1 grey box testing web apps & networking session 1 boris grinberg [email protected]
TRANSCRIPT
2
Class Duration
• 40 hours of instructor led sessions• Homework assignments (20+ hours)
– 2 hours per session
• School Lab open during the week• 10 sessions, 4 hours each• Breaks: – 9:10 to 9:20 & 10:10 to
10:15
3
Class Rules• Homework is highly recommended• Questions are welcome.
– Q & A Time Slots: During the LAB Exercise, the last 15 minutes of each session or when you see on the slide the word Questions?
– No talking, browsing the Internet or online chatting during the session
– Cell phones must be off or on mute during the class, if you need to take a call take it outside
– You can leave the room during the session for urgent needs (take medicine, use restroom, important call, etc)
• If you see this icon, additional material is available.
4
Web Application Testing• Understanding
– Architecture, Functionality, Relevant Protocols and Technologies, Business Logic
– Test Objectives, Testing Scope (1 tier or more), Test Approach, Test Cycles, Required Knowledge
• Planning– Time for Learning Curve, Test Environment
(build/tier down), Test Tools, Resources, Execution, Reporting…
• Building Environment / Execution– Test Bed Preparation/Maintenance, T.P. Execution,
Reporting, Releasing…
• Generating Reports, Analysing Results, Getting Ready for the Next Cycle or New Project…
5
Session 1 (4 Hours)building the ground…
• Here are the things that we will cover:– PC Architecture & Components– The IP Address:
• Network classes, Static and dynamic, Assignment method & How to edit IP address
– Networking• DNS, LANs; WANs & Virtual LANs;• VPN: An overview, protocols and communication• Handy Networking commands and tools
– Common Internet protocols & Firewalls; HTML– Web server:
• Functionality, Architecture & Authentication
6
Introduction to NetworkingThe U.S. Department of Labor forecasts an increase of 58% (percent) in the network and system support job market by 2016
7
Networking Sessions
• This course will help you gain a networking knowledge, make your resume more technical, and desirable on the market
• Networking Sessions will cover the following topics: networking topology, Routers, GW, Proxy, networking protocols & special tools.
8
What do I need to know about my PC
• PC Architecture– Hardware of a modern Personal
Computer 1. Monitor
2. Motherboard
3. CPU (The Central Processing Unit)
4. RAM (Random Access Memory) Memory
5. Expansion card
6. Power supply
7. Optical disc drive
8. Hard Disk
9. Keyboard
10. Mouse
9
Computer Components
• CPU (Central Processing Unit) Performs most of the calculations which enable a computer to function
• RAM (Random Access Memory) Stores all running processes (applications) and the current running OS
• BIOS (Basic Input Output System) The BIOS includes boot firmware and power management, the BIOS tasks are handled by operating system drivers
• Great Link: PC HARDWARE COMPONENTS
Basic computer components
Input devices Keyboard · Light pen · Mouse · Microphone · Webcam
Output devices Monitor · Speakers
Removable data storage
Compact disc/CD Drive · USB flash drive · Memory card
Computer case CPU · RAM · Video card · Sound card · Motherboard · Power supply · HDD
Data ports Parallel port · Universal Serial Bus (USB) · FireWire · eSATA · SCSI
10
How to check my IP address & OS Version on PC, set TIME?1. Using GUI2. Using CMD
– IP Address– OS Version
• ver
– open new window • start
– close CLI – • exit
– CMD Properties
11
LAB Exercise
• Open CMD program• Use Menu-Properties and set Screen Text
as Brown• Use Menu-Properties and set Screen
Background as White• Use Menu-Properties and set Window Size
Height to 50• Check and write down your IP Address,• Check and write down your Subnet Mask• Check and write down your Default
Gateway
12
IP Addresses
• Each machine on the Internet is assigned a unique address called an IP address. IP stands for Internet protocol, and these addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this:
• 216.27.61.137
13
Domain Names
• As far as the Internet's machines are concerned, an IP address is all you need to talk to a server.
• Because it is hard to remember the strings of numbers that make up IP addresses, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, www.portnov.com is a permanent, human-readable name. It is easier for most of us to remember www.portnov.com than it is to remember 65.254.231.113
14
Domain Name Servers Diagram
• A set of servers called domain name servers (DNS) maps the human-readable names to the IP addresses.
• These servers are simple databases that map names to IP addresses, and they are distributed all over the Internet.
15
Domain Name Servers (DNS)
• Most individual companies, ISPs and universities maintain small name servers to map host names to IP addresses.
• There are also central name servers that use data supplied by VeriSign to map domain names to IP addresses
16
The IP Address network classes
• The IP address usually is unique and provides a network identify for the node.
• The entire IP address is separated into two parts: the network part and the host part. Figure shows an example of the difference in network classes
17
The IP Address – IPv4
• An IPv4 address is a 32-bit number that is divided into four fields, called octets, separated by dots. Each octet represents 8 bits of the total 32-bit number
• We will talk and learn more about bits and bytes on our second session
18
Static and Dynamic IP addresses
When a computer is configured to use the same IP address each time it powers up, this is known as a Static IP address. In contrast, in situations when the computer's IP address is assigned automatically, it is a Dynamic IP address.
• How to verify your IP Settings? (CLI & GUI)
19
The private IP address
The private address space specified in RFC 1918 is defined by the following 3 address blocks:
1. The range of valid IP addresses: 10.0.0.1 to 10.255.255.254 It is a class A network ID and it has 24 host bits that can be used for any sub-netting scheme within the private organization.
2. The range of valid IP addresses: 172.16.0.1 to 172.31.255.254 This private network can be interpreted either as a block of 16 class B network IDs or as a 20-bit assignable address space (20 host bits) that can be used for any subnetting scheme within the private organization.
3. The range of valid IP addresses: 192.168.0.1 to 192.168.255.254 This private network can be interpreted either as a block of 256 class C network IDs or as a 16-bit assignable address space (16 host bits) that can be used for any sub-netting scheme within the private organization.
Note: RFC - Request For Comment
20
Method of IP addresses assignment• An administrator or user manually assigns static IP
addresses to a computer.• Dynamic IP addresses are most frequently assigned
on LANs and broadband networks by Dynamic Host Configuration Protocol (DHCP) servers. They are used because it avoids the administrative work of assigning specific static addresses to each device on a network. It also allows many devices to share limited address space on a network if only some of them will be online at a particular time.
• In most current desktop operating systems, dynamic IP configuration is enabled by default so that a user does not need to manually enter any settings to connect to a network with a DHCP server
21
How to edit my IP address?
• Ipconfig (ipconfig/all) – The command will display the IP address, subnet mask and default gateway for each adapter bound to TCP/IP.
• Ipconfig/release - The command will release the IP address for the specified adapter
• Ipconfig/renew - The command will renew the IP address for the specified adapter.
• Ipconfig/? – Display help message
22
LAB Exercise
• Open CMD and Notepad programs• Check and copy your IP Address.
(Problems?)• Use Menu-Properties-Options and set
Quick Edit Mode• Release your settings • Copy your new settings in the Notepad• Renew your settings• Copy your new settings in the Notepad
and compare with the original settings. • Questions?
23
Networks: LAN, WAN, VLAN, VPN
24
LAN. Local Area Networks
• A local area network ( is a computer network covering a small physical area, like a home, office, or small group of buildings, such as a school, or a hospital)
25
WAN. Wide Area Network
• A WAN is a computer network that covers a broad area.
• WANs are used to connect LANs and other types of networks together
26
VLAN. Virtual LANs
• VLANs is a group of devices on different physical LAN segments which can communicate with each other as if they were all on the same physical LAN segment
27
VLAN architecture benefits
• Simplification of software configurations• Physical topology independence,
improved manageability, increased security options
• Increased performance
28
VPN - Virtual Private Network
• A VPN is a secure, private communication tunnel between two or more devices across a public network (like the Internet).
• These VPN devices can be either a computer running VPN software or a special device like a VPN enabled router.
29
VPN - An overview
• Even though a VPN’s data travels across a public network like the Internet, it is secure because of very strong encryption.
• If anyone ‘listens’ to the VPN communications, they will not understand it because all the data is encrypted.
• In addition, VPN’s monitor their traffic in very sophisticated ways that ensure packets never get altered while traveling across the public network. Encryption and data verification is very CPU intensive.
30
VPN Languages
• There are two major 'languages' or protocols that VPN's speak. Microsoft uses PPTP or Point to Point Tunneling Protocol and most everyone else uses IPSec - Internet Protocol Security.
• Most broadband routers can pass PPTP traffic by forwarding port 1723 but IPSec is more complex. If your router does not explicitly support IPSEC pass through, then even placing your computer in the DMZ might not work.
• PPTP has 'good' encryption and also features 'authentication' for verifying a user ID and password. IPSec is purely an encryption model and is much safer but does not include authentication routines. – A third standard, L2TP is IPSec with authentication built in.
31
VPN - Clients and Servers
• A VPN server is a piece of hardware or software that can acts as a gateway into a whole network or a single computer.
• It is generally ‘always on’ and listening for VPN clients to connect to it.
• A VPN Client is most often a piece of software but can be hardware too.
32
VPN communication
• A VPN Client is most often a piece of software but can be hardware too.
• Each client initiates a ‘call’ to the server and logs on. Now they can communicate. – They are on the same ‘virtual’ network. Many
broadband routers can 'pass' one or more VPN sessions from your LAN to the Internet. Each router handles this differently.
33
Handy Networking Commands/Tools• Ping (Trivial File Transfer Protocol (TFTP))
(Network Trouble shooting)• Tracert Traceroute is a computer network tool
used to determine the route taken by packets across an IP network.
• Taskmgr Windows Task Manager provides detailed information about computer performance, running applications, processes and CPU usage and memory information– Can also be used to set process priorities,
forcibly terminate processes, and shut down, restart, hibernate or log off from Windows
• perfmon (Finding memory bottlenecks, processor bottlenecks, network bottlenecks, etc)
34
LAB Exercise
• Open CMD and Windows Task Manager• Use Windows Task Manager
– Watch current number of running processes & CPU Usage
• Write Application name (e.g. Wordpad ) into Run and click OK
• Verify changes: …running processes & CPU Usage
• Find related process and kill it. Watch changes.• Ping (portnov.com; cnn.com; rbreporting.com).
Analyze results.• Questions?
35
Firewall
• A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through
36
Methods to control traffic flow
• Firewalls use one or more of three methods to control traffic flowing in and out of the network:
1. Packet filtering
2. Proxy service
3. Stateful inspection
37
Packet filtering, Proxy service & Stateful inspection
1. Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded
2. Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
3. Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
38
Common protocols
• IP (Internet Protocol), UDP (User Datagram Protocol), POP3 (Post Office Protocol 3)
• TCP (Transmission Control Protocol)• DHCP (Dynamic Host Configuration Protocol)• HTTP (Hypertext Transfer Protocol)• FTP (File Transfer Protocol), Telnet (Telnet
Remote Protocol)• SOAP (Simple Object Access Protocol)• SSH (Secure Shell Remote Protocol)• SMTP (Simple Mail Transfer Protocol)• IMAP (Internet Message Access Protocol)
39
TCP vs. UDP
• TCP is the most commonly used protocol on the Internet. The reason for this is because TCP offers error correction. When the TCP protocol is used there is a "guaranteed delivery." This is due largely in part to a method called "flow control."
40
A "flow control" Method
• Flow control determines when data needs to be re-sent, and stops the flow of data until previous packets are successfully transferred.
• This works because if a packet of data is sent, a collision may occur.
41
A "flow control" Method
• When this happens, the client re-requests the packet from the server until the whole packet is complete and is identical to its original.
42
TCP vs. UDP
• UDP is another commonly used protocol on the Internet. However, UDP is rarely used to send important data such as WebPages, database information, etc; UDP is commonly used for streaming audio and video. Streaming media such as Windows Media audio files (.WMA) , Real Player (.RM), and others use UDP because it offers speed!
43
UDP is faster than TCP
• The reason UDP is faster than TCP is because there is no form of flow control or error correction. The data sent over the Internet is affected by collisions, and errors will be present. Remember that UDP is only concerned with speed.
• This is the main reason why streaming media is not high quality if UDP selected.
44
Streaming media protocols: RTSP, MMS…•RTSP protocol is the default protocol for streaming Windows Media. RTSP is also used for streaming RealMedia/RealVideo/RealAudio, streaming QuickTime video (.mov, .mp4, .sdp streams).
•MMS protocol is used for streaming Windows Media only.•RTSP using UDP is called RTSPU
•RTSP using TCP is called RTSPT
•MMS using UDP is called MMSU
•MMS using TCP is called MMST
PNM protocol is used for RealMedia/RealVideo/RealAudio streaming only. RTMP protocol is used for Flash audio and video streams only. Media files can also be streamed through HTTP or other protocols.
The majority of streams are streamed through HTTP, RTSP, MMS and RTMP. PNM protocol is usually not used on the newest servers, but such streams are not very rare.
45
The Internet Protocol (IP)
IP is the primary protocol of the Internet Protocol Suite– The IP protocol delivering distinguished
protocol datagrams (packets) from the source host to the destination host based on their addresses.
• The IP is a protocol used for communicating data across a packet-switched internetwork using the Internet Protocol Suite, also referred to as TCP/IP
46
Hypertext Transfer Protocol (HTTP)
• Most HTTP communication is initiated by a user agent - which submits HTTP requests - is also referred to as the user agent.
• The responding server—which stores or creates resources such as HTML files and images—may be called the origin server.
• Uniform Resource Locators (URLs)—using the http or https URI schemes
The HTTP protocol is a request/response protocol
47
FUNDAMENTALS OF HTTP
• HTTP is the foundation protocol of the World Wide Web.
• HTTP is an application level protocol in the TCP/IP protocol suite, using TCP
as the underlying Transport Layer protocol for transmitting messages.
The fundamental things worth knowing about the HTTP protocol and the structure of HTTP messages are:
48
The Structure of HTTP messages
• 1. The HTTP protocol uses the request/response paradigm, meaning that an HTTP client program sends an HTTP request message to an HTTP server, which returns an HTTP response message.
• 2. The structure of request and response messages is similar to that of e-mail messages; they consist of a group of lines containing message headers, followed by a blank line, followed by a message body.
• 3. HTTP is a stateless protocol, meaning that it has no explicit support for the notion of state. An HTTP transaction consists of a single request from a client to a server, followed by a single response from the server back to the client.
49
What is HTML?
• HTML is a language for describing web pages.
• HTML stands for Hyper Text Markup Language
• HTML is not a programming language, it is a markup language
• A markup language is a set of markup tags
• HTML uses markup tags to describe web pages
50
LAB Exercise
• Ref. Materials:– http://www.w3schools.com/html/default.asp – http://www.htmlcodetutorial.com/quicklist.ht
ml – http://www.devx.com/projectcool/Article/198
16– http://www.ietf.org/rfc/rfc2616.txt
• Open Notepad• Build simple Website (Title; Body; Text;
One Image)– Open your website with IE– Open your website with Firefox
• Questions?
51
Web Server
• A Web server is a program that, using the client/server model and the World Wide Web's Hypertext Transfer Protocol, serves the files that form Web pages to Web users (whose computers contain HTTP clients that forward their requests). Every computer on the Internet that contains a Web site must have a Web server program
52
Web Server Functionality• Web servers often are
part of Internet- and intranet-related programs for serving e-mail, downloading requests for File Transfer Protocol ( FTP ) files, and building and publishing Web pages. Choice of a Web server include compatibility with the OS and other servers, its ability to handle server-side programming, security characteristics, search engine, and site building tools
53
Web Application Architecture1. The browser sends a request for a resource to the web server.2. The web server look at the request. a. Static resources such as images and static web pages are read from disk and returned directly to the browser.b. Requests for dynamic resources are forwarded to an application server.
3. The application server passes the request to the web application4. The web application prepare a response using data from the DB server when necessary.5. The response is passed back to the browser.6. The browser displays the response
54
Web Server Authentication
55
Microsoft Windows control panel
• Each tool in Control Panel is represented by a .cpl file in the Windows\ System folder. The .cpl files in the Windows\System folder are loaded automatically when you start Control Panel.
• Components of the CP– Handy Windows Commands (RUN prompt)– Command Prompt – cmd– Control Panel – control – Firefox – firefox– Internet Explorer – iexplore– Internet Properties for IE – inetcpl.cpl – Network Connections – ncpa.cpl
56
Microsoft Windows control panel
• Components of the CPFile name PurposeAccess.cpl Accessibility propertiesAppwiz.cpl Add/Remove Programs propertiesDesk.cpl Display propertiesFindFast.cpl FindFast (included with Microsoft Office for Windows 95)Inetcpl.cpl Internet propertiesIntl.cpl Regional Settings propertiesJoy.cpl Joystick propertiesMain.cpl Mouse, Fonts, Keyboard, and Printers propertiesMlcfg32.cpl Microsoft Exchange or Windows Messaging propertiesMmsys.cpl Multimedia propertiesNetcpl.cpl Network propertiesOdbccp32.cpl Data Sources (32-bit ODBC, included w/ Microsoft Office)Password.cpl Password propertiesSticpl.cpl Scanners and Cameras propertiesSysdm.cpl System properties and Add New Hardware wizardThemes.cpl Desktop ThemesTimeDate.cpl Date/Time propertiesWgpocpl.cpl Microsoft Mail Post Office
57
Windows Hotkeys (set 1)
58
Windows Hotkeys (set 2)
59
LAB Exercise
• Go to Start Run• Use proper CP command and open Firefox & Internet
Explorer • Use proper Hotkeys and close Firefox & Internet Explorer • Use proper CP command and open Network Connections• Select Connected NIC• Go to Properties• Click on Checkbox
“Show icon…”• Select Internet
Protocol • Click Properties
button• Use proper Hotkeys
and close all three windows
• Questions?
60
Interviews… Boris’s Advice # 1
•Remember: You are selling your •capacity, not your knowledge! •(think about the old loaded pc)
61
PC, Web & Networking Knowledge
• How to use my PC, Web & Networking knowledge on Interview?
• Interview Questions:– What is web based application– Difference between App Servers and Web servers– HTML file extension. What can be used and why?– How to check IP address of your workstation– Difference between LAN and VLAN– Do you need a firewall for a Web Application testing
and why?– How will you test cookies in web testing? – What is CPU ?
62
63
• Prepare 2-3 paragraphs for your resume, based on the topics that we covered today and email them to me.
• Email your answers to me for the following questions– What is HTML?– Why do we need a firewalls?– What is DNS stands for? – What is CLI stands for? – Describe the difference between LAN and WAN
• Review the students materials for day 1
64
Q & A Session
• ? ? ? ? ?• ? ? ? ? ?• ? ? ? ? ?• ? ? ? ? ?• ? ? ? ? ?