Presentation on theme: "GREY BOX TESTING Web Apps & Networking"— Presentation transcript:
1GREY BOX TESTING Web Apps & Networking Session 1Boris Grinberg
2Class Duration 40 hours of instructor led sessions Homework assignments (20+ hours)2 hours per sessionSchool Lab open during the week10 sessions, 4 hours eachBreaks: – 9:10 to 9:20 & 10:10 to 10:15
3Class Rules Homework is highly recommended Questions are welcome. Q & A Time Slots: During the LAB Exercise, the last 15 minutes of each session or when you see on the slide the word Questions?No talking, browsing the Internet or online chatting during the sessionCell phones must be off or on mute during the class, if you need to take a call take it outsideYou can leave the room during the session for urgent needs (take medicine, use restroom, important call, etc)If you see this icon, additional material is available.
4Web Application Testing UnderstandingArchitecture, Functionality, Relevant Protocols and Technologies, Business LogicTest Objectives, Testing Scope (1 tier or more), Test Approach, Test Cycles, Required KnowledgePlanningTime for Learning Curve, Test Environment (build/tier down), Test Tools, Resources, Execution, Reporting…Building Environment / ExecutionTest Bed Preparation/Maintenance, T.P. Execution, Reporting, Releasing…Generating Reports, Analysing Results, Getting Ready for the Next Cycle or New Project…
5Session 1 (4 Hours) building the ground… Here are the things that we will cover:PC Architecture & ComponentsThe IP Address:Network classes, Static and dynamic, Assignment method & How to edit IP addressNetworkingDNS, LANs; WANs & Virtual LANs;VPN: An overview, protocols and communicationHandy Networking commands and toolsCommon Internet protocols & Firewalls; HTMLWeb server:Functionality, Architecture & Authentication
6Introduction to Networking The U.S. Department of Labor forecasts an increase of 58% (percent) in the network and system support job market by 2016
7Networking SessionsThis course will help you gain a networking knowledge, make your resume more technical, and desirable on the marketNetworking Sessions will cover the following topics: networking topology, Routers, GW, Proxy, networking protocols & special tools.
8What do I need to know about my PC PC ArchitectureHardware of a modern Personal Computer1. Monitor2. Motherboard3. CPU (The Central Processing Unit)4. RAM (Random Access Memory) Memory5. Expansion card6. Power supply7. Optical disc drive8. Hard Disk9. Keyboard10. Mouse
9Basic computer components Input devicesKeyboard · Light pen · Mouse · Microphone · WebcamOutput devicesMonitor · SpeakersRemovable data storageCompact disc/CD Drive · USB flash drive · Memory cardComputer caseCPU · RAM · Video card · Sound card · Motherboard · Power supply · HDDData portsParallel port · Universal Serial Bus (USB) · FireWire · eSATA · SCSICPU (Central Processing Unit) Performs most of the calculations which enable a computer to functionRAM (Random Access Memory) Stores all running processes (applications) and the current running OSBIOS (Basic Input Output System) The BIOS includes boot firmware and power management, the BIOS tasks are handled by operating system driversGreat Link: PC HARDWARE COMPONENTS
10How to check my IP address & OS Version on PC, set TIME? Using GUIUsing CMDIP AddressOS Versionveropen new windowstartclose CLI –exitCMD Properties
11LAB Exercise Open CMD program Use Menu-Properties and set Screen Text as BrownUse Menu-Properties and set Screen Background as WhiteUse Menu-Properties and set Window Size Height to 50Check and write down your IP Address,Check and write down your Subnet MaskCheck and write down your Default Gateway
12IP AddressesEach machine on the Internet is assigned a unique address called an IP address. IP stands for Internet protocol, and these addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this:
13Domain NamesAs far as the Internet's machines are concerned, an IP address is all you need to talk to a server.Because it is hard to remember the strings of numbers that make up IP addresses, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, is a permanent, human-readable name. It is easier for most of us to remember than it is to remember
14Domain Name Servers Diagram A set of servers called domain name servers (DNS) maps the human-readable names to the IP addresses.These servers are simple databases that map names to IP addresses, and they are distributed all over the Internet.
15Domain Name Servers (DNS) Most individual companies, ISPs and universities maintain small name servers to map host names to IP addresses.There are also central name servers that use data supplied by VeriSign to map domain names to IP addresses
16The IP Address network classes The IP address usually is unique and provides a network identify for the node.The entire IP address is separated into two parts: the network part and the host part. Figure shows an example of the difference in network classes
17The IP Address – IPv4An IPv4 address is a 32-bit number that is divided into four fields, called octets, separated by dots. Each octet represents 8 bits of the total 32-bit numberWe will talk and learn more about bits and bytes on our second session
18Static and Dynamic IP addresses When a computer is configured to use the same IP address each time it powers up, this is known as a Static IP address. In contrast, in situations when the computer's IP address is assigned automatically, it is a Dynamic IP address.How to verify your IP Settings? (CLI & GUI)
19The private IP addressThe private address space specified in RFC 1918 is defined by the following 3 address blocks:The range of valid IP addresses: to It is a class A network ID and it has 24 host bits that can be used for any sub-netting scheme within the private organization.The range of valid IP addresses: to This private network can be interpreted either as a block of 16 class B network IDs or as a 20-bit assignable address space (20 host bits) that can be used for any subnetting scheme within the private organization.The range of valid IP addresses: toThis private network can be interpreted either as a block of 256 class C network IDs or as a 16-bit assignable address space (16 host bits) that can be used for any sub-netting scheme within the private organization.Note: RFC - Request For Comment
20Method of IP addresses assignment An administrator or user manually assigns static IP addresses to a computer.Dynamic IP addresses are most frequently assigned on LANs and broadband networks by Dynamic Host Configuration Protocol (DHCP) servers. They are used because it avoids the administrative work of assigning specific static addresses to each device on a network. It also allows many devices to share limited address space on a network if only some of them will be online at a particular time.In most current desktop operating systems, dynamic IP configuration is enabled by default so that a user does not need to manually enter any settings to connect to a network with a DHCP server
21How to edit my IP address? Ipconfig (ipconfig/all) – The command will display the IP address, subnet mask and default gateway for each adapter bound to TCP/IP.Ipconfig/release - The command will release the IP address for the specified adapterIpconfig/renew - The command will renew the IP address for the specified adapter.Ipconfig/? – Display help message
22LAB Exercise Open CMD and Notepad programs Check and copy your IP Address. (Problems?)Use Menu-Properties-Options and set Quick Edit ModeRelease your settingsCopy your new settings in the NotepadRenew your settingsCopy your new settings in the Notepad and compare with the original settings.Questions?
24LAN. Local Area Networks A local area network ( is a computer network covering a small physical area, like a home, office, or small group of buildings, such as a school, or a hospital)
25WAN. Wide Area NetworkA WAN is a computer network that covers a broad area.WANs are used to connect LANs and other types of networks together
26VLAN. Virtual LANsVLANs is a group of devices on different physical LAN segments which can communicate with each other as if they were all on the same physical LAN segmentUsing neighbor’s internet
27VLAN architecture benefits Simplification of software configurationsPhysical topology independence, improved manageability, increased security optionsIncreased performanceUsing neighbor’s internet
28VPN - Virtual Private Network A VPN is a secure, private communication tunnel between two or more devices across a public network (like the Internet).These VPN devices can be either a computer running VPN software or a special device like a VPN enabled router.
29VPN - An overviewEven though a VPN’s data travels across a public network like the Internet, it is secure because of very strong encryption.If anyone ‘listens’ to the VPN communications, they will not understand it because all the data is encrypted.In addition, VPN’s monitor their traffic in very sophisticated ways that ensure packets never get altered while traveling across the public network. Encryption and data verification is very CPU intensive.
30VPN LanguagesThere are two major 'languages' or protocols that VPN's speak. Microsoft uses PPTP or Point to Point Tunneling Protocol and most everyone else uses IPSec - Internet Protocol Security.Most broadband routers can pass PPTP traffic by forwarding port 1723 but IPSec is more complex. If your router does not explicitly support IPSEC pass through, then even placing your computer in the DMZ might not work.PPTP has 'good' encryption and also features 'authentication' for verifying a user ID and password. IPSec is purely an encryption model and is much safer but does not include authentication routines.A third standard, L2TP is IPSec with authentication built in.
31VPN - Clients and Servers A VPN server is a piece of hardware or software that can acts as a gateway into a whole network or a single computer.It is generally ‘always on’ and listening for VPN clients to connect to it.A VPN Client is most often a piece of software but can be hardware too.
32VPN communicationA VPN Client is most often a piece of software but can be hardware too.Each client initiates a ‘call’ to the server and logs on. Now they can communicate.They are on the same ‘virtual’ network. Many broadband routers can 'pass' one or more VPN sessions from your LAN to the Internet. Each router handles this differently.
33Handy Networking Commands/Tools Ping (Trivial File Transfer Protocol (TFTP)) (Network Trouble shooting)Tracert Traceroute is a computer network tool used to determine the route taken by packets across an IP network.Taskmgr Windows Task Manager provides detailed information about computer performance, running applications, processes and CPU usage and memory informationCan also be used to set process priorities, forcibly terminate processes, and shut down, restart, hibernate or log off from Windowsperfmon (Finding memory bottlenecks, processor bottlenecks, network bottlenecks, etc)
34LAB Exercise Open CMD and Windows Task Manager Use Windows Task ManagerWatch current number of running processes & CPU UsageWrite Application name (e.g. Wordpad ) into Run and click OKVerify changes: …running processes & CPU UsageFind related process and kill it. Watch changes.Ping (portnov.com; cnn.com; rbreporting.com). Analyze results.Questions?
35FirewallA firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed throughSomebody knock in your door… Кто там?
36Methods to control traffic flow Firewalls use one or more of three methods to control traffic flowing in and out of the network:Packet filteringProxy serviceStateful inspectionProxy service: zip + PO BoxStateful inspection: show me your ID?
37Packet filtering, Proxy service & Stateful inspection Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discardedProxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.Proxy service: zip + PO BoxStateful inspection: show me your ID
38Common protocolsIP (Internet Protocol), UDP (User Datagram Protocol), POP3 (Post Office Protocol 3)TCP (Transmission Control Protocol)DHCP (Dynamic Host Configuration Protocol)HTTP (Hypertext Transfer Protocol)FTP (File Transfer Protocol), Telnet (Telnet Remote Protocol)SOAP (Simple Object Access Protocol)SSH (Secure Shell Remote Protocol)SMTP (Simple Mail Transfer Protocol)IMAP (Internet Message Access Protocol)
39TCP vs. UDPTCP is the most commonly used protocol on the Internet. The reason for this is because TCP offers error correction. When the TCP protocol is used there is a "guaranteed delivery." This is due largely in part to a method called "flow control."
40A "flow control" MethodFlow control determines when data needs to be re-sent, and stops the flow of data until previous packets are successfully transferred.This works because if a packet of data is sent, a collision may occur.
41A "flow control" MethodWhen this happens, the client re-requests the packet from the server until the whole packet is complete and is identical to its original.
42TCP vs. UDPUDP is another commonly used protocol on the Internet. However, UDP is rarely used to send important data such as WebPages, database information, etc; UDP is commonly used for streaming audio and video. Streaming media such as Windows Media audio files (.WMA) , Real Player (.RM), and others use UDP because it offers speed!
43UDP is faster than TCPThe reason UDP is faster than TCP is because there is no form of flow control or error correction. The data sent over the Internet is affected by collisions, and errors will be present. Remember that UDP is only concerned with speed.This is the main reason why streaming media is not high quality if UDP selected.
44Streaming media protocols: RTSP, MMS… RTSP protocol is the default protocol for streaming Windows Media. RTSP is also used for streaming RealMedia/RealVideo/RealAudio, streaming QuickTime video (.mov, .mp4, .sdp streams).MMS protocol is used for streaming Windows Media only.RTSP using UDP is called RTSPURTSP using TCP is called RTSPTMMS using UDP is called MMSUMMS using TCP is called MMSTPNM protocol is used for RealMedia/RealVideo/RealAudio streaming only. RTMP protocol is used for Flash audio and video streams only. Media files can also be streamed through HTTP or other protocols.The majority of streams are streamed through HTTP, RTSP, MMS and RTMP. PNM protocol is usually not used on the newest servers, but such streams are not very rare.44
45The Internet Protocol (IP) IP is the primary protocol of the Internet Protocol SuiteThe IP protocol delivering distinguished protocol datagrams (packets) from the source host to the destination host based on their addresses.The IP is a protocol used for communicating data across a packet-switched internetwork using the Internet Protocol Suite, also referred to as TCP/IP
46Hypertext Transfer Protocol (HTTP) The HTTP protocol is a request/response protocolMost HTTP communication is initiated by a user agent - which submits HTTP requests - is also referred to as the user agent.The responding server—which stores or creates resources such as HTML files and images—may be called the origin server.Uniform Resource Locators (URLs)—using the http or https URI schemes
47FUNDAMENTALS OF HTTPHTTP is the foundation protocol of the World Wide Web.HTTP is an application level protocol in the TCP/IP protocol suite, using TCPas the underlying Transport Layer protocol for transmitting messages.The fundamental things worth knowing about the HTTP protocol and the structure of HTTP messages are:
48The Structure of HTTP messages 1. The HTTP protocol uses the request/response paradigm, meaning that an HTTP client program sends an HTTP request message to an HTTP server, which returns an HTTP response message.2. The structure of request and response messages is similar to that of messages; they consist of a group of lines containing message headers, followed by a blank line, followed by a message body.3. HTTP is a stateless protocol, meaning that it has no explicit support for the notion of state. An HTTP transaction consists of a single request from a client to a server, followed by a single response from the server back to the client.Do you have an HTTP client on your PC?stateless protocol: USPS vs UPS (somebody home/or not)
49What is HTML? HTML is a language for describing web pages. HTML stands for Hyper Text Markup LanguageHTML is not a programming language, it is a markup languageA markup language is a set of markup tagsHTML uses markup tags to describe web pages
50LAB Exercise Ref. Materials: Open Notepad Open NotepadBuild simple Website (Title; Body; Text; One Image)Open your website with IEOpen your website with FirefoxQuestions?How to view Source of the web page…
51Web ServerA Web server is a program that, using the client/server model and the World Wide Web's Hypertext Transfer Protocol, serves the files that form Web pages to Web users (whose computers contain HTTP clients that forward their requests). Every computer on the Internet that contains a Web site must have a Web server program
52Web Server Functionality Web servers often are part of Internet- and intranet-related programs for serving, downloading requests for File Transfer Protocol ( FTP ) files, and building and publishing Web pages. Choice of a Web server include compatibility with the OS and other servers, its ability to handle server-side programming, security characteristics, search engine, and site building tools
53Web Application Architecture 1. The browser sends a request for a resource to the web server.2. The web server look at the request.a. Static resources such as images and static web pages are read from disk and returned directly to the browser.b. Requests for dynamic resources are forwarded to an application server.3. The application server passes the request to the web application4. The web application prepare a response using data from the DB server when necessary.5. The response is passed back to the browser.6. The browser displays the response
55Microsoft Windows control panel Each tool in Control Panel is represented by a .cpl file in the Windows\ System folder. The .cpl files in the Windows\System folder are loaded automatically when you start Control Panel.Components of the CPHandy Windows Commands (RUN prompt)Command Prompt – cmdControl Panel – controlFirefox – firefoxInternet Explorer – iexploreInternet Properties for IE – inetcpl.cplNetwork Connections – ncpa.cpl
56Microsoft Windows control panel Components of the CP
59LAB Exercise Questions? Go to Start Run Use proper CP command and open Firefox & Internet ExplorerUse proper Hotkeys and close Firefox & Internet ExplorerUse proper CP command and open Network ConnectionsSelect Connected NICGo to PropertiesClick on Checkbox “Show icon…”Select Internet ProtocolClick Properties buttonUse proper Hotkeys and close all three windowsQuestions?
60Interviews… Boris’s Advice # 1 Remember: You are selling yourcapacity, not your knowledge!(think about the old loaded pc)
61PC, Web & Networking Knowledge How to use my PC, Web & Networking knowledge on Interview?Interview Questions:What is web based applicationDifference between App Servers and Web serversHTML file extension. What can be used and why?How to check IP address of your workstationDifference between LAN and VLANDo you need a firewall for a Web Application testing and why?How will you test cookies in web testing? What is CPU ?
63Email your answers to me for the following questions Prepare 2-3 paragraphs for your resume, based on the topics that we covered today and them to me.your answers to me for the following questionsWhat is HTML?Why do we need a firewalls?What is DNS stands for?What is CLI stands for?Describe the difference between LAN and WANReview the students materials for day 1