GREY BOX TESTING Web Apps & Networking Session 1 Boris Grinberg boris3@gmail.com

Class Duration 40 hours of instructor led sessions Homework assignments (20+ hours) 2 hours per session School Lab open during the week 10 sessions, 4 hours each Breaks: – 9:10 to 9:20 & 10:10 to 10:15

Class Rules Homework is highly recommended Questions are welcome. Q & A Time Slots: During the LAB Exercise, the last 15 minutes of each session or when you see on the slide the word Questions? No talking, browsing the Internet or online chatting during the session Cell phones must be off or on mute during the class, if you need to take a call take it outside You can leave the room during the session for urgent needs (take medicine, use restroom, important call, etc) If you see this icon, additional material is available.

Web Application Testing Understanding Architecture, Functionality, Relevant Protocols and Technologies, Business Logic Test Objectives, Testing Scope (1 tier or more), Test Approach, Test Cycles, Required Knowledge Planning Time for Learning Curve, Test Environment (build/tier down), Test Tools, Resources, Execution, Reporting… Building Environment / Execution Test Bed Preparation/Maintenance, T.P. Execution, Reporting, Releasing… Generating Reports, Analysing Results, Getting Ready for the Next Cycle or New Project…

Session 1 (4 Hours) building the ground… Here are the things that we will cover: PC Architecture & Components The IP Address: Network classes, Static and dynamic, Assignment method & How to edit IP address Networking DNS, LANs; WANs & Virtual LANs; VPN: An overview, protocols and communication Handy Networking commands and tools Common Internet protocols & Firewalls; HTML Web server: Functionality, Architecture & Authentication

Introduction to Networking The U.S. Department of Labor forecasts an increase of 58% (percent) in the network and system support job market by 2016

Networking Sessions This course will help you gain a networking knowledge, make your resume more technical, and desirable on the market Networking Sessions will cover the following topics: networking topology, Routers, GW, Proxy, networking protocols & special tools.

What do I need to know about my PC PC Architecture Hardware of a modern Personal Computer 1. Monitor 2. Motherboard 3. CPU (The Central Processing Unit) 4. RAM (Random Access Memory) Memory 5. Expansion card 6. Power supply 7. Optical disc drive 8. Hard Disk 9. Keyboard 10. Mouse

Basic computer components Input devices Keyboard · Light pen · Mouse · Microphone · Webcam Output devices Monitor · Speakers Removable data storage Compact disc/CD Drive · USB flash drive · Memory card Computer case CPU · RAM · Video card · Sound card · Motherboard · Power supply · HDD Data ports Parallel port · Universal Serial Bus (USB) · FireWire · eSATA · SCSI CPU (Central Processing Unit) Performs most of the calculations which enable a computer to function RAM (Random Access Memory) Stores all running processes (applications) and the current running OS BIOS (Basic Input Output System) The BIOS includes boot firmware and power management, the BIOS tasks are handled by operating system drivers Great Link: PC HARDWARE COMPONENTS

How to check my IP address & OS Version on PC, set TIME? Using GUI Using CMD IP Address OS Version ver open new window start close CLI – exit CMD Properties

LAB Exercise Open CMD program Use Menu-Properties and set Screen Text as Brown Use Menu-Properties and set Screen Background as White Use Menu-Properties and set Window Size Height to 50 Check and write down your IP Address, Check and write down your Subnet Mask Check and write down your Default Gateway

IP Addresses Each machine on the Internet is assigned a unique address called an IP address. IP stands for Internet protocol, and these addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this: 216.27.61.137

Domain Names As far as the Internet's machines are concerned, an IP address is all you need to talk to a server. Because it is hard to remember the strings of numbers that make up IP addresses, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, www.portnov.com is a permanent, human-readable name. It is easier for most of us to remember www.portnov.com than it is to remember 65.254.231.113

Domain Name Servers Diagram A set of servers called domain name servers (DNS) maps the human-readable names to the IP addresses. These servers are simple databases that map names to IP addresses, and they are distributed all over the Internet.

Domain Name Servers (DNS) Most individual companies, ISPs and universities maintain small name servers to map host names to IP addresses. There are also central name servers that use data supplied by VeriSign to map domain names to IP addresses

The IP Address network classes The IP address usually is unique and provides a network identify for the node. The entire IP address is separated into two parts: the network part and the host part. Figure shows an example of the difference in network classes

The IP Address – IPv4 An IPv4 address is a 32-bit number that is divided into four fields, called octets, separated by dots. Each octet represents 8 bits of the total 32-bit number We will talk and learn more about bits and bytes on our second session

Static and Dynamic IP addresses When a computer is configured to use the same IP address each time it powers up, this is known as a Static IP address. In contrast, in situations when the computer's IP address is assigned automatically, it is a Dynamic IP address. How to verify your IP Settings? (CLI & GUI)

The private IP address The private address space specified in RFC 1918 is defined by the following 3 address blocks: The range of valid IP addresses: 10.0.0.1 to 10.255.255.254 It is a class A network ID and it has 24 host bits that can be used for any sub-netting scheme within the private organization. The range of valid IP addresses: 172.16.0.1 to 172.31.255.254 This private network can be interpreted either as a block of 16 class B network IDs or as a 20-bit assignable address space (20 host bits) that can be used for any subnetting scheme within the private organization. The range of valid IP addresses: 192.168.0.1 to 192.168.255.254 This private network can be interpreted either as a block of 256 class C network IDs or as a 16-bit assignable address space (16 host bits) that can be used for any sub-netting scheme within the private organization. Note: RFC - Request For Comment

Method of IP addresses assignment An administrator or user manually assigns static IP addresses to a computer. Dynamic IP addresses are most frequently assigned on LANs and broadband networks by Dynamic Host Configuration Protocol (DHCP) servers. They are used because it avoids the administrative work of assigning specific static addresses to each device on a network. It also allows many devices to share limited address space on a network if only some of them will be online at a particular time. In most current desktop operating systems, dynamic IP configuration is enabled by default so that a user does not need to manually enter any settings to connect to a network with a DHCP server

How to edit my IP address? Ipconfig (ipconfig/all) – The command will display the IP address, subnet mask and default gateway for each adapter bound to TCP/IP. Ipconfig/release - The command will release the IP address for the specified adapter Ipconfig/renew - The command will renew the IP address for the specified adapter. Ipconfig/? – Display help message

LAB Exercise Open CMD and Notepad programs Check and copy your IP Address. (Problems?) Use Menu-Properties-Options and set Quick Edit Mode Release your settings Copy your new settings in the Notepad Renew your settings Copy your new settings in the Notepad and compare with the original settings. Questions?

Networks: LAN, WAN, VLAN, VPN

LAN. Local Area Networks A local area network ( is a computer network covering a small physical area, like a home, office, or small group of buildings, such as a school, or a hospital)

WAN. Wide Area Network A WAN is a computer network that covers a broad area. WANs are used to connect LANs and other types of networks together

VLAN. Virtual LANs VLANs is a group of devices on different physical LAN segments which can communicate with each other as if they were all on the same physical LAN segment Using neighbor’s internet 

VLAN architecture benefits Simplification of software configurations Physical topology independence, improved manageability, increased security options Increased performance Using neighbor’s internet 

VPN - Virtual Private Network A VPN is a secure, private communication tunnel between two or more devices across a public network (like the Internet). These VPN devices can be either a computer running VPN software or a special device like a VPN enabled router.

VPN - An overview Even though a VPN’s data travels across a public network like the Internet, it is secure because of very strong encryption. If anyone ‘listens’ to the VPN communications, they will not understand it because all the data is encrypted. In addition, VPN’s monitor their traffic in very sophisticated ways that ensure packets never get altered while traveling across the public network. Encryption and data verification is very CPU intensive.

VPN Languages There are two major 'languages' or protocols that VPN's speak. Microsoft uses PPTP or Point to Point Tunneling Protocol and most everyone else uses IPSec - Internet Protocol Security. Most broadband routers can pass PPTP traffic by forwarding port 1723 but IPSec is more complex. If your router does not explicitly support IPSEC pass through, then even placing your computer in the DMZ might not work. PPTP has 'good' encryption and also features 'authentication' for verifying a user ID and password. IPSec is purely an encryption model and is much safer but does not include authentication routines. A third standard, L2TP is IPSec with authentication built in.

VPN - Clients and Servers A VPN server is a piece of hardware or software that can acts as a gateway into a whole network or a single computer. It is generally ‘always on’ and listening for VPN clients to connect to it. A VPN Client is most often a piece of software but can be hardware too.

VPN communication A VPN Client is most often a piece of software but can be hardware too. Each client initiates a ‘call’ to the server and logs on. Now they can communicate. They are on the same ‘virtual’ network. Many broadband routers can 'pass' one or more VPN sessions from your LAN to the Internet. Each router handles this differently.

Handy Networking Commands/Tools Ping (Trivial File Transfer Protocol (TFTP)) (Network Trouble shooting) Tracert Traceroute is a computer network tool used to determine the route taken by packets across an IP network. Taskmgr Windows Task Manager provides detailed information about computer performance, running applications, processes and CPU usage and memory information Can also be used to set process priorities, forcibly terminate processes, and shut down, restart, hibernate or log off from Windows perfmon (Finding memory bottlenecks, processor bottlenecks, network bottlenecks, etc)

LAB Exercise Open CMD and Windows Task Manager Use Windows Task Manager Watch current number of running processes & CPU Usage Write Application name (e.g. Wordpad ) into Run and click OK Verify changes: …running processes & CPU Usage Find related process and kill it. Watch changes. Ping (portnov.com; cnn.com; rbreporting.com). Analyze results. Questions?

Firewall A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through Somebody knock in your door… Кто там?

Methods to control traffic flow Firewalls use one or more of three methods to control traffic flowing in and out of the network: Packet filtering Proxy service Stateful inspection Proxy service: zip + PO Box Stateful inspection: show me your ID?

Packet filtering, Proxy service & Stateful inspection Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded. Proxy service: zip + PO Box Stateful inspection: show me your ID

Common protocols IP (Internet Protocol), UDP (User Datagram Protocol), POP3 (Post Office Protocol 3) TCP (Transmission Control Protocol) DHCP (Dynamic Host Configuration Protocol) HTTP (Hypertext Transfer Protocol) FTP (File Transfer Protocol), Telnet (Telnet Remote Protocol) SOAP (Simple Object Access Protocol) SSH (Secure Shell Remote Protocol) SMTP (Simple Mail Transfer Protocol) IMAP (Internet Message Access Protocol)

TCP vs. UDP TCP is the most commonly used protocol on the Internet. The reason for this is because TCP offers error correction. When the TCP protocol is used there is a "guaranteed delivery." This is due largely in part to a method called "flow control."

A "flow control" Method Flow control determines when data needs to be re-sent, and stops the flow of data until previous packets are successfully transferred. This works because if a packet of data is sent, a collision may occur.

A "flow control" Method When this happens, the client re-requests the packet from the server until the whole packet is complete and is identical to its original.

TCP vs. UDP UDP is another commonly used protocol on the Internet. However, UDP is rarely used to send important data such as WebPages, database information, etc; UDP is commonly used for streaming audio and video. Streaming media such as Windows Media audio files (.WMA) , Real Player (.RM), and others use UDP because it offers speed!

UDP is faster than TCP The reason UDP is faster than TCP is because there is no form of flow control or error correction. The data sent over the Internet is affected by collisions, and errors will be present. Remember that UDP is only concerned with speed. This is the main reason why streaming media is not high quality if UDP selected.

Streaming media protocols: RTSP, MMS… RTSP protocol is the default protocol for streaming Windows Media. RTSP is also used for streaming RealMedia/RealVideo/RealAudio, streaming QuickTime video (.mov, .mp4, .sdp streams). MMS protocol is used for streaming Windows Media only. RTSP using UDP is called RTSPU RTSP using TCP is called RTSPT MMS using UDP is called MMSU MMS using TCP is called MMST PNM protocol is used for RealMedia/RealVideo/RealAudio streaming only. RTMP protocol is used for Flash audio and video streams only. Media files can also be streamed through HTTP or other protocols. The majority of streams are streamed through HTTP, RTSP, MMS and RTMP. PNM protocol is usually not used on the newest servers, but such streams are not very rare. 44

The Internet Protocol (IP) IP is the primary protocol of the Internet Protocol Suite The IP protocol delivering distinguished protocol datagrams (packets) from the source host to the destination host based on their addresses. The IP is a protocol used for communicating data across a packet-switched internetwork using the Internet Protocol Suite, also referred to as TCP/IP

Hypertext Transfer Protocol (HTTP) The HTTP protocol is a request/response protocol Most HTTP communication is initiated by a user agent - which submits HTTP requests - is also referred to as the user agent. The responding server—which stores or creates resources such as HTML files and images—may be called the origin server. Uniform Resource Locators (URLs)—using the http or https URI schemes

FUNDAMENTALS OF HTTP HTTP is the foundation protocol of the World Wide Web. HTTP is an application level protocol in the TCP/IP protocol suite, using TCP as the underlying Transport Layer protocol for transmitting messages. The fundamental things worth knowing about the HTTP protocol and the structure of HTTP messages are:

The Structure of HTTP messages 1. The HTTP protocol uses the request/response paradigm, meaning that an HTTP client program sends an HTTP request message to an HTTP server, which returns an HTTP response message. 2. The structure of request and response messages is similar to that of e-mail messages; they consist of a group of lines containing message headers, followed by a blank line, followed by a message body. 3. HTTP is a stateless protocol, meaning that it has no explicit support for the notion of state. An HTTP transaction consists of a single request from a client to a server, followed by a single response from the server back to the client. Do you have an HTTP client on your PC? stateless protocol: USPS vs UPS (somebody home/or not)

What is HTML? HTML is a language for describing web pages. HTML stands for Hyper Text Markup Language HTML is not a programming language, it is a markup language A markup language is a set of markup tags HTML uses markup tags to describe web pages

LAB Exercise Ref. Materials: Open Notepad http://www.w3schools.com/html/default.asp http://www.htmlcodetutorial.com/quicklist.html http://www.devx.com/projectcool/Article/19816 http://www.ietf.org/rfc/rfc2616.txt Open Notepad Build simple Website (Title; Body; Text; One Image) Open your website with IE Open your website with Firefox Questions? How to view Source of the web page…

Web Server A Web server is a program that, using the client/server model and the World Wide Web's Hypertext Transfer Protocol, serves the files that form Web pages to Web users (whose computers contain HTTP clients that forward their requests). Every computer on the Internet that contains a Web site must have a Web server program

Web Server Functionality Web servers often are part of Internet- and intranet-related programs for serving e-mail, downloading requests for File Transfer Protocol ( FTP ) files, and building and publishing Web pages. Choice of a Web server include compatibility with the OS and other servers, its ability to handle server-side programming, security characteristics, search engine, and site building tools

Web Application Architecture 1. The browser sends a request for a resource to the web server. 2. The web server look at the request. a. Static resources such as images and static web pages are read from disk and returned directly to the browser. b. Requests for dynamic resources are forwarded to an application server. 3. The application server passes the request to the web application 4. The web application prepare a response using data from the DB server when necessary. 5. The response is passed back to the browser. 6. The browser displays the response

Web Server Authentication

Microsoft Windows control panel Each tool in Control Panel is represented by a .cpl file in the Windows\ System folder. The .cpl files in the Windows\System folder are loaded automatically when you start Control Panel. Components of the CP Handy Windows Commands (RUN prompt) Command Prompt – cmd Control Panel – control Firefox – firefox Internet Explorer – iexplore Internet Properties for IE – inetcpl.cpl Network Connections – ncpa.cpl

Microsoft Windows control panel Components of the CP

Windows Hotkeys (set 1)

Windows Hotkeys (set 2)

LAB Exercise Questions? Go to Start Run Use proper CP command and open Firefox & Internet Explorer Use proper Hotkeys and close Firefox & Internet Explorer Use proper CP command and open Network Connections Select Connected NIC Go to Properties Click on Checkbox “Show icon…” Select Internet Protocol Click Properties button Use proper Hotkeys and close all three windows Questions?

Interviews… Boris’s Advice # 1 Remember: You are selling your capacity, not your knowledge! (think about the old loaded pc)

PC, Web & Networking Knowledge How to use my PC, Web & Networking knowledge on Interview? Interview Questions: What is web based application Difference between App Servers and Web servers HTML file extension. What can be used and why? How to check IP address of your workstation Difference between LAN and VLAN Do you need a firewall for a Web Application testing and why? How will you test cookies in web testing?  What is CPU ?

Email your answers to me for the following questions Prepare 2-3 paragraphs for your resume, based on the topics that we covered today and email them to me. Email your answers to me for the following questions What is HTML? Why do we need a firewalls? What is DNS stands for? What is CLI stands for? Describe the difference between LAN and WAN Review the students materials for day 1

Q & A Session ? ? ? ? ?