1 / 64

GREY BOX TESTING Web Apps & Networking

GREY BOX TESTING Web Apps & Networking. Session 1 Boris Grinberg boris3@gmail.com. Class Duration. 40 hours of instructor led sessions Homework assignments (20+ hours) 2 hours per session School Lab open during the week 10 sessions, 4 hours each Breaks: – 9:10 to 9:20 & 10:10 to 10:15.

lacey
Download Presentation

GREY BOX TESTING Web Apps & Networking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. GREY BOX TESTINGWeb Apps & Networking Session 1 Boris Grinberg boris3@gmail.com

  2. Class Duration • 40 hours of instructor led sessions • Homework assignments (20+ hours) • 2 hours per session • School Lab open during the week • 10 sessions, 4 hours each • Breaks: – 9:10 to 9:20 & 10:10 to 10:15

  3. Class Rules • Homework is highly recommended • Questions are welcome. • Q & A Time Slots: During the LAB Exercise, the last 15 minutes of each session or when you see on the slide the word Questions? • No talking, browsing the Internet or online chatting during the session • Cell phones must be off or on mute during the class, if you need to take a call take it outside • You can leave the room during the session for urgent needs (take medicine, use restroom, important call, etc) • If you see this icon, additional material is available.

  4. Web Application Testing • Understanding • Architecture, Functionality, Relevant Protocols and Technologies, Business Logic • Test Objectives, Testing Scope (1 tier or more), Test Approach, Test Cycles, Required Knowledge • Planning • Time for Learning Curve, Test Environment (build/tier down), Test Tools, Resources, Execution, Reporting… • Building Environment / Execution • Test Bed Preparation/Maintenance, T.P. Execution, Reporting, Releasing… • Generating Reports, Analysing Results, Getting Ready for the Next Cycle or New Project…

  5. Session 1 (4 Hours)building the ground… • Here are the things that we will cover: • PC Architecture & Components • The IP Address: • Network classes, Static and dynamic, Assignment method & How to edit IP address • Networking • DNS, LANs; WANs & Virtual LANs; • VPN: An overview, protocols and communication • Handy Networking commands and tools • Common Internet protocols & Firewalls; HTML • Web server: • Functionality, Architecture & Authentication

  6. Introduction to Networking The U.S. Department of Labor forecasts an increase of 58% (percent) in the network and system support job market by 2016

  7. Networking Sessions • This course will help you gain a networking knowledge, make your resume more technical, and desirable on the market • Networking Sessions will cover the following topics: networking topology, Routers, GW, Proxy, networking protocols & special tools.

  8. What do I need to know about my PC • PC Architecture • Hardware of a modern Personal Computer

  9. Computer Components • CPU (Central Processing Unit) Performs most of the calculations which enable a computer to function • RAM (Random Access Memory) Stores all running processes (applications) and the current running OS • BIOS (Basic Input Output System) The BIOS includes boot firmware and power management, the BIOS tasks are handled by operating system drivers • Great Link: PC HARDWARE COMPONENTS

  10. How to check my IP address & OS Version on PC, set TIME? • Using GUI • Using CMD • IP Address • OS Version • ver • open new window • start • close CLI – • exit • CMD Properties

  11. LAB Exercise • Open CMD program • Use Menu-Properties and set Screen Text as Brown • Use Menu-Properties and set Screen Background as White • Use Menu-Properties and set Window Size Height to 50 • Check and write down your IP Address, • Check and write down your Subnet Mask • Check and write down your Default Gateway

  12. IP Addresses • Each machine on the Internet is assigned a unique address called an IP address. IP stands for Internet protocol, and these addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this: • 216.27.61.137

  13. Domain Names • As far as the Internet's machines are concerned, an IP address is all you need to talk to a server. • Because it is hard to remember the strings of numbers that make up IP addresses, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, www.portnov.com is a permanent, human-readable name. It is easier for most of us to remember www.portnov.com than it is to remember 65.254.231.113

  14. Domain Name Servers Diagram • A set of servers called domain name servers (DNS) maps the human-readable names to the IP addresses. • These servers are simple databases that map names to IP addresses, and they are distributed all over the Internet.

  15. Domain Name Servers (DNS) • Most individual companies, ISPs and universities maintain small name servers to map host names to IP addresses. • There are also central name servers that use data supplied by VeriSign to map domain names to IP addresses

  16. The IP Address network classes • The IP address usually is unique and provides a network identify for the node. • The entire IP address is separated into two parts: the network part and the host part. Figure shows an example of the difference in network classes

  17. The IP Address – IPv4 • An IPv4 address is a 32-bit number that is divided into four fields, called octets, separated by dots. Each octet represents 8 bits of the total 32-bit number • We will talk and learn more about bits and bytes on our second session

  18. Static and Dynamic IP addresses When a computer is configured to use the same IP address each time it powers up, this is known as a Static IP address. In contrast, in situations when the computer's IP address is assigned automatically, it is a Dynamic IP address. • How to verify your IP Settings? (CLI & GUI)

  19. The private IP address The private address space specified in RFC 1918 is defined by the following 3 address blocks: • The range of valid IP addresses: 10.0.0.1 to 10.255.255.254 It is a class A network ID and it has 24 host bits that can be used for any sub-netting scheme within the private organization. • The range of valid IP addresses: 172.16.0.1 to 172.31.255.254 This private network can be interpreted either as a block of 16 class B network IDs or as a 20-bit assignable address space (20 host bits) that can be used for any subnetting scheme within the private organization. • The range of valid IP addresses: 192.168.0.1 to 192.168.255.254 This private network can be interpreted either as a block of 256 class C network IDs or as a 16-bit assignable address space (16 host bits) that can be used for any sub-netting scheme within the private organization. Note: RFC - Request For Comment

  20. Method of IP addresses assignment • An administrator or user manually assigns static IP addresses to a computer. • Dynamic IP addresses are most frequently assigned on LANs and broadband networks by Dynamic Host Configuration Protocol (DHCP) servers. They are used because it avoids the administrative work of assigning specific static addresses to each device on a network. It also allows many devices to share limited address space on a network if only some of them will be online at a particular time. • In most current desktop operating systems, dynamic IP configuration is enabled by default so that a user does not need to manually enter any settings to connect to a network with a DHCP server

  21. How to edit my IP address? • Ipconfig (ipconfig/all) – The command will display the IP address, subnet mask and default gateway for each adapter bound to TCP/IP. • Ipconfig/release - The command will release the IP address for the specified adapter • Ipconfig/renew - The command will renew the IP address for the specified adapter. • Ipconfig/? – Display help message

  22. LAB Exercise • Open CMD and Notepad programs • Check and copy your IP Address. (Problems?) • Use Menu-Properties-Options and set Quick Edit Mode • Release your settings • Copy your new settings in the Notepad • Renew your settings • Copy your new settings in the Notepad and compare with the original settings. • Questions?

  23. Networks: LAN, WAN, VLAN, VPN

  24. LAN. Local Area Networks • A local area network ( is a computer network covering a small physical area, like a home, office, or small group of buildings, such as a school, or a hospital)

  25. WAN. Wide Area Network • A WAN is a computer network that covers a broad area. • WANs are used to connect LANs and other types of networks together

  26. VLAN. Virtual LANs • VLANs is a group of devices on different physical LAN segments which can communicate with each other as if they were all on the same physical LAN segment

  27. VLAN architecture benefits • Simplification of software configurations • Physical topology independence, improved manageability, increased security options • Increased performance

  28. VPN - Virtual Private Network • A VPN is a secure, private communication tunnel between two or more devices across a public network (like the Internet). • These VPN devices can be either a computer running VPN software or a special device like a VPN enabled router.

  29. VPN - An overview • Even though a VPN’s data travels across a public network like the Internet, it is secure because of very strong encryption. • If anyone ‘listens’ to the VPN communications, they will not understand it because all the data is encrypted. • In addition, VPN’s monitor their traffic in very sophisticated ways that ensure packets never get altered while traveling across the public network. Encryption and data verification is very CPU intensive.

  30. VPN Languages • There are two major 'languages' or protocols that VPN's speak. Microsoft uses PPTP or Point to Point Tunneling Protocol and most everyone else uses IPSec - Internet Protocol Security. • Most broadband routers can pass PPTP traffic by forwarding port 1723 but IPSec is more complex. If your router does not explicitly support IPSEC pass through, then even placing your computer in the DMZ might not work. • PPTP has 'good' encryption and also features 'authentication' for verifying a user ID and password. IPSec is purely an encryption model and is much safer but does not include authentication routines. • A third standard, L2TP is IPSec with authentication built in.

  31. VPN - Clients and Servers • A VPN server is a piece of hardware or software that can acts as a gateway into a whole network or a single computer. • It is generally ‘always on’ and listening for VPN clients to connect to it. • A VPN Client is most often a piece of software but can be hardware too.

  32. VPN communication • A VPN Client is most often a piece of software but can be hardware too. • Each client initiates a ‘call’ to the server and logs on. Now they can communicate. • They are on the same ‘virtual’ network. Many broadband routers can 'pass' one or more VPN sessions from your LAN to the Internet. Each router handles this differently.

  33. Handy Networking Commands/Tools • Ping (Trivial File Transfer Protocol (TFTP)) (Network Trouble shooting) • Tracert Traceroute is a computer network tool used to determine the route taken by packets across an IP network. • Taskmgr Windows Task Manager provides detailed information about computer performance, running applications, processes and CPU usage and memory information • Can also be used to set process priorities, forcibly terminate processes, and shut down, restart, hibernate or log off from Windows • perfmon (Finding memory bottlenecks, processor bottlenecks, network bottlenecks, etc)

  34. LAB Exercise • Open CMD and Windows Task Manager • Use Windows Task Manager • Watch current number of running processes & CPU Usage • Write Application name (e.g. Wordpad ) into Run and click OK • Verify changes: …running processes & CPU Usage • Find related process and kill it. Watch changes. • Ping (portnov.com; cnn.com; rbreporting.com). Analyze results. • Questions?

  35. Firewall • A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through

  36. Methods to control traffic flow • Firewalls use one or more of three methods to control traffic flowing in and out of the network: • Packet filtering • Proxy service • Stateful inspection

  37. Packet filtering, Proxy service & Stateful inspection • Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded • Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. • Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.

  38. Common protocols • IP (Internet Protocol), UDP (User Datagram Protocol), POP3 (Post Office Protocol 3) • TCP (Transmission Control Protocol) • DHCP (Dynamic Host Configuration Protocol) • HTTP (Hypertext Transfer Protocol) • FTP (File Transfer Protocol), Telnet (Telnet Remote Protocol) • SOAP (Simple Object Access Protocol) • SSH (Secure Shell Remote Protocol) • SMTP (Simple Mail Transfer Protocol) • IMAP (Internet Message Access Protocol)

  39. TCP vs. UDP • TCP is the most commonly used protocol on the Internet. The reason for this is because TCP offers error correction. When the TCP protocol is used there is a "guaranteed delivery." This is due largely in part to a method called "flow control."

  40. A "flow control" Method • Flow control determines when data needs to be re-sent, and stops the flow of data until previous packets are successfully transferred. • This works because if a packet of data is sent, a collision may occur.

  41. A "flow control" Method • When this happens, the client re-requests the packet from the server until the whole packet is complete and is identical to its original.

  42. TCP vs. UDP • UDP is another commonly used protocol on the Internet. However, UDP is rarely used to send important data such as WebPages, database information, etc; UDP is commonly used for streaming audio and video. Streaming media such as Windows Media audio files (.WMA) , Real Player (.RM), and others use UDP because it offers speed!

  43. UDP is faster than TCP • The reason UDP is faster than TCP is because there is no form of flow control or error correction. The data sent over the Internet is affected by collisions, and errors will be present. Remember that UDP is only concerned with speed. • This is the main reason why streaming media is not high quality if UDP selected.

  44. Streaming media protocols: RTSP, MMS… • RTSP protocol is the default protocol for streaming Windows Media. RTSP is also used for streaming RealMedia/RealVideo/RealAudio, streaming QuickTime video (.mov, .mp4, .sdp streams). • MMS protocol is used for streaming Windows Media only. • RTSP using UDP is called RTSPU • RTSP using TCP is called RTSPT • MMS using UDP is called MMSU • MMS using TCP is called MMST • PNM protocol is used for RealMedia/RealVideo/RealAudio streaming only. RTMP protocol is used for Flash audio and video streams only. Media files can also be streamed through HTTP or other protocols. • The majority of streams are streamed through HTTP, RTSP, MMS and RTMP. PNM protocol is usually not used on the newest servers, but such streams are not very rare. 44

  45. The Internet Protocol (IP) IP is the primary protocol of the Internet Protocol Suite • The IP protocol delivering distinguished protocol datagrams (packets) from the source host to the destination host based on their addresses. • The IP is a protocol used for communicating data across a packet-switched internetwork using the Internet Protocol Suite, also referred to as TCP/IP

  46. Hypertext Transfer Protocol (HTTP) The HTTP protocol is a request/response protocol • Most HTTP communication is initiated by a user agent - which submits HTTP requests - is also referred to as the user agent. • The responding server—which stores or creates resources such as HTML files and images—may be called the origin server. • Uniform Resource Locators (URLs)—using the http or https URI schemes

  47. FUNDAMENTALS OF HTTP • HTTP is the foundation protocol of the World Wide Web. • HTTP is an application level protocol in the TCP/IP protocol suite, using TCP as the underlying Transport Layer protocol for transmitting messages. The fundamental things worth knowing about the HTTP protocol and the structure of HTTP messages are:

  48. The Structure of HTTP messages • 1. The HTTP protocol uses the request/response paradigm, meaning that an HTTP client program sends an HTTP request message to an HTTP server, which returns an HTTP response message. • 2. The structure of request and response messages is similar to that of e-mail messages; they consist of a group of lines containing message headers, followed by a blank line, followed by a message body. • 3. HTTP is a stateless protocol, meaning that it has no explicit support for the notion of state. An HTTP transaction consists of a single request from a client to a server, followed by a single response from the server back to the client.

  49. What is HTML? • HTML is a language for describing web pages. • HTML stands for Hyper Text Markup Language • HTML is not a programming language, it is a markup language • A markup language is a set of markup tags • HTML uses markup tags to describe web pages

  50. LAB Exercise • Ref. Materials: • http://www.w3schools.com/html/default.asp • http://www.htmlcodetutorial.com/quicklist.html • http://www.devx.com/projectcool/Article/19816 • http://www.ietf.org/rfc/rfc2616.txt • Open Notepad • Build simple Website (Title; Body; Text; One Image) • Open your website with IE • Open your website with Firefox • Questions?

More Related