Skip to content

Platform / language / framework vulnerabilities knowledge

Image by Santhosh Shivanand Tuppad

Most of testers I have seen start testing without trying to know on what platform the product have been built or what language has been used or what framework has been used. There are vulnerabilities even in programming languages framework and as you get latest version most of vulnerabilities might be fixed. So this post explains you by giving you an example by conveying a message that why do you need to have vulnerability knowledge of platform / languages / framework?

Example with explanation

You must have used web products and have surely come across “Password” field. Here, you see that password has been masked and is displayed as “asterisk” or “bullets”. One of your test ideas might be to see whether this could be copied and pasted. What you might do is you select all asterisk or bullet or unmasked characters and paste it in either notepad or text editor to see if they are decrypted to original password.

If you haven’t done it then you might try now. Visit orkut.com and enter your credentials. After typing your password copy and paste it in notepad. You will see that there is no decryption that is happening but you will see the characters (masked). This is perfect and no problem with this.

Suppose, tomorrow you are asked to test a product and it also has password field. Now, it might happen so, that you won’t repeat the same test idea which you followed that is copy / paste password because you think that it won’t happen because of many reasons like, browser is same, how can it be decrypted so easily? And many other reasons you might have. But, I must say that if you have such kind of assumptions you are wrong.

Evidence

Try downloading a product that is developed in Adobe Flex platform. It has a password field. Enter some text and you will see asterisk or bullets or masked characters which are same as products developed in other languages like HTML, PHP, and ASP etc.

Problem is here

After you copy / paste characters from Password field from Adobe Flex product into notepad or any text editor you will be surprised to see unmasked characters or decrypted characters.

If you did not have this test idea in your mind, then please do store it in your mind. So what do you understand by this?

You need to be updated with what language or platform or framework has been used to develop the product or specific product module. It helps you to know the vulnerabilities and please do not make assumptions that it worked properly there so it might work here too as feature is same.

Knowing these details helps you test better and faster. How?

Suppose, you know vulnerabilities of a specific programming language(s) then before testing a product you will know on what language it has been developed and you will check what programming version has the product been developed? And once you see a version with vulnerabilities you will try to see if the problem is reproducible. These types of problems might be Showstoppers as version of programming language itself has to be updated. So this might be a good enough test idea that you might want to use in your testing activity.

SanthoshTuppad

I have been as a software tester for over 5 years. I am a hands-on tester and I've been winning bug battles & testing competitions across the world. I am a testing enthusiast, who conducts free workshops on security testing across India (Covered locations: Bengaluru, Pune, Hyderabad & Chennai. Invite him to come to your location), and monthly meets for testers in Bengaluru. I am also an avid testing blogger.

My interests include traveling, driving my SUV, health & fitness and many others. I mentor budding entrepreneurs, testers, teams in any profession.

Latest posts by SanthoshTuppad (see all)

Share/Bookmark

One Trackback/Pingback

  1. pligg.com on Sunday, July 11, 2010 at 10:01 pm

    Platform / language / framework vulnerabilities knowledge | Santhosh Tuppad’s…

    Most of testers I have seen start testing without trying to know on what platform the product have been built or what language has been used or what framework has been used. There are vulnerabilities even in programming languages framework and as you g…

Post a Comment

Your email is never published nor shared. Required fields are marked *
*
*