Category Archives: Test

Creating a Powershell session under a different set of credentials

Below code can be handy if you need to create a powershell session under a different credential than the one you are logged into.
This allow to support multiple scenarios:

  1. Test role base access control
  2. Increase privilege for important operation
# Avoid displaying the UI prompt when creating credential object
Set-ItemProperty 'HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds' ConsolePrompting $true
# The user name
$userName = "<em>username</em>"
# The domain
$domain = "<em>domain</em>"
# Complete user\domain string
$UserDomain = $domain + "\" + $username
# The password (secure string)
$secure_string_pwd = convertto-securestring "<em>password</em>" -asplaintext -force
# Create the powershell credential object
$cred = new-object management.automation.pscredential $UserDomain,$secure_string_pwd 
# Change the title of the powershell console
(get-host).ui.rawui.windowtitle = $userName
# Create the Powershell session (in this example I create a session to OcsPowerShell)
$session = New-PSSession -ConnectionUri "https://<em>domain</em>/OcsPowerShell" -Credential $cred
# Import the session
Import-PSSession $session

Hope this works well for you too. Ping me otherwise :)

Ahmet

Where do software testers get their knowledge from?

I will soon celebrate my three years anniversary as a professional software engineer in test. After three years, I still feel like I am missing some formal “education” on software testing. Despite owning a Master  degree in Information Systems and Communication and having spent 5 years at University I never had any introduction to software testing ( no, it was not the course(s) I was too lazy to go to).  Of course, during the last three years, I went to some conferences, read books and blogs and tried to engage with influential software testers to get some expertise on the topic.

However, I would like to have a website that aggregate as much as possible of the software testing knowledge. Developers started earlier with what is called design patterns but I could not find an equivalent for software testing. So, I asked (on the Software Quality Assurance & Testing Stack Exchange QnA site) to other software testers if they were aware of any repository for software testing techniques and patterns. Answers I had were a bit scary as the only place still active on this topic was the Wikipedia portal about software testing, it looks like all repositories evolved to a “dead tree” variety. So currently most of the online knowledge on software testing is hosted on QnA sites or on personal sites where owners will have no external control over their sayings.

To address this issue, I decided to create and host a wiki about software testing patterns: http://www.testingpatterns.info. I will add as much content as possible during a full year. I hope to be able to educate myself doing so and ideally I hope that other software testers decide to give some of their time to increase the content of this wiki. I will be contacting some of the influential testers and hope to make them create a committee to validate each new pattern.

Are you interested in participating, do you know some people that might be? Please help me (blog, tweet, talk, comment) making this wiki a successful idea!

If you are interested in more than participating, ie administrating the website, feel free to contact me.

Thanks!

Signing Off on Quality

As a tester, quality is what matter most to me. Interestingly, quality is pretty much the hardest thing to evaluate. One way, which I find useful, is to aggregate the metrics from multiple aspects of quality to have an overall view.

Some important aspects of quality:

Reliability

Functionality

Usability

Efficiency

Maintainability

Portability

Learnability

Analyzability

Testability

Debugability

 

What do you think?

TOP 25 Most Dangerous Programming Errors

An agreement has been found by expert regarding the top 25 most dangerous programming errors.

Very interesting list indeed, nice point is that we can find a lot of details on how to avoid these security errors. Obviously the dangerous part of these errors is that they can be exploited…

Insecure Interaction Between Components

  • Improper Input Validation
  • Improper Encoding or Escaping of Output
  • Failure to Preserve SQL Query Structure (aka ‘SQL Injection’)
  • Failure to Preserve Web Page Structure (aka ‘Cross-site Scripting’)
  • Failure to Preserve OS Command Structure (aka ‘OS Command Injection’)
  • Cleartext Transmission of Sensitive Information
  • Cross-Site Request Forgery (CSRF)
  • Race Condition
  • Error Message Information Leak

Risky Resource Management

  • Failure to Constrain Operations within the Bounds of a Memory Buffer
  • External Control of Critical State Data
  • External Control of File Name or Path
  • Untrusted Search Path
  • Failure to Control Generation of Code (aka ‘Code Injection’)
  • Download of Code Without Integrity Check
  • Improper Resource Shutdown or Release
  • Improper Initialization
  • Incorrect Calculation

Porous Defenses

  • Improper Access Control (Authorization)
  • Use of a Broken or Risky Cryptographic Algorithm
  • Hard-Coded Password
  • Insecure Permission Assignment for Critical Resource
  • Use of Insufficiently Random Values
  • Execution with Unnecessary Privileges
  • Client-Side Enforcement of Server-Side Security

Testing a Textfield in 10 points

I’ll post some tips about testing during the time I learn. So if you have any comments or tips to add, feel free to comment!

Here a 10 values I submit to test a textfield:

  1. An empty value ()
  2. Zero (0)
  3. A string made of whitespace (   )
  4. String containing spaces (foo bar)
  5. Name containing special chars (♥♠♣♦)
  6. Chars with accents ( ä, ö, ü / Ä, Ö, Ü, ß, Ñ, Á, Â, Ã, À, Ç, É, Ê, Í, Ó, Ô, Õ, Ú, Ü, œ, æ, à, â, ç, é, è, ê, ë, î, ï, ô, û, ù, ü, ÿ)
  7. ‘Foreign’ chars(新 闻 – भारत)
  8. A string length between 0 and 255 chars
  9. A string length bigger than 255 chars
  10. A string length bigger than 99999 chars

Have more general test for texfield in mind?

Ahmet