Month: October 2016

Penetration testers sure need special testing tools to be able to do their jobs successfully. Of what use is it trying to do the job of a machine manually? Any attempt to do penetration testing manually leads to excessive time consumption and fatigue. This can on its own produce human errors.

There are several professional tools readily available for penetration testers to make use of in order to make their jobs faster, efficient and more accurate. Below is a list of five penetration testing tools that you can employ for your testing anytime you wish to.

• Metasploit
• W3af
• Netsparker
• Back Track
• Wireshark

 

Metasploit

Metasploit is the most popular and advanced framework for penetration testing. It is built on the ‘exploit’ concept, a code for surpassing security arrangement and gaining entry into certain systems. When it successfully enters the system, it executes a ‘payload’, a code which carries out operations on a machine it targets, thereby helping to generate the framework that is ideal for pen testing.

Metasploit can be used on networks, web applications, servers, and others. It also works on Microsoft Windows, Linux, and Apple Mac OS X. It comes with a line of command and a GUI interface that is clickable. The product is produced for commercial use.

 

W3af

This is an Audit Framework and Web Application Attack. It has a line of command and works on Apple Mac OS X, Microsoft Windows, and Linux. Its outstanding features include: it injects payloads into different types of HTTP requests, it integrates web and proxy servers into the code, and its HTTP requests are quite fast. You can download all versions of W3af for free.

 

Netsparker

Netsparker has a strong web application scanner that is able to discover vulnerabilities, suggest actions that would help fix them, and lots more. With this tool, you can exploit SQL injection and Local File Induction (LFI).

Netsparker has a line of command and GUI interface. It only works on Microsoft Windows. As a commercial product, you need to pay for it before gaining unrestricted access for its use. You can get a trial version on their official website.

 

Back Track

Back track is one of the best tools that can be used for Injecting and Packet Sniffing. In order to be able to use this tool effortlessly, you need to be an expert in TCP/IP protocol and networking. It has a new version known as Kali Linux, and it works on Linux machines only. There are free versions that you can easily use without cost.

 

Wireshark

Wireshark is a network protocol analyzer that has gained fame because of its ability to offer the smallest details regarding your packet information, network protocols, decryption, and the rest. With the help of a GUI or TTY-mode TShark utility, you can easily view the information retrieved through this tool.

Conclusion

The above-listed penetration testing tools are among the best you can find anywhere. They are quite trusted and are able to deliver quality, tangible results that would not be contested by any standard. So, you can try them to see how they really work.

The beauty of any software testing is your ability to track the progress being made. If you cannot track your progress, then it would be difficult to know how much success is being recorded and also when your set goal has been achieved. Here is an introduction about the Software testing progress tracking and its PDF tutorial version.

Software tracking involves everything we do as testers to measure the planned against the actual over time. The role we play will usually determine what we track. For instance, if it is for quality assurance, we will be interested in tracking the progress of test cases, defects, man-hours, and the rest. But if we are financial investors, our interest would be to track how much money has been spent. In a nutshell, tracking would involve anything that is connected to results and the efforts put into getting the results. Below are some of the things you would love to track.

Track Planned hours/Actual hours:

It is necessary to track what we planned for versus what eventually we ended up spending. This will help us determine whether we were able to achieve our goals within or outside the set time. Tracking man-hour will help us discover any deviations and also know why the deviations exist in the first place. It is possible that deviations could occur from only certain testers, and possibly with testers handling just a specific part of the software. There is also the possibility of deviations occurring on certain days of the week. Whatever form the deviation takes, it helps us to get useful information that could point to a specific type of problem, thereby providing a clue on how to handle them.

Track Man-hours/Test case executed:

Tracking man-hour versus test case executed is also important. There is always that desire to try and force down this aspect in order to reduce cost. However, we must always have it at the back of the mind that making this faster does not usually mean that you are going to have higher quality software.

Track Test cases executed/Planned:

If you want to ensure that you get the least amount done as far as executing our test cases, then there is the need to track the test cases executed versus the planned. If the cases are taking too long to execute regularly, then all is not well; a change is needed. Besides, going faster on a regular basis also indicates that something might be wrong with the test cases, especially when no defects are found or detected.

Track Test cases executed/Defects found:

This metric just shows how good our test cases are in regards to their ability to detect or find defects. When you run a test case and no defects are found, it does not translate to the fact that defects do not exist in the software. Same is true if you run a test case with a low ratio of defects found.

Conclusion

Tracking software testing progress is necessary in order to know whether the set target is met or not. It also enables testers to detect when there are defects that need to be corrected.

Do you know that several millions of WordPress sites are hacked daily? As bogus as the number may seem, WordPress sites are not the only sites that are attacked by hackers, other sites and personal computers equally are. One reason why some of these sites get so easily hacked is because a “penetration testing” wasn’t done to ascertain the level of vulnerability.Here is an overview about Penetration testing, why it necessary, types and steps involved etc. Also refer the PDF tutorial version.

What is penetration testing?

Penetration testing otherwise referred to as “pen testing” or “security testing” is the act of attacking your own or your clients’ IT systems to mimic an attack by a hacker, in order to detect security flaws within the system and then take appropriate measures to get them fixed.

Before carrying out a penetration testing

It should be noted that hacking is illegal in most countries and it attracts serious punishment if one is caught hacking into another person’s system. Therefore, before performing penetration testing, it is required that you inform the owner of the IT system about what you intend to do, and be sure that he/she grants you the ‘Go ahead’.

Why penetration testing is necessary

Penetration testing is necessary for the following reasons:

• Penetration testing is needed to guarantee the security of data in the financial sectors like stock trading exchanges, banks, and Investment banking.
• Doing penetration testing proactively is the best way to ensure your system is not hacked.
• In a situation whereby the software system has already been hacked, penetration testing becomes the best way to determine whether there are still loopholes that potential hackers can cash in on to repeat a future hack.

Types of penetration testing

Essentially, there are three types of penetration testing. The type of test carried out depends on the type of attack that is anticipated from within or from without. The three types of testing include

• Black Box Testing
• White Box Penetration Testing
• Grey Box Penetration Testing

In a black box testing, the tester has no prior knowledge of the system he is to test. He does the collection of data about what is to be tested by himself.

In white box penetration testing, the complete information that the tester needs to perform the test is provided to him. It is intended to mimic an attack from an insider or an employee.

In grey box penetration testing, partial knowledge of the system is provided to the tester. This is taken as an attack by an external hacker who has already gained unpermitted access to the database of an organization.

Steps in penetration testing

In order to effectively perform a penetration testing, the following activities are required:

1. Planning phase
   • To determine the scope and strategy of the test
   • The scope is defined through existing security policies and standards
2. Discovery phase
   • All necessary information – data, usernames, passwords, etc are collected. This is equally referred to as FINGERPRINTING
   • Scan, as well as probe into the ports
   • Check the system for vulnerabilities
3. Attack phase
   • Get necessary security privileges and then look for exploits for the various vulnerabilities
4. Reporting phase
   • Your report must contain comprehensive discoveries
   • Risks of vulnerabilities detected and the possible impact on business
   • Advice and solutions (if there are any)

Conclusion

Penetration testing is ‘a must’ for any business that wishes to operate in a healthy and risk-free environment. It is the best way to act proactively to keep your databases free from attacks.

A lot of people get confused when the words, ‘Agile’ and ‘Kanban’ are mentioned. While some have never heard those words all their lives, few seem to have, but do not quite understand the differences between the two. Well, this post will try and make some clarifications about them. Here is an overview about the difference between Agile Vs Kanban and it the use of Kanban with Agile in testing & development. Also refer the PDF version of this tutorial.

Agile is a deviation from the traditional way of management, which though has been embraced for a long time, actually slows software development and testing processes. Agile remains the future of software development. However, change is always taken with skepticism at first; so, a lot of people still find it difficult to embrace this modern technology.

What exactly is Agile?

The Agile manifesto defines Agile as an idea supported by a set of values and beliefs. It identifies a target culture that is used to deliver software successfully. Agile is seen by some, as a family of processes.

Today, Agile software development teams are able to make things faster by matching the amount of work that is in progress to the capacity of the team. This makes it possible for teams to have more flexible planning options, a focus that is clearer, transparency, and faster output. The Agile practice has brought more success to software development teams. A proper understanding of how the basic things work helps software teams to commence practice with little or no overhead.

What is Kanban?

Kanban is a method applied in the management of knowledge work which creates a balance between the demand for work to be done and the capacity available for the new work to be started. It visualizes work items that are non-tangible in order to enable all participants to have a view of the individual items’ progress, and the process from when a task is defined to when it is delivered to the customer. Team members rather “pull” work based on their capacity, than “pushing” the work into the process when requested.

When it comes to using Kanban for software development, Kanban can be seen then, as a visual process-management system that assists in making decisions regarding what should be produced, when it should be produced, and how it should be produced.  The method is more general because one can apply it to any professional service, where work outcome is intangible instead of being physical. The method was started by Toyota in the late 1940s, as they sought to optimize their engineering processes.

Where Agile and Kanban Fuse

Agile teams, today adopt Kanban as one of their most popular software development methodologies. Agile adopts Kanban because of the numerous advantages that Kanban presents in planning tasks and in helping the team to properly execute them.

Some of the advantages that Kanban offers the Agile team include Planning flexibility, Reduced bottlenecks, Continuous delivery, Shortened cycle times, and Visual metrics. All these will help make software development and delivery effortless.

Conclusion

Agile is a system put in place to facilitate fast product delivery, ensuring that quality is not compromised. But adding Kanban to Agile makes it even more effective. If you have not tried these software development processes, it is time to do so and see how much differences they offer.

As the world of software development keeps growing, developers are gradually leaning toward the use of agile testing as the preferred method of testing and executing their projects. Agile involves testing in scrum.Here is an overview about Agile Scrum testing and its PDF version Guide.

How does the Scrum Testing work?

In Scrum, tasks are divided into small time frames otherwise known as time boxes. This is to allow for the delivery of specific features in the release so that after each iteration, the working software build can be delivered. The software builds are usually done incrementally (when it comes to adding features). But the final build is equipped with all the features the customer would need. The Agile methodology has some basic characteristics and they include:

• It entails the active involvement of all the stakeholders or users
• Decisions are usually made by the project team
• It focuses on delivering products frequently
• Testing is done throughout the lifecycle of the project
• They capture requirements at a high level
• Iterations are developed through small, incremental releases
• Graduation to the next iteration means that each feature has to be completed first
• It is an iterative development technology that needs the cooperation between the self-organizing team and the customer for substantive progress to be made.

Meetings Involved

• Sprint Planning: In this meeting, the subject of discussion is the sprint backlog which centers on number of user stories, project scope, and other important issues. Activities are planned and the acceptance criteria for each sprint are also defined.
• Daily Review: This is necessary to get the progress of the development and testing. It makes everything clear regarding the risks or problems associated with the development or testing stage.
• Sprint Review meeting: At the end of each sprint, customers are presented with deliverables and the product is then developed based on mutual consent.
• Sprint Retrospective meeting: This is the period of evaluation to know what went well and where improvements are needed.

Role of a tester in Scrum

The following are the roles of a tester in scrum:

• Discuss and understand the story of each user with the stakeholders before making a decision on the criteria for acceptance of same
• Ensure the satisfaction of customers through the early delivery of software with high quality, giving highest priority to continuous delivery
• Ensuring cooperation between developers, testers, and business people all through the project
• Be adaptable to any kind of change
• Test cases need to be developed in accordance with the criteria for accepting the story; this needs to be adjusted whenever the story changes
• QA has to track the testing progress each day and ensure regular feedback
• The level of story has to be estimated and time assigned for each story
• Iteratively deliver software with high quality, from a few weeks to a few months

Challenges of Agile Scrum

Agile Scrum is not without its own challenges. Chief among the challenges are:

• There is need to estimate the testing effort for each user
• Limitation in environment and resources, as well as team’s capacity
• Team direction may be misinterpreted if customers do not understand the requirements
• It requires dynamic change in volume and speed
• There are simultaneous planning and test execution
• Frequent code changes increase the risk of regression

Conclusion

Agile and Scrum testing is a necessary test that you need to subject your software to before it is approved for the market. Its purpose is to ensure that all is well and that users’ specifications are met.

Lean software testing is a testing method with the primary objective of building software that has improvement as its main purpose, as well as reducing risk.  Their primary focal point is to discover waste and delays in any testing, and proffer a working solution to them. They have speed, quality and customer alignment at the back of the mind when developing a system or software. Here is quick introduction about Agile & lean testing & pdf tutorial.

Core values of lean

Lean other known as ‘Lean Manufacturing’ has some core values which give it an edge over any other software testing systems. The core values include:

• To eradicate waste
• Build in quality
• Create knowledge
• Defer commitment
• Fast delivery
• Respect for people
• Optimize the whole

Agile was actually built on the principles of Lean and that is the reason why it working and it’s quite reliable. Agile simply works on the premise that any system that must function effectively and be trusted must have workable and fool-proof principles.

Agile

Agile is a set of principles and values that are laid down in the Agile manifesto. The manifesto was formulated to checkmate the popular heavyweight methodologies that were in some ways hindering the ideal ways of doing software projects. The idea thing is to create software that is helpful to the customer.

The science behind LEAN is responsible for the smooth working that Agile values and principles enjoy today. Without the foundation of lean, there will be no Agile. Those principles are:

• Customer satisfaction should be of highest priority
• Changing requirements must be welcome
• Software should be delivered frequently
• Developers and business people need to cooperate daily
• Motivated people should be the pivot on which projects are built
• Face-to-face conversation is best
• Progress measured by working software
• Sustainable development speed
• Uninterrupted attention to technical excellence
• Teams that are self-organizing
• Regular reflection and adaptation

Any project that obeys these principles and values would be seen as being agile. For agile teams to be able to achieve a level of agility, certain preferred practices have to be followed. They include:

• Scrum or Kanban (sometimes, a mixture of both) for “Management Practices”.
• Extreme Programming needed for Technical Practices – new practices are gaining popularity, mostly from lean Startups like Continuous Deployment and Testing in Production

An agile team that is good would always settle for the management and technical practices that they have tested and are sure really works. But a bad team does not care about the workability of practice; they always think they can make things agile themselves.

Conclusion

There is hardly a clear demarcation between Lean and Agile as Agile working principles are based purely on the science of lean. Therefore, for any system that wants to be agile, it should be prepared to inculcate the principles and science that drive agility. Remember that customer is at the core of any testing system and the primary focus of the testing to come with a product that truly satisfies the yearnings of the customer.

Have you just developed any software and you are thinking of how to test it out? Testing your software will lend credence to its authenticity and convince the intended users that the software truly works and could be trusted. There are different levels of testing that your software needs to pass through before it would be released into the market for the general public. So, what are those levels of testing?

Unit testing

The unit testing otherwise known as component testing involves verifying if the various components or specific units of the software truly work. It is intended to make sure that the codes are working and everything would be able to meet the users’ specifications. The least unit test involves the constructors and the destructors. One function could sometimes be subjected to multiple tests. Most times, these tests are carried out by the developers before they hand the software over to the testing team. This test usually helps to detect any software errors early enough in order to reduce risks associated with the development of the software, as well as save time and cost associated with correcting errors in the long run.

Integration testing

Integration testing is about putting together all the units within a program and then testing them to see how they function against a software design. It helps in discovering any defects in the interfaces and the way the integrated components or modules interact. Everything is progressively tested until the software is able to function as a system.

Component interface testing

This is used for testing the handling of data that are passed from one unit to the other or between the system components. It goes further than the full integration testing that those units are exposed to.

System testing

System testing otherwise known as end-to-end testing helps to test a system that is completely integrated, to ensure that its requirements are met. For instance, when doing a system testing, you may need to login, create and edit an entry, send or print results, as well as summary processing of entries before logging off.

Operational Acceptance testing

This is the final level of testing, and it involves checking if the software is ready to be released. At this point, the users have the opportunity to test the software to see if it meets their needs. This stage is necessary because some changes might have been effected in the course of developing the software, which could have been a misinterpretation of the intended purpose. With this final phase of testing, the actual users will have to test it to see if it can take care of their needs. If the software passes the test at this stage, it is then sent to the production unit to produce it for the market.

Conclusion

Software is not just conceived, produced and dumped on the intended users. They are subjected to series of tests to ensure that they meet the basic and specific requirements before they are finally produced for the market. For software to be accepted, it has to first go through the process of testing and approval. Otherwise, the software would not be trusted in terms of performance and security.