day company utilize without error and/or negative impact about the existing performance.

Requirement itself changes from time to time plus certain become obsolete and also to be removed review testcase . Although the key activity of being tester is to execute test, retaining prerequisite list is crucial to have the ability to obtain as countless problems as potential inside the shortest time. Associating every case with prerequisite, as a source, is a good option to handle your time effectively. I have seen examples where instances were built without prerequisite can cause hours, days plus days of testing efforts without clear objective.

There is not any difficult plus fast guideline how to obtain the instances however, I find it simpler to begin thinking from test kinds. As an example,

Requirement: User must have a valid login and password to login.

Question to inquire about oneself when developing test case might be:

1 what functional abilities I must test?

2 what non-functional attributes to be included?

3 what security constraint?

4 what negative tests ought to be considered i.e. invalid login and/or account.. etc.

As you can view it is very easy to create at the least 2 instances, one being favorable and something being unfavorable test, from one prerequisite. Note that test type is context specific meaning specific types are far more appropriate for specific application. I would normally finish first round of fixed test with 2 aspects without taking too long plus move to the next prerequisite. As you understand more how certain requirements are connected together situation based test case is developed how to obtain it from situation is away of range inside this topic.

Summary

Test case ought to be based on prerequisite plus if there isnt one you can check whether or not brand-new requirements should be added regardless of whether it is very practical or non-functional. Maintaining prerequisite list is significant to ensure that your testing efforts have clear objectives. Finally, try thinking different types of testing to create different test instances this option you 1 view the situation from different perspective 2 have a superior learning of the system when several requirements are set together.

source:http://3dsmod.net/index.php/2012/07/software-testing-101-ideas-on-how-to-write-test-cases-that-will-find-more-defects-in-less-time/

Did you like this? Share it:

Three Software Testing Books I’d like to read Tweet12

have trimmed out a lot of my Software Testing books. And by trimmed, I mean, dumped or traded in on Amazon. I still have a few left, some because I see real value in them, and others because my hoarding instinct overrides my Zen de-cluttering zeal.

Here are 3 books I’d like to read. But they haven’t been written yet.

Apologies to the author’s and artists associated with the books I’ve based these new books on, but my desire for humorous pastiche overrode any concern that the original creative forces might feel insulted.  I picked on you because of your mythic stature in the Software Testing book world, because of the value that I took from you in my early years, and you met my needs.  

So my first 3 are:

  • The Art of Software Jesting by Ben Fold Wired
  • The Complete Guide to Software Besting by Phil Betzels
  • “I Object!”, Re-oriented Software Testing: A heretical Approach by Bell Diesel

 

The Art of Software Jesting

I think we take software testing too seriously. Or rather, we take ourselves too seriously. The danger being that Software Testing becomes a subject pumped up full of its own self importance, filled with pompous pontification.

e.g. "Exploratory testing must not be used as your main process. You must only use it after you have a stable system and have achieved coverage from your scripted tests."
blah de blah de blah, yeah yeah yeah

I don’t see enough evidence that we take ourselves seriously enough to mock ourselves.

Kings and Queens of olden days of yore took themselves pretty seriously, as did everyone else because their life depended on it. And yet they had a Court Jester to keep them balanced and reduce their hyper inflated sense of self importance.

Humour can help effect change, by laughing at yourself for beliefs with small amounts of evidence.

Lighten up.

Projects are a ridiculous place to shouting matches.

I appreciate many people on projects don’t appear to have a sense of humour, and don’t take it kindly when you try and inject one into the project. But as a weapon to disarm and defuse a situation, it helps.

It helps me not take my approach too seriously. It helps me work with people rather than roles.

Evil Tester was born from a requirement to have a sense of humour and expose the ridiculousness in many of the approaches and attitudes that I had adopted in the past, and other people on projects had adopted.

So if you are really serious about testing – take it seriously enough to laugh at it. And start with yourself, and your processes, don’t start with other peoples.

Have you mocked your testing today?

Complete Guide To Software Besting

I think we all know that “Testing is not Besting the Software produced” but if you want a persona to adopt as you test then periodically adopt the “Bester”.

This thinking hat will let you approach testing in a different way than the other hats you wear.

You have to decide your own limits in your software testing approach, so make sure your limits allow you to exceed the the requirements for ‘goodness’, you want to be better than that.

“I Object!”, Re-oriented Software Testing: A Heretical Approach

I think that we have to think heretically. We have to pursue the path that we consider true, treating all dogma as valid grounds for testing and evaluating alternatives.

Testers need to think and act differently, otherwise why would other Software Professionals want you on their project?

We need to make decisions contextually and based on knowledge, not from dogma.

You need to take responsibility for your test approach – and if that choice requires that you fly in the face of fashion and the masses, then I hope you do it.

The more heretics we have, the more we will advance in unexpected ways.

Other Reading Material?


This is based on the Test Bash talk I gave in March 2012. You can read Marcus Gartner’s summary of it here

Perhaps I’d like you to read “Selenium Simplified”, but maybe I’d rather you just bought it… and a few copies for your friends.

But what about you? What testing books would you like to read, that haven’t been written yet?

Share on facebookShare on twitterShare on emailShare on printMore Sharing Services

source: http://www.eviltester.com/

Did you like this? Share it:

Attacking the Recovery Capability of Applications during Software Testing

Recovery testing is an important & generally overlooked technique. Instead of ignoring the inevitably of bugs, it faces them head-on by investigating how software will react in the face of a trouble. It is applicable across all phases of software testing, and is especially productive at exposing bugs on systems under heavy load and stress. It is essential that the software testing engineers give due consideration to recovery implications while developing their test plan.

Software’s ability to recover from a failure is an important contributor to its robustness. Recovery can also be one of the most interesting test focus areas. How much recovery testing is needed largely depends upon the nature of the target program, as well as the operating system environment it will operate within.

At the other end of the spectrum are environments in which an application that fails is simply expected to crash and the entire operating system will need to be rebooted before the application can be restarted cleanly. Most software lies somewhere in between.

Various forms of recovery testing covers Function Verification Test (FVT), System Verification Test (SVT) and integration test disciplines.
Here in this post I am discussing the Function Verification Test (FVT) & System Verification Test (SVT).

A) Methods of attacking programs during Function Verification Test

According to the situation, there are many different ways in which we can attack a program’s recovery capabilities during FVT. Few of them I am describing below. However before we can check how well a program recovers from an error, we need a way to generate that error in the first place.
Some of the options I am describing here are given below.

Option –1: By using Special Tools and Techniques
In some cases, an error can be easily created through external means, such as filling up a log file or killing a process. But many times such techniques aren’t enough during FVT. As a software testing engineer we need to simulate a bad parameter being passed from one module to another, or force an error interrupt to occur just as the module reaches a critical point in its processing. It may not be obvious to us how to go about injecting such errors, but several techniques are available to us.

a) Stub Routines:
If we need to force another module or component to pass bad input into our target software, we need to replace that module with a small stub routine. The stub routine will do little more than accept incoming requests, then turn around and reply to them in a reasonable way. However, it will purposely corrupt the one parameter we are interested in. Alternatively, rather than replacing a module with a stub we can tamper with the module itself, altering it to pass back bad data when called by our target software.

These approaches will only work if the module we intend to "stub out" is called infrequently under conditions, which we can externally generate. Ideally, it would only be called by the module under test. We don’t want to insert a bogus stub routine that will be invoked millions of times per second for routine tasks by many other modules in the component. If we do, its identity as an impostor will quickly be revealed and the software will surely stumble. This stubbing approach obviously creates an artificial environment, so it’s probably the least desirable method listed here. But under the right circumstances, it can be useful.

b) Zapping Tools:
Some systems have tools that allow the software testing engineer to find exactly where a particular module is loaded in memory on a running system, display its memory, and change bytes of that memory on the fly. This dynamic alteration of memory is called a zap. If we can’t find such a tool for the system we are testing on, we can consider writing our own. We will probably find that creating a crude zapping tool is not a major undertaking.

A zapping tool gives us an easy means to selectively corrupt data. We can also use it to overlay an instruction within a module with carefully constructed garbage, so when that instruction is executed it will fail. As with the stub routine case, care must be used not to meddle in an area that is frequently executed on the running system, or the volume of errors we will generate will be overwhelming. However, zapping is not nearly as artificial a technique as stub routines. In the right situations it can be very effective.

c) Error Injection Programs:
Another approach is to create a small seek-and-destroy program to inject the desired errors into the system. To create such a program we must first determine exactly what error we wish to inject by studying the target software. Let us say the module in question maintains a queue of pending requests, and a counter which indicates the current length of the queue. When the module scans the queue, it relies on this counter to determine if it has reached the end. We decide to corrupt that counter so that the queue scanning code will fall off the end of the queue and throw an error.

To implement this plan, software testing engineers write a small program that operates with full system privileges. It follows a chain of system control structures until it locates our target module in memory. Our program establishes addressability to this module’s dynamic area (i.e., access to its variables), examines the current contents of the counter variable, doubles it, and then exits. The next time the target module tries to traverse the full queue, it’s in for a surprise.

This is a simple example, but try to imagine other cases where our error injection program corrupts the contents of a control structure shared by multiple modules within a component, or performs other nasty deeds. In essence, this is nothing more than automating the function of a manual zapping tool. But because the seek-and-destroy program is operating at computer speeds, it can be much more nimble and precise in its attacks.

d) Emulators and Hypervisors:
Through things called emulators and hypervisors, it’s possible to create what is known as virtualized environments. For this discussion all we need to realize is that they create another layer of software between an operating system and the hardware it runs on. In some implementations, this extra layer has special debugging capabilities that can be used to set breakpoints. These breakpoints can freeze the entire system when triggered. This gives the software testing engineer an opportunity to stop the system at a specific point, corrupt memory or register contents, then restart it and watch the recovery support take action.

This is quite different from the sort of breakpoint function available in interactive debuggers, which can create a very artificial environment. In virtualized environments, the operating system and all of the middleware and applications running on top of it are unaware of the existence of this extra layer. When a breakpoint is hit, the entire system stops not just one module. At that point, the virtualization layer hands control over to the software testing engineer.

Such technology is not universally available. But if we have access to a virtualized environment that supports break-pointing capabilities, it probably offers the most powerful mechanism for injecting errors during FVT.

Option –2: Enabling the Restartability of Program
The most basic recovery option is enabling a program to restart cleanly after a crash. In FVT, the focus is placed on failures within individual components of the overall product. We will generally need to trick a component into crashing. We can do this in a virtualized environment by setting a breakpoint at some specific location in its code. When the breakpoint hits we can insert carefully corrupted data, set the system’s next instruction pointer to the address of an invalid instruction, or zap the component’s code itself to overlay a valid instruction with some sort of garbage that’s not executable. We then resume the program after the breakpoint, watch it fail, and ensure it generates the appropriate failure messages, log entries, dump codes, etc. If it has robust recovery support, it may be able to resume processing as if nothing had happened. If not, it may force the entire product to terminate.

If the program terminates, software testing engineer can then restart it and determine if it restarts successfully and is able to process new work (or resume old work, depending on its nature). If we resorted to zapping the component’s code with garbage to force it to crash, and that code remains resident in memory, then we will need to repair the overlay prior to restarting the program (or it will just fail again).

Option –3: Using Component level Recovery out of Anticipated Errors
Most commercial software has some sort of component-level (or object-level) recovery, whether it is operating system-managed, or more basic signal try-and-catch mechanisms employed by some programming languages. At a high level, the idea is to establish a recovery environment around a chunk of code, such that if an error interrupt (e.g., program check, I/O error) occurs, the recovery routine will be given control to take some sort of action. That action could be as simple as issuing an error message. Or, it could be as complex as generating a memory dump, logging or tracing the error, releasing program-owned resources and serialization, and freeing held memory. It might even restore overlaid data in key control structures and retry the failed operation.

There may be a long list of anticipated error types for which the recovery routines take unique actions. At a minimum, our FVT plan should include scenarios for forcing each of those errors. After each error, we need to ensure the recovery code processes them correctly. It should issue the correct error messages, trace entries, log records, generate a valid memory dump, or perform whatever action the code is designed for. When choosing locations within a component to inject errors, prime consideration should be given to points where memory is obtained, shared resources are in use, or serialization mechanisms (e.g., locks, mutexes) are held. These areas are complicated to handle properly during recovery processing, and so are good grounds for test exploration.

Sufficient Diagnostic Data:
Our test plan should also include an attempt to verify that any error information generated is sufficient for its intended purpose. If a message is presented to the end user, is there enough information so the user can make an intelligent decision about what to do next? Or, if there’s no reasonable action the user can take, is the message necessary at all or will it just lead to needless confusion? If diagnostic data is generated, will it be sufficient to determine the root cause of the problem? This is where we go beyond simply testing to the specifications, and instead determine in a broader sense if the function is "fit for purpose." As a software testing engineer, we bring a different perspective to the table than does the developer. We need to be sure to leverage that perspective to ensure the program’s actions are useful and helpful.

Option –4: Using Component-level Recovery out of Unanticipated Errors
A thorough test plan will go beyond errors that the program’s recovery support was coded to handle. It will also investigate how the program responds to unanticipated errors. At a minimum, the code should have some sort of catchall processing for handling unknown errors (if it doesn’t, we may have found our first bug). We need to be a little devious here. We need to use the instruction zapping approach if necessary, but find a way to force the code to react to errors it hasn’t attempted to address, and then ensure it reacts reasonably. Again, software testing engineers use their own end-user view to determine what "reasonably" means for this program.

Also included in this category are errors that occur at the system level but also impact the individual component. These errors can include memory shortages, hardware element failures, network problems, and system restarts. Force or simulate as many of these types of errors as seem relevant, and discover if the component handles them gracefully – or if it takes a downward nosedive.

B) Methods of attacking programs during System Verification Test (SVT)
The objective of SVT is also similar to FVT, namely to wreak controlled havoc and see how the software responds. But in SVT, the focus shifts from a narrow, component-level view to an entire product view. It also folds load / stress into the picture. This is critical, because it’s common for recovery processing to work perfectly on an unloaded system, only to collapse when the system is under heavy stress.

Restartability: In System Verification Test, there are two aspects to restartability.

1) Program crash
2) System crash

1) Program crash: Here, because we are operating at an end-user level in which techniques such as setting breakpoints are not applicable, there must be an external way to cause the program to fail. Such external means could include bad input, memory shortages, or a system operator command designed to force the program to terminate fast and hard. Alternatively, input from software testing engineers during the software’s design might have led to the inclusion of special stability features that can aid with error injection.

An advantage to using external means to crash the program is that we are able to send normal work to the program so it is busy doing something at the time we force the crash. Programs that die with many active, in-flight tasks tend to have more problems cleanly restarting than idle ones do, so we are more likely to find a bug this way.

2) System crash: This case is similar to program crash, except that any recovery code intended to clean up files or other resources before the program terminates will not have a chance to execute. The approach here should be to get the program busy in processing some work, and then kill the entire system. The simplest way to kill the system is simply to power it off. Some operating systems, like z/OS, provide a debugging aid that allows a user to request that a particular action be taken when some event occurs on a live system. That event could be the crash of a given program, the invocation of a particular module, or even the execution of a specific line of code. The action could be to force a memory dump, write a record to a log, or even freeze the entire system. In z/OS, this is called setting a trap for the software. If such support is available, then another way to kill the system is to set a trap for the invocation of a common operating system function (like the dispatcher), which when sprung will take the action of stopping the system immediately so we can reboot it from there.

After the system reboot, restart the application and check for anomalies that may indicate a recovery problem by watching for messages it issues, log entries it creates, or any other information it generates as it comes back up. Then send some work to the program and ensure it executes it properly and any data it manipulates is still intact. Restartability is the most basic of recovery tests but, if carefully done, will often unearth a surprising number of defects.

Clustered System Failures:
Some software are designed to operate in a clustered environment to improve its scalability or reliability characteristics. Devise scenarios to probe these capabilities.

For example, consider a group of Web application servers clustered together, all capable of running the same banking application. An additional system sits in front of this cluster and sprays incoming user requests across the various systems. If one server in the cluster fails, the sprayer should detect the loss and send new work elsewhere. We can try crashing a server and restarting it, all the while watching how the remaining systems react. Another scenario might be to crash several members of the cluster serially before restarting any of them, or crashing multiple members in parallel

# What if the sprayer system crashes?

# Does it have a hot standby that will take over to keep work flowing? Should it?

# Does any data appear corrupted after completion of the recovery process?

# All such possibilities are fair game for the wily tester.

Environmental Failures:
Depending on the nature of the software under test, it may need to cope with failures in the underlying environment. In the case of operating systems, this usually means failure of hardware components (e.g., disk drives, network adapters, peripherals). For middleware and applications, it usually means the failure of services that the operating system provides based on those hardware components.

# What happens if a file system the application is using fills up, or the disk fails?

# What if a path to a required Storage Area Network (SAN) device fails or is unplugged by a careless maintenance person?

# What if a single CPU in a multiprocessing system fails?

# Are there any cases in which the operating system will alert the application of environmental failures?

# How does the application respond to such information?

Even if the application has no specific support for such events, it may still be worthwhile to see how badly it is compromised when the unexpected happens. In the mainframe world, tools are used to inject error information into specific control structures in memory on a running system, and then force a branch to the operating system’s interrupt handler to simulate the occurrence of various hardware failures. Similar tools can be created for Linux or other operating systems. This sort of testing is very disruptive, so unless we have our own isolated system, we will need to schedule a window to execute these scenarios to avoid impacting everyone else’s work.

Natural Failures:
During the course of normal load / stress or longevity runs, the software being tested will almost surely fail on its own, with no help from the software testing engineer.

# Rather than cursing these spontaneous, natural errors, take advantage of them.

# Do not look only at the failure itself; also examine how the program dealt with it.

# Monitor recovery processing to see how the software responds to unplanned failures.

source:http://www.softwaretestinggenius.com/attacking-the-recovery-capability-of-applications-during-software-testing

Did you like this? Share it:

Firms overlooking dangers of attack kits

Concept image representing virus malware

An increasingly elusive and sophisticated class of online attack kits is posing a far greater threat to enterprises than most realise, according to researchers with HP.

Jason Jones, an ASI team lead for HP’s DV Labs security division, told V3 that exploit tools, such as the Blackhole platform, are becoming harder to track and detect for security researchers and anti-malware vendors.

Through the use of techniques such as obfuscated code in Javascript, attackers are able to hide their activities and target recently disclosed vulnerabilities which have yet to be patched on many systems.

In some cases, researchers are finding attacks capable of infecting as much as 80 per cent of the systems targeted.

"They are able to hide the exploit code from detection whole its passing over the wire," Jones explained.

"You have to really pay attention to how they are doing it, the wi’ll change the way they are doing it so the are not detected very well."

Further complicating matters, said Jones, was the growing complexity and sophistication of the malware market. As cybercriminals invest more money in attack kits, developers are able to provide improved management and support systems, such as regular software updates, analytics and web management portals.

The growth is occurring at a time when many firms are preoccupied with the growth in advanced persistent threat (APT) attacks. With incidents such as the Shady RAT and Flame outbreaks dominating headlines,

Jones believes that by fixating on APTs and zero-day attacks, many firms are leaving themselves open to infections from the far more prevalent crop of web-based exploit kits.

"People are worried about the zero-days and they do not remember that other vulnerabilities are patched, but are your systems patched?" he asked.

"Making sure you are patched first and then worrying about the unknown would be a better mindset."

source:http://packetstormsecurity.org/news/view/21250/Firms-Overlooking-Dangers-Of-Attack-Kits.html

Did you like this? Share it:

Performance Testing vs Load Testing vs Stress Testing – Examples

Performance testing – It is performed to evaluate the performance of components of a particular system in a specific situation. It very wide term. It includes: Load Testing, Stress Testing, capacity testing, volume testing, endurance testing, spike testing, scalability testing and reliability testing etc. This type of testing generally does not give pass or fail. It is basically done to set the benchmark & standard of the application against Concurrency / Throughput, Server response time, Latency, Render response time etc. In other words, you can say it is technical & formal evaluation for responsiveness, speed, scalability and stability characteristics.

Performance Testing vs Load Testing vs Stress Testing - Examples

Load Testing is subset of performance testing. It is done by constantly increasing the load on the application under test till the time it reaches the threshold limit. The main goal of load testing is to identify the upper limit of the system in terms of database, hardware and network etc. The common goal of doing the load testing is to set the SLAs for the application. Example of load testing can be:

Running multiple applications on a computer simultaneously – starting with one application,Running multiple applications on a computer simultaneously – starting with one application, then start second application, then third and so on….Now see the performance of your computer.

Endurance test is also a part of load testing which used to calculate metrics like Mean Time Between Failure and Mean Time to Failure.
Load Testing helps to determine:

  • Throughput
  • Peak Production Load
  • Adequacy of H/W environment
  • Load balancing requirements
  • How many users application can handle with optimal performance results
  • How many users hardware can handle with optimal performance results

Stress testing – It is done to evaluate the application’s behaviour beyond normal or peak load conditions. It is basically testing the functionality of the application under high loads. Normally these are related to synchronization issues, memory leaks or race conditions etc. Some testing experts also call it as fatigue testing. Sometimes, it becomes difficult to set up a controlled environment before running the test. Example of Stress testing is:

A banking application can take a maximum user load of 20000 concurrent users. Increase the load to 21000 and do some transaction like deposit or withdraw. As soon as you did the transaction, banking application server database will sync with ATM database server. Now check with the user load of 21000 does this sync happened successfully. Now repeat the same test with 22000 thousand concurrent users and so on.

 

 

Spike test is also a part of stress testing which is performed when application is loaded with heavy loads repeatedly and increase beyond production operations for short duration.

Stress Testing helps to determine:

  • Errors in slowness & at peak user loads
  • Any security loop holes with over loads
  • How the hardware reacts with over loads
  • Data corruption issues at over loads

source: http://www.softwaretestingstuff.com/2011/09/performance-testing-vs-load-testing-vs.html

Did you like this? Share it:

Hackers expose 453,000 credentials allegedly taken from Yahoo service (Updated)

Hackers posted what appear to be login credentials for more than 453,000 user accounts that they said they retrieved in plaintext from an unidentified service on Yahoo.

The dump, posted on a public website by a hacking collective known as D33Ds Company, said it penetrated the Yahoo subdomain using what’s known as a union-based SQL injection. The hacking technique preys on poorly secured Web applications that don’t properly scrutinize text entered into search boxes and other user input fields. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information.

To support their claim, the hackers posted what they said were the plaintext credentials for 453,492 Yahoo accounts, more than 2,700 database table or column names, and 298 MySQL variables, all of which they claim to have obtained in the exploit.

"We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," a brief note at the end of the dump stated. "There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."

In a statement published by TechCrunch, Yahoo representatives confirmed a breach that hit the site’s Contributor Network (previously Associated Content) on Wednesday. The stolen data was contained in an "older file," and only about 5 percent of the exposed credentials were still valid on Yahoo.

"We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised," the statement continued. "We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com."

Because many people use the same credentials for multiple accounts, Ars isn’t identifying the address of the website that published the disclosure. But at time of writing, the URL wasn’t hard to find.

The TrustedSec blog is reporting that the hacked service may be Yahoo Voices, aka Associated Content. That speculation is based on the string "dbb1.ac.bf1.yahoo.com" included in the dump. The subdomain is associated with the voice service, the post said.

Article updated to reflect TrustedSec now says the compromised property is Yahoo Voices. Later updated to add official comment from Yahoo.

Editor’s Pick: Promoted Reader Comment
IntergalacticWalrus | Ars Praetorian jump to post At this point I guess we should always assume that every password we give to an online service is stored in plain text, and therefore avoid password reuse at all costs. Companies can’t be trusted to give a shit about your personal security, and lawmen and/or politicians are too fucking clueless about technology to understand that storing unencrypted passwords should be considered criminal negligence and dealt as such.

SevenFactors wrote:
Given all the resent hacks, not to mention the massive PlayStation Network incident [hopefully they learned & now are encrypting, hashing & salting] One would think that companies who know are stashing users credentials in plain text would be proactive and not wait till they get hacked to then take action.

Well what to expect, Yahoo got stuck in 1998

PSN passwords were encrypted and salted. There’s this common misconception that they were not because the initial disclosure of the attack stupidly used ambiguous terms, which they clarified later.
Last edited by IntergalacticWalrus on Thu Jul 12, 2012 8:42 am

                                                      563 posts | registered Nov 17, 2009

mohaine | Ars Centurion jump to post El Chupageek wrote:
The problem here was SQL Injection (which, btw Dan, is not caused by failure to scrutinize input but rather by NOT using prepared statements and properly binding the user input. There is a difference).

This statement couldn’t be more wrong.

Scrutinizing input (white list and/or blacklists) MIGHT stop SQL injection, but it only works if you happen to get it completely right. This damn hard with UTF and more advanced SQL engines. Proving you are doing this correctly is impossible to do. The best you can do is "Mostly Correct". Don’t trust your data to "Mostly Correct".

Property binding completely removes user input from the SQL parser, which fixes the issue with no worries.
                                                      

                                                       301 posts | registered Jun 15, 2004

source:http://packetstormsecurity.org/news/view/21233/Hackers-Expose-453-000-Credentials-Allegedly-Taken-From-Yahoo-Service.html

Did you like this? Share it:

Attacking the Recovery Capability of Applications during Software Testing

Recovery testing is an important & generally overlooked technique. Instead of ignoring the inevitably of bugs, it faces them head-on by investigating how software will react in the face of a trouble. It is applicable across all phases of software testing, and is especially productive at exposing bugs on systems under heavy load and stress. It is essential that the software testing engineers give due consideration to recovery implications while developing their test plan.

Software’s ability to recover from a failure is an important contributor to its robustness. Recovery can also be one of the most interesting test focus areas. How much recovery testing is needed largely depends upon the nature of the target program, as well as the operating system environment it will operate within.

At the other end of the spectrum are environments in which an application that fails is simply expected to crash and the entire operating system will need to be rebooted before the application can be restarted cleanly. Most software lies somewhere in between.

Various forms of recovery testing covers Function Verification Test (FVT), System Verification Test (SVT) and integration test disciplines.

Here in this post I am discussing the Function Verification Test (FVT) & System Verification Test (SVT).

A) Methods of attacking programs during Function Verification Test

According to the situation, there are many different ways in which we can attack a program’s recovery capabilities during FVT. Few of them I am describing below. However before we can check how well a program recovers from an error, we need a way to generate that error in the first place.

Some of the options I am describing here are given below.

Option –1: By using Special Tools and Techniques
In some cases, an error can be easily created through external means, such as filling up a log file or killing a process. But many times such techniques aren’t enough during FVT. As a software testing engineer we need to simulate a bad parameter being passed from one module to another, or force an error interrupt to occur just as the module reaches a critical point in its processing. It may not be obvious to us how to go about injecting such errors, but several techniques are available to us.

a) Stub Routines:
If we need to force another module or component to pass bad input into our target software, we need to replace that module with a small stub routine. The stub routine will do little more than accept incoming requests, then turn around and reply to them in a reasonable way. However, it will purposely corrupt the one parameter we are interested in. Alternatively, rather than replacing a module with a stub we can tamper with the module itself, altering it to pass back bad data when called by our target software.

These approaches will only work if the module we intend to "stub out" is called infrequently under conditions, which we can externally generate. Ideally, it would only be called by the module under test. We don’t want to insert a bogus stub routine that will be invoked millions of times per second for routine tasks by many other modules in the component. If we do, its identity as an impostor will quickly be revealed and the software will surely stumble. This stubbing approach obviously creates an artificial environment, so it’s probably the least desirable method listed here. But under the right circumstances, it can be useful.

b) Zapping Tools:
Some systems have tools that allow the software testing engineer to find exactly where a particular module is loaded in memory on a running system, display its memory, and change bytes of that memory on the fly. This dynamic alteration of memory is called a zap. If we can’t find such a tool for the system we are testing on, we can consider writing our own. We will probably find that creating a crude zapping tool is not a major undertaking.

A zapping tool gives us an easy means to selectively corrupt data. We can also use it to overlay an instruction within a module with carefully constructed garbage, so when that instruction is executed it will fail. As with the stub routine case, care must be used not to meddle in an area that is frequently executed on the running system, or the volume of errors we will generate will be overwhelming. However, zapping is not nearly as artificial a technique as stub routines. In the right situations it can be very effective.

c) Error Injection Programs:
Another approach is to create a small seek-and-destroy program to inject the desired errors into the system. To create such a program we must first determine exactly what error we wish to inject by studying the target software. Let us say the module in question maintains a queue of pending requests, and a counter which indicates the current length of the queue. When the module scans the queue, it relies on this counter to determine if it has reached the end. We decide to corrupt that counter so that the queue scanning code will fall off the end of the queue and throw an error.

To implement this plan, software testing engineers write a small program that operates with full system privileges. It follows a chain of system control structures until it locates our target module in memory. Our program establishes addressability to this module’s dynamic area (i.e., access to its variables), examines the current contents of the counter variable, doubles it, and then exits. The next time the target module tries to traverse the full queue, it’s in for a surprise.

This is a simple example, but try to imagine other cases where our error injection program corrupts the contents of a control structure shared by multiple modules within a component, or performs other nasty deeds. In essence, this is nothing more than automating the function of a manual zapping tool. But because the seek-and-destroy program is operating at computer speeds, it can be much more nimble and precise in its attacks.

d) Emulators and Hypervisors:
Through things called emulators and hypervisors, it’s possible to create what is known as virtualized environments. For this discussion all we need to realize is that they create another layer of software between an operating system and the hardware it runs on. In some implementations, this extra layer has special debugging capabilities that can be used to set breakpoints. These breakpoints can freeze the entire system when triggered. This gives the software testing engineer an opportunity to stop the system at a specific point, corrupt memory or register contents, then restart it and watch the recovery support take action.

This is quite different from the sort of breakpoint function available in interactive debuggers, which can create a very artificial environment. In virtualized environments, the operating system and all of the middleware and applications running on top of it are unaware of the existence of this extra layer. When a breakpoint is hit, the entire system stops not just one module. At that point, the virtualization layer hands control over to the software testing engineer.

Such technology is not universally available. But if we have access to a virtualized environment that supports break-pointing capabilities, it probably offers the most powerful mechanism for injecting errors during FVT.

Option –2: Enabling the Restartability of Program
The most basic recovery option is enabling a program to restart cleanly after a crash. In FVT, the focus is placed on failures within individual components of the overall product. We will generally need to trick a component into crashing. We can do this in a virtualized environment by setting a breakpoint at some specific location in its code. When the breakpoint hits we can insert carefully corrupted data, set the system’s next instruction pointer to the address of an invalid instruction, or zap the component’s code itself to overlay a valid instruction with some sort of garbage that’s not executable. We then resume the program after the breakpoint, watch it fail, and ensure it generates the appropriate failure messages, log entries, dump codes, etc. If it has robust recovery support, it may be able to resume processing as if nothing had happened. If not, it may force the entire product to terminate.

If the program terminates, software testing engineer can then restart it and determine if it restarts successfully and is able to process new work (or resume old work, depending on its nature). If we resorted to zapping the component’s code with garbage to force it to crash, and that code remains resident in memory, then we will need to repair the overlay prior to restarting the program (or it will just fail again).

Option –3: Using Component level Recovery out of Anticipated Errors
Most commercial software has some sort of component-level (or object-level) recovery, whether it is operating system-managed, or more basic signal try-and-catch mechanisms employed by some programming languages. At a high level, the idea is to establish a recovery environment around a chunk of code, such that if an error interrupt (e.g., program check, I/O error) occurs, the recovery routine will be given control to take some sort of action. That action could be as simple as issuing an error message. Or, it could be as complex as generating a memory dump, logging or tracing the error, releasing program-owned resources and serialization, and freeing held memory. It might even restore overlaid data in key control structures and retry the failed operation.

There may be a long list of anticipated error types for which the recovery routines take unique actions. At a minimum, our FVT plan should include scenarios for forcing each of those errors. After each error, we need to ensure the recovery code processes them correctly. It should issue the correct error messages, trace entries, log records, generate a valid memory dump, or perform whatever action the code is designed for. When choosing locations within a component to inject errors, prime consideration should be given to points where memory is obtained, shared resources are in use, or serialization mechanisms (e.g., locks, mutexes) are held. These areas are complicated to handle properly during recovery processing, and so are good grounds for test exploration.

Sufficient Diagnostic Data:
Our test plan should also include an attempt to verify that any error information generated is sufficient for its intended purpose. If a message is presented to the end user, is there enough information so the user can make an intelligent decision about what to do next? Or, if there’s no reasonable action the user can take, is the message necessary at all or will it just lead to needless confusion? If diagnostic data is generated, will it be sufficient to determine the root cause of the problem? This is where we go beyond simply testing to the specifications, and instead determine in a broader sense if the function is "fit for purpose." As a software testing engineer, we bring a different perspective to the table than does the developer. We need to be sure to leverage that perspective to ensure the program’s actions are useful and helpful.

Option –4: Using Component-level Recovery out of Unanticipated Errors
A thorough test plan will go beyond errors that the program’s recovery support was coded to handle. It will also investigate how the program responds to unanticipated errors. At a minimum, the code should have some sort of catchall processing for handling unknown errors (if it doesn’t, we may have found our first bug). We need to be a little devious here. We need to use the instruction zapping approach if necessary, but find a way to force the code to react to errors it hasn’t attempted to address, and then ensure it reacts reasonably. Again, software testing engineers use their own end-user view to determine what "reasonably" means for this program.

Also included in this category are errors that occur at the system level but also impact the individual component. These errors can include memory shortages, hardware element failures, network problems, and system restarts. Force or simulate as many of these types of errors as seem relevant, and discover if the component handles them gracefully – or if it takes a downward nosedive.

B) Methods of attacking programs during System Verification Test (SVT)
The objective of SVT is also similar to FVT, namely to wreak controlled havoc and see how the software responds. But in SVT, the focus shifts from a narrow, component-level view to an entire product view. It also folds load / stress into the picture. This is critical, because it’s common for recovery processing to work perfectly on an unloaded system, only to collapse when the system is under heavy stress.

Restartability: In System Verification Test, there are two aspects to restartability.

1) Program crash
2) System crash

1) Program crash: Here, because we are operating at an end-user level in which techniques such as setting breakpoints are not applicable, there must be an external way to cause the program to fail. Such external means could include bad input, memory shortages, or a system operator command designed to force the program to terminate fast and hard. Alternatively, input from software testing engineers during the software’s design might have led to the inclusion of special stability features that can aid with error injection.

An advantage to using external means to crash the program is that we are able to send normal work to the program so it is busy doing something at the time we force the crash. Programs that die with many active, in-flight tasks tend to have more problems cleanly restarting than idle ones do, so we are more likely to find a bug this way.

2) System crash: This case is similar to program crash, except that any recovery code intended to clean up files or other resources before the program terminates will not have a chance to execute. The approach here should be to get the program busy in processing some work, and then kill the entire system. The simplest way to kill the system is simply to power it off. Some operating systems, like z/OS, provide a debugging aid that allows a user to request that a particular action be taken when some event occurs on a live system. That event could be the crash of a given program, the invocation of a particular module, or even the execution of a specific line of code. The action could be to force a memory dump, write a record to a log, or even freeze the entire system. In z/OS, this is called setting a trap for the software. If such support is available, then another way to kill the system is to set a trap for the invocation of a common operating system function (like the dispatcher), which when sprung will take the action of stopping the system immediately so we can reboot it from there.

After the system reboot, restart the application and check for anomalies that may indicate a recovery problem by watching for messages it issues, log entries it creates, or any other information it generates as it comes back up. Then send some work to the program and ensure it executes it properly and any data it manipulates is still intact. Restartability is the most basic of recovery tests but, if carefully done, will often unearth a surprising number of defects.

Clustered System Failures:
Some software are designed to operate in a clustered environment to improve its scalability or reliability characteristics. Devise scenarios to probe these capabilities.

For example, consider a group of Web application servers clustered together, all capable of running the same banking application. An additional system sits in front of this cluster and sprays incoming user requests across the various systems. If one server in the cluster fails, the sprayer should detect the loss and send new work elsewhere. We can try crashing a server and restarting it, all the while watching how the remaining systems react. Another scenario might be to crash several members of the cluster serially before restarting any of them, or crashing multiple members in parallel.

# What if the sprayer system crashes?

# Does it have a hot standby that will take over to keep work flowing? Should it?

# Does any data appear corrupted after completion of the recovery process?

# All such possibilities are fair game for the wily tester.

Environmental Failures:
Depending on the nature of the software under test, it may need to cope with failures in the underlying environment. In the case of operating systems, this usually means failure of hardware components (e.g., disk drives, network adapters, peripherals). For middleware and applications, it usually means the failure of services that the operating system provides based on those hardware components.

# What happens if a file system the application is using fills up, or the disk fails?

# What if a path to a required Storage Area Network (SAN) device fails or is unplugged by a careless maintenance person?

# What if a single CPU in a multiprocessing system fails?

# Are there any cases in which the operating system will alert the application of environmental failures?

# How does the application respond to such information?

Even if the application has no specific support for such events, it may still be worthwhile to see how badly it is compromised when the unexpected happens. In the mainframe world, tools are used to inject error information into specific control structures in memory on a running system, and then force a branch to the operating system’s interrupt handler to simulate the occurrence of various hardware failures. Similar tools can be created for Linux or other operating systems. This sort of testing is very disruptive, so unless we have our own isolated system, we will need to schedule a window to execute these scenarios to avoid impacting everyone else’s work.

Natural Failures:
During the course of normal load / stress or longevity runs, the software being tested will almost surely fail on its own, with no help from the software testing engineer.

# Rather than cursing these spontaneous, natural errors, take advantage of them.

# Do not look only at the failure itself; also examine how the program dealt with it.

# Monitor recovery processing to see how the software responds to unplanned failures.

source:http://www.softwaretestinggenius.com/attacking-the-recovery-capability-of-applications-during-software-testing

Did you like this? Share it:

Penetration Testing – Complete Guide with Sample Test Cases

What is Penetration Testing?
It’s the process to identify security vulnerabilities in an application by evaluating the system or network with various malicious techniques. Purpose of this test is to secure important data from outsiders like hackers who can have unauthorized access to system. Once vulnerability is identified it is used to exploit system in order to gain access to sensitive information.

Causes of vulnerabilities:
- Design and development errors
- Poor system configuration
- Human errors

Why Penetration testing?
- Financial data must be secured while transferring between different systems
- Many clients are asking for pen testing as part of the software release cycle
- To secure user data
- To find security vulnerabilities in an application

Penetration testing

It’s very important for any organization to identify security issues present in internal network and computers. Using this information organization can plan defense against any hacking attempt. User privacy and data security are the biggest concerns nowadays. Imagine if any hacker manage to get user details of social networking site like Facebook. Organization can face legal issues due to a small loophole left in a software system. Hence big organizations are looking for PCI compliance certifications before doing any business with third party clients.

What should be tested?
- Software
- Hardware
- Network
- Process

Penetration Testing Types:
1) Social Engineering: Human errors are the main causes of security vulnerability. Security standards and policies should be followed by all staff members to avoid social engineering penetration attempt. Example of these standards include not to mention any sensitive information in email or phone communication. Security audits can be conducted to identify and correct process flaws.

2) Application Security Testing: Using software methods one can verify if the system is exposed to security vulnerabilities.

3) Physical Penetration Test: Strong physical security methods are applied to protect sensitive data. This is generally useful in military and government facilities. All physical network devices and access points are tested for possibilities of any security breach.

Pen Testing Techniques:
1) Manual penetration test
2) Using automated penetration test tools
3) Combination of both manual and automated process
The third process is more common to identify all kinds of vulnerabilities.

Penetration Testing Tools:
Automated tools can be used to identify some standard vulnerability present in an application. Pentest tools scan code to check if there is malicious code present which can lead to potential security breach. Pentest tools can verify security loopholes present in the system like data encryption techniques and hard coded values like username and password.

Criteria to select the best penetration tool:
- It should be easy to deploy, configure and use.
- It should scan your system easily.
- It should categorize vulnerabilities based on severity that needs immediate fix.
- It should be able to automate verification of vulnerabilities.
- It should re-verify exploits found previously.
- It should generate detailed vulnerability reports and logs.

Once you know what tests you need to perform you can either train your internal test resources or hire expert consultants to do the penetration task for you.

Examples of Free and Commercial Tools –
Nmap, Nessus, Metasploit, Wireshark, OpenSSL, Cain & Abel, THC Hydra, w3af
Commercial services: Pure Hacking, Torrid Networks, SecPoint, Veracode.

Limitations of Pentest tools: Sometimes these tools can flag false positive output which results in spending more developer time on analyzing such vulnerabilities which are not present.

Manual Penetration Test:
It’s difficult to find all vulnerabilities using automated tools. There are some vulnerabilities which can be identified by manual scan only. Penetration testers can perform better attacks on application based on their skills and knowledge of system being penetrated. The methods like social engineering can be done by humans only. Manual checking includes design, business logic as well as code verification.

Penetration Test Process:
Let’s discuss the actual process followed by test agencies or penetration testers. Identifying vulnerabilities present in system is the first important step in this process. Corrective action is taken on these vulnerability and same penetration tests are repeated until system is negative to all those tests.

We can categorize this process in following methods:
1) Data collection: Various methods including Google search are used to get target system data. One can also use web page source code analysis technique to get more info about the system, software and plugin versions. There are many free tools and services available in the market which can give you information like database or table names, DB versions, software versions, hardware used and various third party plugins used in the target system.

2) Vulnerability Assessment: Based on the data collected in first step one can find the security weakness in the target system. This helps penetration testers to launch attacks using identified entry points in the system.

3) Actual Exploit: This is crucial step. It requires special skills and techniques to launch attack on target system. Experienced penetration testers can use their skills to launch attack on the system.

4) Result analysis and report preparation: After completion of penetration tests detailed reports are prepared for taking corrective actions. All identified vulnerabilities and recommended corrective methods are listed in these reports. You can customize vulnerability report format (HTML, XML, MS Word or PDF) as per your organization needs.

Penetration testing sample test cases (test scenarios):
Remember this is not functional testing. In Pentest your goal is to find security holes in the system. Below are some generic test cases and not necessarily applicable for all applications.

1) Check if web application is able to identify spam attacks on contact forms used in the website.
2) Proxy server – Check if network traffic is monitored by proxy appliances. Proxy server make it difficult for hackers to get internal details of the network thus protecting the system from external attacks.
3) Spam email filters – Verify if incoming and outgoing email traffic is filtered and unsolicited  emails are blocked. Many email clients come with in-build spam filters which needs to be configured as per your needs. These configuration rules can be applied on email headers, subject or body.
4) Firewall – Make sure entire network or computers are protected with Firewall. Firewall can be a software or hardware to block unauthorized access to system. Firewall can prevent sending data outside the network without your permission.
5) Try to exploit all servers, desktop systems, printers and network devices.
6) Verify that all usernames and passwords are encrypted and transferred over secured connection like https.
7) Verify information stored in website cookies. It should not be in readable format.
8 ) Verify previously found vulnerabilities to check if the fix is working.
9) Verify if there is no open port in network.
11) Verify all telephone devices.
12) Verify WIFI network security.
13) Verify all HTTP methods. PUT and Delete methods should not be enabled on web server .
14) Password should be at least 8 character long containing at least one number and one special character.
15) Username should not be like “admin” or “administrator”.
16) Application login page should be locked upon few unsuccessful login attempts.
17) Error messages should be generic and should not mention specific error details like “Invalid username” or “Invalid password”.
19) Verify if special characters, html tags and scripts are handled properly as an input value.
20) Internal system details should not be revealed in any of the error or alert messages.
21) Custom error messages should be displayed to end user in case of web page crash.
22) Verify use of registry entries. Sensitive information should not be kept in registry.
23) All files must be scanned before uploading to server.
24) Sensitive data should not be passed in urls while communicating with different internal modules of the web application.
25) There should not be any hard coded username or password in the system.
26) Verify all input fields with long input string with and without spaces.
27) Verify if reset password functionality is secure.
28) Verify application for SQL Injection.
29) Verify application for Cross Site Scripting.
31) Important input validations should be done at server side instead of JavaScript checks at client side.
32) Critical resources in the system should be available to authorized persons and services only.
33) All access logs should be maintained with proper access permissions.
34) Verify user session ends upon log off.
35) Verify that directory browsing is disabled on server.
36) Verify that all applications and database versions are up to date.
37) Verify url manipulation to check if web application is not showing any unwanted information.
38) Verify memory leak and buffer overflow.
39) Verify if incoming network traffic is scanned to find Trojan attacks.
40) Verify if system is safe from Brute Force Attacks – a trial and error method to find sensitive information like passwords.
41) Verify if system or network is secured from DoS (denial-of-service) attacks. Hacker can target network or single computer with continuous requests due to which resources on target system gets overloaded resulting in denial of service for legit requests.

These are just the basic test scenarios to get started with Pentest. There are hundreds of advanced penetration methods which can be done either manually or with the help of automation tools.

Further reading:
Pen Testing Standards – PCI DSS (Payment Card Industry Data Security Standard), OWASP (Open Web Application Security Project), ISO/IEC 27002, OSSTMM (The Open Source Security Testing Methodology Manual).
Certifications – GPEN, Associate Security Tester (AST), Senior Security Tester (SST), Certified Penetration Tester (CPT).

Finally as a penetration tester you should collect and log all vulnerabilities in the system. Don’t ignore any scenario considering that it won’t be executed by end users.

source:http://www.softwaretestinghelp.com/penetration-testing-guide/

Did you like this? Share it: