What is Perl Testing?

Various testing methodologies have become a corner stone for many of the development processes and PERL testing is one such testing methodology. 

"Perl testing is one such testing that is highly involved with the creation of automated test suites".

The creation of automated test suites with regard to the perl projects is assisted by around 400 testing and quality modules which are now available on the CPAN.

Now you must be thinking why only automated test suites in perl? 

The answer is that the with an automated test suite the developers as well as the project managers get a sense of confidence in the ability of the code that it can very well carry out a specification. 

What is Perl Testing?

- Perl development ethos has always viewed software testing as its central and critical part since years. 

- Gradually, a testing protocol by the name of TAP or ‘test anything protocol’ was set up for the perl in the year of 1987. 

- This TAP protocol is now available for so many languages. 

- Many of the test modules on CPAN like 100s make use of this TAP protocol. 

- With the help of this protocol it has been made possible to enable the following aspects:

1. Testing of data base queries
2. Testing of objects
3. Testing of web sites and so on.

- Around 250,000 tests have been developed for the core Perl language plus there are a same number of tests for the libraries that are associated with it. 

- There is one more advantage of the automated test suites which is that the additions are done to the code base as the changes in functional requirements are experienced. 

- But, while making the additions, re-factoring is required so as to avoid duplication. 

- Since, if there is enough code coverage the issues will automatically be highlighted by the test suite and then it becomes fairly easy to spot the changes that occur in the knock on effects of code. 

- The duty of the code coverage is to determine how much of the code has been tested since the execution of the test suite. 

- This metric however can be obtained from the developer and also the branches and sections of the code that are not being tested can also be reported. 

- Testers can combine the testing modules that are most frequently used and thus it serves a good starting point. 

- So, for the cases in which testing specific functionality is required, one only needs to add specific testing modules to the test.

- Perl has always recognized testing as a part of its culture. 

- With the TAP protocol, the communication between a test harness and several unit tests has been made possible. 

- The TAP producers can make communication regarding the test results to the testing harness in a way that is language agnostic. 

- Earlier the parser and producers were available for only this platform but now they are available for a variety of platforms. 

- The responsibility for the following purposes is taken up by the test anything web site:

1. Development of TAP
2. Standardization of TAP
3. Writing of test consumers
4. Writing of test producers
5. Evangelization of the language and so on.

- In many other testing methodologies, writing the tests and verifying them seems like to be a daunting task but it is pretty easy with the perl test facilities. 

- It is not always necessary that a large perl project must have an automated test suite. 

How will you check a web application for broken links using QTP?

Checking for the broken and ill links forms a very important aspect of any web testing profile. The below mentioned are few testings which take the priority of the web testing check list:

1. Usability testing
2. Functionality testing
3. Compatibility testing
4. Interface testing
5. Security testing
6. Performance testing

Out of all these the functionality testing tests the following basic aspects of a web page or site or application:

1. all the links in web pages
2. data base connection
3. forms in the web pages
4. cookies

When it comes to checking of the links the following links are tested:

1. out going links from a specific domain
2. internal links
3. links jumping on same page
4. links for sending mails
5. orphan pages and lastly
6. broken  links

Our focus is on last aspect i.e., testing of the broken links in a web page, site or web application with the help of the quick test professional. 

What are broken links?

- Broken links are also termed as dead links since they are permanently unavailable and hence cannot be accessed by the user. 

- If you would have observed you might have surely come across 404 error while browsing some site. 

- This signifies the presence of a broken link. 

- Using quick test professional, the broken links can be identified during the run time itself by following any one of the two methods mentioned below:

1. via manual creation of a check point
2. via automatic page check point

How a broken link be checked manually by creating a page check point?

- A direct menu option is not available in the quick test professional for incorporating a page check point. 

- Therefore, you need to take assistance of a standard check point. 

- What you actually need, is to click on the start recording session and then select insert option, then check point and finally standard check point option.

- You can use F12 if it works for you.

- Get the hand pointer on the web page and click OK. 

- You will get a page check point properties dialog box which has a broken link check box. 

- You need to check that box and click OK. 

- After this, you need to run the scripts and check the status of links in broken link result. 

- If the links pointing only to the current host have to be checked then you need to check the box titled check only links to current host by going to the tools menu and then selecting web options. 

- Similarly, if the links pointing to all the hosts have to be checked then this box has to be kept unchecked. 

For following the second method you need to go through the following:

Tools à options à web à advanced

- You will get two boxes labeled “broken links” and “create a check point for each page while recording”, check these both boxes. 

Now every time the quick test professional starts recording on a new page, a check point will be automatically included for all the broken links. 

One thing that you should know is that the quick test professional experiences some issues with the windows vista if the internet explorer version that you using is 7.0. 

Tabbed browsing is something that is not supported by the quick test professional especially in Microsoft internet explorer. 

An alternative to this can be to disable tabbed browsing first and then proceed with quick test professional. In internet explorer the quick test professional may not be able to recognize the web objects. 

What are different aspects of Inference SQL injection attack?

SQL injection attacks nowadays are rising up by a huge mark in the cyber world, making a huge number of web sites and web applications its poor victims. Few years back the SQL injection attacks were not much in news but, now they have come to top the web’s vulnerabilities chart.

SQL injection attacks have emerged as a popular and notorious means for harming the security of the websites and web applications. 

Actually how exactly an SQL injection attack come in to affect? 

- In a typical SQL injection attack, some statements written in SQL language serve as input to a web form.

- This is done in order to obtain a web site or application that will carry out operations on the targeted data base.

- Such fake obtained web sites via the SQL injections are often badly designed. 

- The attacker employs this badly designed web site to get the access to the private data base contents. 

- It is a kind of code injection technique and that is often set for exploiting the security vulnerability in the software of the web site or web application. 

When does an injection attack occurs?

An injection attack occurs through two usually committed mistakes which are:

1. Incorrect filtering of the input by the user for entering the escape characters in string literals which are embedded in the vicious SQL statements. Here then emerges a scope for the potential manipulation of SQL statements which is done by the end user who is using the data base.

2. The unexpected execution or running of the input entered by the user that has not been strongly typed. This is commonly referred to as incorrect type handling. The constraints are then left unchecked.  

Approaches of Inference SQL Injection Attack

The SQL inference injection attacks are usually used for mining of data. There are 3 approaches that are used for data mining following inference SQL:

1. In band approach: The in band approach involves the extraction of data via an already existing path between the application and the attacker. For example, returning the data in a well rendered error message or web page.

2. Out of band approach: The out of band approach involves the creation a new path between the application and the attacker. This is actually worked out by establishing a connection between the data base server and the client by employing a network function such as HTTP, data base connection, e mail and so on.

3. Inference: Inference does not involve any direct transfer of any actual data rather the value of the data is inferred directly by calculating the differences between the responses from the attacker as well as the application. This is generally done by revoking several questions. Deliberate differences between the two responses are generated based up on the answers to the revoked questions. 

About the Inference SQL Injection Attack

1.The inference approach can also be used at the bit level and it makes use of properties such as status of the web server, time and difference in the content.

2.Making use of these properties, it enables the attacker for correctly inferring the data values.

3.Inference SQL injection has proven to be a great mile when it comes to the extraction of the data using SQL injections. 

4.It came to be extremely useful when the other two methods for data retrieval i.e., in band and out of band didn’t prove to be successful. 

5.The inference SQL attacks only affect the SQL servers and they are quite slow due to time delay. 

6.Since 2002 no remarkable improvements have been witnessed in the field of inference SQL.

7.The inference SQL injection attacks have an added advantage which is that they can be employed in any SQL injection situation. 

8.When a specific query is injected in to an ADQ (application defined query), the web server generates a response code depending up on the data values. 

9.It is quite common for an attacker to initially look for exploiting the SQL injection vulnerability by using the in band results.

10.But this not feasible every time since in some situations time is the major factor, in such situations out of band or inference methods are deployed. 

11.Not only data, but logic can also be inserted in to the query of the application.

12.In this the output of the application can be controlled and based on this output the stored values can be inferred from the data base.

13.The creation of an SQL inference attack is based on the sophistication of the information that the attacker has regarding it beforehand. 

14.The inference SQL attack through the web server response codes present a major problem which is that they can be quite easily be detected by the good web server administrators.

15.But, the attackers are so clever that they have figured out another such inference attack called content manipulation inference attack.

16.Using this, they are able to keep the response code constant while simultaneously changing the web site content. 

What are the tips needed by web application against SQL attacks?

SQL injection attacks are one of the top 10 security vulnerabilities for web sites and applications as it has been declared by the open source web security. Being such a great threat, few measures have been designed to curb this SQL injection attack thing.

FACTORS CONTRIBUTING TO SQL INJECTION ATTACKS
SQL injection attacks are so very common these days. It is probably due to two main factors:

- The prevalence of the vulnerabilities related to SQL injection attacks are significant.
- The target of the SQL injection attacks i.e., web site’s or web application’s data base appears very attractive and useful to the attackers since it contains all the critical as well as sensitive data of the site or the application.

SQL INJECTION MEASURES
Here we are going to discuss those SQL injection measures.
- First thing to avoid the SQL injection attacks is to understand how exactly these attacks occur.
- An SQL injection attack occurs whenever a query is created by the dynamic data base of the web site.
- These queries contain nothing but the input entered by the user.
- When you know what actually is making it easy for the attackers to carry out an SQL injection attack on a web site or web application, it seems very easy to avoid the SQL injection attacks.

HOW TO AVOID SQL INJECTION ATTACK
There are 2 ways for avoiding the attacks which have been discussed below:

1. Dynamic queries should not be written. Some alternative for dynamic queries can be used.
2. The input supplied by the end user for malicious SQL statements. Queries containing such statements should be prevented from entering in to the data base as it will affect the code logic used in the query.

The above two ways can be used with any of the available programming languages and also with data bases of any type.

DEFENSE TECHNIQUES TO AVOID SQL ATTACKS
There are some primary defense techniques which you can follow to avoid SQL injection attacks. They have been stated below:

Defense 1:
- Escaping the input supplied by the user.
- Here the query statements are already prepared by the web site or web application developer.
- These queries are very easy to understand and also do not require much efforts like the dynamic queries.
- This method is implemented as follows.
- The developer is first asked to define the code for all the SQL statements.
- The defined code is then passed in to the respective parameter later when required.
- This technique grants the data base the ability to distinguish between the data and the code irrespective of what data the user has entered.

Defense 2:
- The web sites and web applications can make use of pre- designed queries or parametric queries.
- This approach is used when the other two fail.
- But, this is not much strong as the other two approaches.

Defense 3:
- The web sites and web applications can make use of pre- designed procedures.
- They are implemented in a way similar to that of the prepared statements.

In addition to these primary defense techniques, there are some additional defense measures which can be followed as well if you are not satisfied with the security offered by the primary defense techniques:

ADDITIONAL DEFENSE MEASURES

- Provide the least valued privileges.
- The web site or application developer can carry out a white list check for validation of the input queries. This proves to be effective since the non validated parameter which when appended to a query generated by the user, allows the attacker to inject the malicious SQL statements in to the data base of that particular web site or application. This method of injecting SQL statements in to the data base is used quite often by the attackers.

What are different aspects of SQL injection attacks?

SQL is the most rated vulnerability of today’s software world. SQL injection is emerging as a popular means for harming the security of the websites.

How exactly an SQL injection attack takes affect?

- In an SQL injection attack, some statements written in SQL language are inputted in a web form.
- This is done to obtain a web site that will carry out operations on the data base.
- Such obtained web sites through SQL injections are often badly designed.
- The attacker uses this badly designed web site to get the access of the data base contents.
- The web site can be used to carry out other operations also as desired by the attacker.
- It is a kind of code injection technique and is often employed for exploiting the security vulnerability in the software of the web site.

An injection attack occurs through two common mistakes which are:

1. Incorrect filtering of the user input for escape characters in string literals which are embedded in the SQL statements. Here becomes a scope for the potential manipulation of SQL statements. The manipulation is done by the end user who is using the data base.

2. The unexpected execution of the input entered by the user that has not been strongly typed. This is referred to as incorrect type handling. The constraints are left unchecked.

What can a SQL injection attack do?

- The SQL commands designed by the attacker are injected in to the data base of the web site or application via a web form through any of the two methods.
- These commands are capable of changing the content of the data base or they can even dump to the attacker’s wish.
- SQL injections attacks can even attack SQL databases rather than only attacking the web sites or web applications.
- SQL injection attacks can be prevented by the use of structured query language which is well designed and defined.
- Such attacks are usually aggressive. SQL injection attack is abbreviated to SQLIA.

According to a research, under normal usage an application experiences 71 attempts per hour in contrast to the 800- 1000 attempts per hour under a direct attack.

SQL injection attack has been declared by open web application security project as one of the top 10 vulnerabilities. It can be divided into 5 sub categories as listed below:

- Classic SQL injection attack
- Interactive SQL injection attack
- Inference SQL injection attack
- Compounded SQL injection attack and
- DBMS specific SQL injection attack

Types of SQL Injection Attack

- Classic SQL injection attack is not feared today since it has become out- dated.
- But, still many web sites and web applications are precautious against it.
- Inference SQL injection attack continues to be a great threat.
- Attackers mostly prefer this method since it is very flexible in deployment and dynamic in nature.
- Compounded SQL injection attack is a new kind of SQLIA.
- It is resultant of combination of SQL injection and web applications such as:

a) DOS attacks + SQL injection
b) DNS hijacking + SQL injection
c) Improper authentication + SQL injection
d) XSS + SQL injection

- A representation of compounded SQL injection attack is provided by the storm worm.
- The DBMS specific SQL injection attack is often considered as supportive.
- There is another kind of SQL injection called blind SQL injection attack which is used to defend a web site or application on verge of being attacked.
- The results of the SQL injection attack are made invisible to the attacker.
- This injection attack is time intensive.

Today several automated tools have also been developed for automation of these attacks. But, that also requires the location of the target information.

What are different tools available for web testing?

Web testing as we all know is defined as the software testing which focuses primarily on web applications and web sites. A complete testing of web server and applications is needed before they are presented live to the customers or clients.

Web testing mainly addresses the issues like web security, functionality of a particular site, feasibility and accessibility to the users, ability to handle traffic.

Nowadays there are several tools available for web testing. The most common and popular today being the “WAPT” abbreviated form for the web application performance tool.

What is WAPT?
- WAPT tool has been specially designed for testing the web related interfaces and web applications.

- Furthermore this tool can be effectively used for load testing, stress testing and performance testing of web sites, web applications, and web related interfaces.

- This tool tends to simulate a situation of virtual users.

- There are many challenges faced by WAPT and it is used for determining the compatibility of the browser, operating system and windows applications during the backend testing.

- This tool carries out tests via three kinds of loads namely:


1. Increasing user load
2. Constant user load
3. Periodic user load

These days some frameworks are available that give a tool box for testing the web applications.
Open source web testing tools are also available for web testing. The 2 very most common open source web testing tools are:


- HTTP test tool
It’s a tool based on scripting of the protocols. It is used for testing HTTP protocol based products.

- Apache j meter
It’s a tool programmed in java language. It is basically used for performance measurement and load testing of the web severs and web applications.

Next in the queue of web testing tools are web testing tools based on windows operating system. Few of them have been listed below:

- TOSCA test suite
It’s a software tool and has been designed for automated execution of regression testing and functional testing of the web applications.

- Testing anywhere
It is also an automated testing tool and it has been designed in such a way that it can perform any kind of testing from anywhere via automation feature.

- Test complete
This is another one in the line of automated testing tools. It was developed by the Smart Bear Software firm.

- Silk test
This is also an automation tool and has been designed specially for testing the functionalities of the web enterprise applications.

- Ranorex

- IBM Rational Functional Tester

- HP quick test Professional
It is an automated testing tool specially designed for functional testing and regression testing of the web applications and interfaces by HP.

- HP load runner
It can be called as a software tool from HP designed to carry out automated load testing and performance testing for web servers, web applications and other related interfaces.

Many web testing tools are available for Load testing and Performance Testing of web applications and web sites. Some have been listed below:

- Tsung:
Open source web testing tool. Tests load for multiple protocols.
- Performance Xpert
Performance testing and load testing.
- Load UI
Open source cross platform load testing tool.
- App view web
Cloud computing based performance testing tool.
- Sand storm
Load testing tool which supports testing of mobile, email and web protocols.
- Multi mechanize
- Load 2 test
- Xceptance load test
- Site Blaster
- Load intelligence
- Load storm

Some java based web testing tools have also been designed:
- Arquillian
- RTI
- Your kit java profiler
- Visual VM
- LAPSE
- Check marx
- Windows licker
- Cobertura

This is not the end of the list. Still there are many more. A new and improved tool is being developed every now and then.

What are key elements of Search Engine Optimization Part 2?

Apart from keyword analysis, other important elements of search engine optimization are:

- Page uses HTML links. These HTML links needs to be optimized and is an important element of search engine optimization. The HTML code should consists of search items which tells the search engine what is the page about. The following things should be optimized like page title, page headings, image text and link anchor text.
A good page title will not only be keyword targeted but also will entice a person to click on it in the search results.

- For good search engine optimization, good page content is also important. The content should be of high quality and unique. It should not be copied from other sites. A god content enhances the search.

- The code enhancement process determines your page rank on search engines. It understands the structure or pages of the website.

- Link building becomes very important for search engine optimization. It improves the ranking of the web page or web site.

What are the important elements in search engine optimization Part I?

SEO web design is one of the most appropriate strategies to keep the competition.
A successful search engine optimization has few important elements includes a well targeted keyword focus, strong page element optimization and good quality content.

Keywords are most important element for search engines. These keywords are what search strings are matched against.The most crucial step is to find the correct keyword that can be used to optimize.

- Choosing the right keyword to optimize. It is best to focus on less competitive and highly specific keywords. The keyword should have the property of describing what is the purpose of your website. Also, check whether these keywords are relevant to your website or not.

- The website should be rich in keywords and have good keyword density. It is a measure to judge how relevant is the page.Keeping 5 to 10 keywords is termed as OK keyword density. Keyword stuffing should not be practiced.

- Quality of keywords and their position on the seb page is also very important. Keywords that appear in the heading, title are more effective than the keywords that are placed at the bottom.

- A balance has to be there between url keywords and site usability.
- The contents of page title tag are displayed during search so this is the special place where keywords can be given.

- From an SEO point of view, it is good to have as many headings with good keywords in it. The headings should not be very long as readability becomes difficult.