What are the risks and liabilities with instant messaging?

There are a number of risks and liabilities associated with Instant Messaging. Till today several attempts have been done in order to create a unified IM standard. 

Few have been mentioned below:

1. Session initiation protocol or SIP of IETF.
2. SIP for instant messaging and presence leveraging extensions or SIMPLE.
3. APEX or application exchange.
4. IMPP or instant messaging and presence protocol.
5. XMPP or open XML – based extensible messaging and presence protocol.
6. Instant messaging and presence service of open mobile alliance (this one was developed exclusively for the mobiles.)

Although a number of benefits are given by instant message, there are also many risks and liabilities associated with it. This happens particularly when one uses IM at his/ her workplace. 

Associated risks and liabilities are:

1. Security risks
2. Inappropriate use
3. Compliance risks
4. Trade secret leakage

About Security Risks

- Security risks involve infecting the systems with viruses, worms, spyware and Trojans etc.

- Hackers and crackers make use of IM vectors for making phishing attempts, introducing the file attachments laden with virus and poisoned URLs. 

- Two main methods are used by the hackers for delivering the malicious code via instant messaging:

1. Delivering viruses, spyware or Trojan horses through an infected file.
2. Using the socially engineered text that has a web address enticing the recipient to go to an URL that in turn connects him/ her to a malicious website.

- The first kind of means i.e., the Trojans, worms and viruses propagate themselves by infecting the whole contact list of the user. 

- An attack done through means of a poisoned URL may infect 1000s of user’s system in a very short duration i.e., just when each of the person in the user’s contact list receives a message that appears to be from a trusted source. 

- Thus, when the recipients click on the web address, the whole cycle repeats. - Such infections might be for some criminal or a nuisance reasons. 

- These attacks are getting more sophisticated with time. 

- The connections in the instant messaging are usually in plain text. 

- This is what that makes them vulnerable to threats such as eavesdropping. 

- Also, with instant messaging, the UDP ports are left exposed to the world inviting many potential security vulnerabilities and raising many security issues.

About Inappropriate Use

 

- All the organizations, be of any type need protection against the liability of the inappropriate use of the IM service by the employees. 

- The nature of the IM, be it immediate, informal or anonymous marks it as an abuse of the workplace. 

- In a number of nations, a legal responsibility has been set up by the corporations in order to make sure that the working environment is free of any harassment for the employees. 

- Instant messaging is now included as an integral part of the policies of the companies regarding the appropriate use of services such as e – mail and world wide web and some other corporate assets.

About Compliance Risks

- Using the IM services at workplace also induces a risk concerning the non – compliance to laws and regulations that govern the use of electric communications. 

- The need for the production of the archived business communications that would satisfy the judicial requests is what to which most of the common regulations is related to. 

- There are a number of IM communications falling under the category of business communications and are retrievable. 

What are benefits of instant messaging?

Instant messaging comes with both risks and benefits. Here we focus up on its benefits.

Benefits of Instant Messaging

1. IM serves to be of great advantage in the environments that are geographically dispersed. The major benefit here is that it cut downs on the cost of expensive phone calls.
2. The communication channels can be augmented with the help of instant messaging. This will become clear from the following: suppose there is a conversation going between an external client and the team members can converse within themselves using IM for clarification of some points or plotting a strategy. Here, the IM is said to serve as a back channel.
3. IM serves as an efficient tool for clearing up the clutter on desktop and lets you respond immediately. Most of the business processes are time sensitive: problem resolution, crisis management, customer service etc. to name a few. IM is the solution for all these processes.
4. IM serves well in case of an emergency. The critical information can be rapidly disseminated to the whole company or individuals in cases such as that of health issues. Natural catastrophes, schedule changes, or network outages etc. most of the times, the network of IM services works well when most of other e – mail and phone networks are down.
5. A number of work groups can be linked through IM. Thus, it acts as a bonding between the two groups. The productivity of the ad-hoc contacts can be increased by enabling them to be quickly added to some work group.
6. IM services can also be used for routing the IMs to cell phones through the IM – to – SMS (short messaging service) gateway services. An example of such a service is find – me service.
7. Through IM services people have a quick reach to the experts if they want to survey multiple consultants or to have an instant consultation.
8. IM is a sort of self–service. People can place queries to the human resource virtual agents via person to machine IM services for obtaining information regarding enrollments or benefits. This also provides the staff with access to the data and speeds up the business processes.

More about Intant Messaging

- IM is one of the few small things that are a must for the effective communication 

- However, IM is embraced as a useful utility at workplace by some owners of small businesses. 

- IM services have been used to completely replace the traditional methods of communications or to provide support them. 

- IM is also a real – time means for communication. 

- But the text records of the IM conversations are kept by the exchange just as in the case of e–mail messages.

- This lets the IM function as a quick conference call without having the employees leave their desks. 

- It acts as a powerful means for bringing all the people on a web page common to all.  

- IM is an effective tool for conducting group chat. 

- Nowadays, such IM platforms that allow for group text chatting. 

- Plus, they also allow you to save the chat history. 

- Team members that are at some off- site locations can be connected through IM. 

- Through IM it becomes easy to stay connected and archive files.

How Instant Messaging Works?

Instant Messaging or IM is a very popular trend among all these days. A number of instant messaging services today offer features such as web conferencing, voice over IP and other video calling features. With such features both the IM features and video calling abilities can be integrated. 

About Working of Instant Messaging

- Each IM service has its own client that may be either a browser based client or some separate piece of software.

- These clients typically work with their sole company but some are designed in such a way that they support other services also. 

- There are some other third party clients that can connect with a number of major IM services. 

- Few such examples are Miranda IM, Trillian, Adium and so on.

- The IM program installed on your system connects to the IM Company via internet. 

- Here the user’s identity is verified. This process is termed as authentication. 

- After verification, the information or the ‘messages’ can be start exchanging between the users. 

- This IM program installed on your system is called the IM client. 

- When you start it up, it connects to the IM server of its company. 

- To log in to the IM service, you need to have an user ID and password. 

- Once they are verified to be correct, you are logged in. You are connected to the IM network. 

- A list of your friends who are currently online will be displayed. Your list will be changing as per who all are signing in and out. 

- People might have set different IM status such as ‘online’, ‘offline’ or ‘busy’ etc. when you type a message to your friend and hit enter; this message reaches him after traveling from your IM client through the IM server to which it is connected.

- The messages you send reach directly to your friends. 

- A pop up IM window displays your message to them. 

- As the chat progresses further, the messages travel to and fro between the two clients with very less delay of time. 

- Consider sending a file to your friend. You attach the file to the text and press enter. 

- Then your IM client will place an inquiry at the IM server to know the status of your friend. 

- If your friend is connected to internet, a direct connection to his IM client is established.

- The reason for using a direct connection is that it is much faster and efficient rather than sending files through a number of intermediate servers in case of an indirect connection. 

- Also, using a direct connection saves on bandwidth. 

- Instant messages are quite small in size and messages of a whole month may sum up to only 1 megabyte that is quite a tiny amount of space.

- This also enables instant messaging services to work equally on slow as well as fast internet connections.

How Inter-operability is supported by Instant Messaging?

- An instant messaging service can support a number of simultaneous conversations. 

- These are small applications that can cater to only small business needs. 

- But for larger organizations more sophisticated applications are required that can work in cooperation. 

- The enterprise versions of these applications provide solution to these problems.

- Some examples of larger IM applications are:

1. XMPP
2. Lotus same time
3. Microsoft office communicator and so on.

- These applications can be integrated with the workflow systems.

- These applications are also known as EAI or enterprise application integration as per certain constraints such as data storage in a specified format. 

- Several attempts have been made for creating a unified standard. 

What is meant by Instant Messaging?

Almost everyone today is familiar with the term ‘Instant messaging’ or IM in short. 

- This is a type of communication that sustains over the internet and quickly transmits the text based messages between people (i.e., senders and receivers). 

- The basic purpose of IM is to provide “real time direct written language–based online chat”. 

- It does this through push mode and other shared clients between two or more people using personal communication devices (mobiles) and personal computers. 

- A network such as the internet is used for conveying the text message for the person it is intended for. 

- IM addresses two kinds of communications namely:

1. Point – to – point communications i.e., from one person to another one person.
2. Multicast communications i.e., from one sender to a number of receivers.

- Nowadays, much enhanced modes of communication have been introduced by advanced instant messaging services. 

- Some enhancements are inclusion of video chat, audio calling and hyperlinks to other media etc. 

- The umbrella term is the online chat under which the concept of IM falls. 

- The similarity between them is that they are text based, happens in real time and offer bi – directional flow of messages. 

- The only distinction is that the IM is based up on clients. 

- The connections between the known users are facilitated by these clients only through a contact list (also known as friend list or buddy list).

- On the other hand, chat works up on web – based applications that facilitate communication between multiple users.

- A number of communication technologies that facilitates text based communication are combined together to provide the service of instant messaging. 

- The biggest feature of the IM – chats is that they take place in real time just like a phone call. 

- IM is different from the other web services such e–mail in the sense that users here perceive the “quasi – synchronicity of the communications”. 

- In IM, you can message only those people who are online at that time. 

- However, there exist some systems that allow you to message offline people, thus drawing some similarity between e–mail and IM.

- IM is cheap and effective means for efficient communication. 

- It allows immediate receipt of the message and also enables us to reply back immediately. 

- However, it is not necessary that the transaction control might support the IM. 

- In some cases there are additional features that make IM more interesting as mentioned below:

1. Enabling users to see each other via web cam.
2. Using headphones and microphones and talk for free over internet.
3. File transfers
4. Saving a text conversation for future reference.

- Instant messaging came much before the internet and first appeared on systems such as multics (multiplexed information and computing service) and CTSS or compatible time sharing system which are multi – user systems. 

- Some of the IM services such as ytalk, talk, ntalk and so on, peer – to – peer protocol.

- Some other examples of early IM services are:

1. Zephyr notification service
2. Bulletin board system or BBS
3. Freelancin round table
4. Compuserve CB simulator: this was the first dedicated online chat service

- Real time text was also a feature of these early instant messaging services.   

- AOL’s real time IM implements the modern real time text feature as an optional feature. 

- Video calling features such as web conferencing services can integrate both IM abilities and video calling.

What issues should be considered when deciding whether to automate a test? How to generate an automated test script?est Scripts, Scripts

Execution of the test sets lies at the center of any testing process. As the software system or application encounters changes, the defects are located by running both manual as well as automated tests in the project. Also, the quality of the tests is assessed by running the tests itself. 

Issues considered when deciding to go for automation?

- Deciding which all tests have to be automated is a part of the test planning process. 

- Two options namely manual and automated are available for the execution of the tests. 

- If you go with the manual execution of the tests, you can begin with the execution just after you finish defining the test steps. 

- If you go for automating the tests, the test scripts need to be generated and completed. 

- Below we state the issues that should be considered when deciding to go for automation:

1. Do Automate: Only the tests which are data driven or which make use of multiple data values for the same operation, which run with every new version of the application as a measure to check its functionality i.e., regression testing, which are for stress testing i.e., run many times and tests that facilitate the checking of a server system or multi-user client system (load testing) must always be automated.
2. Do not automate: The tests which are meant for a single execution, need to be executed immediately, check for the usability of the tests and whose result cannot be predicted should not be automated.

Steps for generating Automated Test Scripts

Below mentioned steps can be followed for the generation of the automated test scripts:

1. First, click on the test plan tab in order to enable the display of the test plan module.
2. Locate the manual test that you want to automate by selecting the subject folder available at the root of the test plan tree. There click on the find button and the find folder/ test dialog box will open up.
3. Type the name of the test to be searched for in the ‘value to find’ field of the box. Check the ‘include tests’ check box so that the test director can be instructed to look for folders and tests. Finally click on find option. ‘Search results’ dialog box will pop up thus displaying all the possible matches. Click on go to button and the test will be highlighted in the test plan tree. Close this dialog box.
4. Click on the design steps tab in order to display the design steps tab.
5. For generating a test script click on the generate script button. You can choose either of the following options:

a) QUICKTEST_ TEST: For generating an astra quicktest test or quick test professional test.

b)   WR – AUTOMATED: For generating a winrunner test.

The above two options will be available if the corresponding add ins have been installed. Once the test has been automated, the manual test symbol ‘M’ will be replaced by automated test icon.

6. For viewing the test script click on the test script lab. Click on the launch button for displaying and modifying the test script in the testing tool where it was created.

Whenever an automated test is run, the testing tool selected by the tester is opened by the test director automatically and the test is run on either the remote hosts or local machines. The tests can be run either from the execution flow tab or the execution grid tab.

What is Silk Test Architecture?

Whenever the graphical user interface of any software system or application is tested, a manipulation is done to the windows, menus, buttons and so on via input sources such as key board and mouse clicks etc. 

These windows, menus, buttons and so on are nothing but the GUI objects which are interpreted by the silk test. 

Later, in the test automation process the silk test recognizes these GUI objects based up on two things that uniquely identify them namely:

1. Object class properties and
2. Object methods

The operations that are performed on that particular application software by the users are usually in terms of input from keyboard and mouse clicks. 

These events are simulated by the silk test and the results thus obtained are subjected to automatic verification. 

This whole process is carried out by two very distinct components of the silk test mentioned below:

1. Silk host software and
2. Silk agent software

Both of these components are installed on different machines: the host machine and the target machine. 

- Host machine is for the silk host software whereas target machine is for the second component of the silk test. 

- The host component plays an important role in the development of the test scripts as well as the test plan.

- Using the components the following operations can be carried out on the test scripts:

1. Creating
2. Editing
3. Deleting
4. Compiling
5. Running
6. Debugging etc.

- The latter component of the silk test i.e., the agent is configured to interact with the graphical user interface of the AUT or application under test. 

- The agent is responsible for monitoring as well as driving the application under test. 

- The commands in test scripts are written in the 4test language. 

- These need to be translated in to specific equivalent GUI commands. 

- This task is also achieved by the silk agent software. 

- One thing that should be taken care of is that the application under test should be installed on the same machine as of the agent and on no machine else. 

- Matching objects to that of the GUI objects are created in the 4test and each one is unique. 

- Silk test completes test automation in a period of 4 steps:

1. Creation of a test plan
2. Recording of the test frame
3. Creation of the test cases
4. Execution of the test cases and interpretation of the test results.

- The interaction between the GUI of the application and the silk test is necessary since the operations need to be submitted to the application for simulation. 

- During the simulation, the silk test is said to be the simulated user whose work is to drive the application under test. 

- Since the AUT does not recognize the difference between the simulated user and the actual user, it behaves exactly in the same way as it reacts to an actual user. 

- In addition, you can have an agent as a local agent installed on the host machine. 

- Machines other than the host machine on which agent is installed in a network are called target machines. 

- The application under test is driven by the silk test and in turn drives the server like always. 

- Silk test is quite a powerful tool and can be used to drive the GUI of a server directly by running the scripts which will send equivalent SQL scripts to the data base of the server. 

- In such a way the server application is manipulated directly thus supporting the testing involving a server being driven by a client.

Is there any problem in using scripts created on v6.0 to 6.5 or higher versions?

In some cases, it may happen that while trying to automate a java swing application using an early version of silk test such as the silk test 5.0.3. You found that the objects and controls in the application window of the application under test or AUT might not be recognizable by the silk test. 

This is just an example of problems of such category and at times you may wonder if the higher versions such as the silk test v 6.0 or silk test v 6.5 are suitable for automating your application or not? Or does the silk test comes with some extensions or add – ons as an alternate for overcoming such situations. 

The version 6.0 of the silk test is known to have some bugs in it, however, the Segue software has known to resolve these known issues. Actually, advancing form a lower version to a higher version of the silk test must not pose a problem. 

Though this is a general statement that we made on the basis of observation of several instances, it is not necessary that it should turn out to be true in all the cases. You may face some problems with the scripts that will work on an earlier but not on higher versions such as 6.0 and above because the object recognition patterns in both of them are not the same and vary from version to version. 

There are certain situations where the two paths of the script might be used for performing the same action but based up on the version. 

The silk test version 6.0 and silk test version 6.5 are somewhat similar and though no problems are experienced in advancing from version 6.0 to version 6.5 of the silk test. 

The various client forms of silk test are available such as those stated below:

1. Silk test classic: This client of the silk test makes use of the domain specific language called “4test” for scripting of the test automation scripts. This language just like the C++ language is an object oriented language. Just like C++ it also makes use of the Object Oriented concepts such as following:

a)   Inheritance

b)   Classes and

c)   objects

2. Silk 4J: This client of the silk test enables one to follow test automation by using java as the scripting language in eclipse.
3. Silk 4 net: This client of the silk test also enables one to follow test automation by using VBScript or sometimes using C# as the scripting language in the visual studio.
4. Silk test work bench: This client of the silk test enables the testers to carry out the automation testing using VB.net as the scripting language as well as on a visual level.

Below stated is the list of the silk test versions that have been released till now:

1. Borland silk test 13- june 2012
2. Micro focus silk test 2011 – November 2011
3. Micro focus silk test 2010 R2 WS 2 – may 2011
4. Micro focus silk test 2010 R2 – December 2010
5. Micro focus silk test 2010 – july 2010
6. Silk test 2009 – august 12, 2009
7. Silk test 2008 SP1 – jusly 2008
8. Silk test 2008 – april 2008
9. Silk test 2006 R2 service pack 2 – September 2007
10. Silk test 2006 R 2 service pack 1 – june 2007
11. Silk test 2006 R2 – January 2007
12. Silk test 2006 – September 2006
13. Silk test 8.0 – may 2006
14. Silk test 7.6 – September 2005
15. Silk test 7.5 – june 2005
16. Silk test 7.1 – October 2004
17. Silk test 6.5 – November 2003
18. Silk test 6.0 – November 2002
19. Silk test 5.0.1 – September 1999
20. QA partner 4.0 – November 1996

How to perform Cross platform testing and Cross browser testing using QTP?

Two types of particular testings can be performed easily using the quick test professional and they are mentioned below:

1. Cross platform testing and
2. Cross browser testing

What is meant by cross platform?

Cross platform can be defined as an attribute that can be given to a software system or application that can be operated across multiple computer platforms. Today there are two types of cross platform softwares available as mentioned below:

1. Softwares that require individual compilation for each platform that is supported by them and
2. Softwares that require no individual compilation and can be run directly on any platform that they support.

For a software system or application to be entitled as cross platform software it is required that it operates successfully on both the following:

   1. More than one operating system and

   2. Computer architecture.

- Checking a software whether or not it is cross platform compatible is a time consuming activity since all the different operating systems come with a different API or application programming interface. 

- Whenever a software system or application is designed as such that it can support multiple platforms, the demand for its quality assurance increases dramatically. 

- For ensuring this quality the cross platform testing is carried out.

What is meant by cross browser?

- Cross browser is an attribute for web sites, web applications, client side scripts and HTML constructs which are able to perform well in the environments or browsers which have the required features and also in the browsers and environments which lack those features. 

- Today, there are many browsers available and all of them are used by the end users for accessing the same web site or web application. 

- Therefore, it has become equally important that the web site or web application must be able to function properly on all web browsers. 

- This is ensured only by carrying out the cross browser testing.

- Also, the same request made on a web site or web application is handled differently by different browsers.

- Cross browser testing not just tests the client side of the web application but it also tests the server side behavior of the web site or application. 

- Therefore, there are two types of cross browser testing:

1. Server side cross browser testing
2. Client side cross browser testing

Now coming to how the cross platform testing and cross browser testing is performed using quick test professional. For performing these two types of testing in quick test professional you need to create separate actions for operating systems as well as browsers. 

How Cross Platform Testing is performed in QTP

- The cross platform testing can be facilitated with the help of built-in environment variable in quick test professional since using it one can dig up the information of the operating system. 

- Later, the actions recorded on this particular platform can be called. 

- On the other hand, using the actions created for the browsers you can extract the browser information. 

- The actions that are relevant to that particular browser should only be called. 

How Cross Browser Testing is performed in QTP?

Before beginning with the cross browser testing you need to get the type of browser that you are using by following an example mentioned below:

Browser( “core values”)

For getting a particular version of a browser,

getROproperty( “version” )

- Any dynamic browser changes are not allowed in quick test professional while the scripts are in running mode. 

- These scripts need to be configured for the current browser. 

- Also, you should set up the driver scripts in the beginning itself so that you can easily change your configuration settings whenever required. 

Explain how the data is secured in HTTPS?

HTTP secure or HTTPS can be thought of as an extended version of the regular HTTP. This communication protocol is the widely used one next to the regular HTTP when it comes to having a secure communication path between the user and the server over a computer network. 

The HTTPS finds quite a wide deployment over the internet when compared to deployment over intranet. If we understand it deeply we will come to know that in actual it is not a protocol in itself as it seems so from outside. 

It is actually a regular hyper text transfer protocol (HTTP) simply layered over SSL/ TSL protocol. The SSL/ TSL protocol thus lends its security capabilities to the standard HTTP communications when HTTP is layered up on SSL/ TSL. 

In this article we discuss how the data is secured in HTTPS. As we mentioned above that it is quite deployed in the internet services and it is so because it provides a quite convenient means to authenticate the web site as well as the web server associated with it (with which the connection is being established).

How data is secured in HTTPS

Such an authentication is of much importance as it provides the protection against the man in middle attacks which usually occurs because of eavesdropping between our communications with the server. 

- Moreover, HTTPS provides bidirectional encryption of the communications or the data that is exchanged between the clients and the servers. 

- The ability of the bidirectional encryption by virtue of which it protects against tampering and eavesdropping which otherwise would forge the contents of the communications between the clients and the servers, makes it much necessary. 

- HTTPS comes with a reasonable guarantee that you get to communicate only with the web site which you intended to communicate with and with none else.  - Furthermore, a way to prevent the forgery of the contents of the communication that takes place between the users and the clients cannot be hampered or forged by any of the third parties is ensured by the http secure. 

- In HTTPS, the entire HTTP is levied up on the top of the TSL or SSL thus enabling the total encryption of the HTTP communications content.

- This communications content includes:

1. Request URL which states the particular web page that was requested.
2. Query parameters
3. Headers
4. Cookies containing the identity information about the user and so on. 

Negative Points of HTTPS

Though the HTTPS has got many advantages, its minus point cannot be unseen.

-HTTPS cannot protect the disclosure of the communication content.

-This happens so because the addresses of the host web sites and port numbers form a necessary part of the TCP/ IP protocols that underlie the https. -To be seen practically, it means that the identity of the server can still be inferred by the eavesdroppers even on a correctly configured web server as well as the amount and duration of the communication.

-In the early years, the HTTPS was common to be used in the money transactions over the World Wide Web and other sensitive transitions like e- mails.

-In the recent years it has been known for the following:

1. Authenticating the web pages,
2. Providing security to the accounts,
3. Maintaining the privacy of the user communications, web browsing and identity.

The HTTPS has also come to the rescue of the wi- fi since it is highly prone to attacks being un- encrypted. The importance of https is often more realized when the connections are made over tor or anonymity network.