How cookies can be dangerous !

I was just exploring the scope of  javascript injection the other day when I stumbled across this yet another dangerous element in the web, the cookies !!!

While cookies help web developers offer services and features that would require extensive programming otherwise, there are some dangerous security risks that must be understood before cookies are ever implemented into a website.

What are cookies ?

Cookie may be considered as a small piece of data sent from a website and stored in a user’s web browser while a user is browsing a website. When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user’s previous activity.  So that means only some mere information are stored in form of cookies!

So what is the big deal?

The big deal about cookies!

  • Cookies are stored in form of plain text  in user’s system. So if you have the access to local machine you have the access to their cookies.
  • Cookies are passed as plain text across the network unless explicitly encrypted.  Anyone with a sniffer can capture the cookies contents and use them as their own. If a person logs into a web application at an unprotected wireless hotspot, an attacker can grab the session value and insert it into their own cookie, thus hijacking the session from the valid user.
  • Cross site scripting can be used to steal theelements like  session ids  which can be used by the attacker to collect sensitive information or create panic by posting fake content under a stolen account.

Still I didn’t get it.

Let me take an example of foursquare.com . Read more of this post

Advertisements

Mobile App Permissions :: An analysis.

The Prologue

Mobile technology have changed the way we communicate. It literally shrinked the globe. In earlier days the mobile were simple . Less complicated , less features……….LESS RISK.

But we were not satisfied then, right. And people like us went a step ahead and made those simple phones to smart phones. Intutive OS for mobiles, more features, more advanced rather more complicated……..MORE RISK!!!!!

Today lets concentrate on a pop up that we encounter in our smart phones, that most of us don’t care to look at for more than 3-5 seconds(Be honest and this is the case), that we want to just click and get over with and that is the feature that many app are taking undue advantage from(Yes that is !!).

By norms, no mobile application can perform any operation that would “adversely impact other applications, the operating system, or the user”. If any app intends to do so, it has to explicitly seek permission from the user. The permission sought can be as simple as writing app’s own data to device storage, or as sophisticated as reading info from the user’s device.

“Through the feedback we’ve received from all of you, we now understand that the way we had designed our ‘Add Friends’ feature was wrong. We are deeply sorry if you were uncomfortable with how our application used your phone contacts ”.

—Statement released by Dave Morin CEO of Path, an iPhone app after it was discovered that this app was uploading the user’s personal data to its servers without permission. This happened in early 2012.

“Marketers are tracking smartphone users through “apps” – games and other software on their phones. Some apps collect information including location, unique serial-number-like identifiers for the phone, and personal details such as age and sex. 

Android apps like fruit ninja, Movies by Flixter, Shazam, Talking tom cat Free, foursquare and iPhone apps like Angry birds, doodle jump are transmitting data like username/password, Location, phone id, Phone number, contact details etc to app owner and third parties.”

—Read this report from WallStreet Journal 

Are permissions really such big threat

Consider this, a social media app seeks permission to read your contact details. Read more of this post

Automation Journal : Web : Part 1

Back in 1958, when the first test team was formed by Gerald M. Weinberg, nobody would have imagined that  software testing would come this far,  emerge this big as a profession. The horizon of software testing has expanded  beyond the poles, courtesy the passionate testers around us. And with passing time, Software testing has also found a new friend, in Automation.
No matter how much we debate on the importance of Test Automation, but it’s a highly undeniable fact that with Test Automation, the QA has acquired more precision and accuracy. In my own terms I consider Test Automation as an aid to Testing.  I believe Test Automation is more of a mechanism which helps Software Testers to bring sharpness in their testing.

images

In this thread of blog posts, I’ll be sharing my experience with various domain of automation . The programming language I will be using here is my favorite, Python. Read more of this post

Testing and communication : How well you communicate?

Testing space is still new to me, but as I go forward  am seeing and getting to know things I was unaware of. In this post  I would like to share or rather discuss a question. Being a tester how big role can the art to communicate play in our job? Or rather I should ask how  important can be our communication skill  be to bring out a good tester in us?

An important skill being ignored

Most of the freshers who enter the tester’s community focus majorly on their certifications, their alpha, beta gamma testing skills, their knowledge of xyz testing tools etc etc. But most of us ignore this highly important and most basic attribute of we human that segregates us from the rest of the species. The Art of communicating EFFECTIVELY! I emphasize on the word “effectively”  because science has proven that every species on this earth do communicate with each other in one or the other way minus the effectiveness thCommunicateat we human can boast off.  So the question arises, do we feel that this basic attribute of humans is too basic to be thought upon with testing in context or  Why do established testers feel that a good communicator cum tester is a deadly combo ? For these questions lets  go back to our basics for a while.

Read more of this post

A new page in my life : Software Testing

I was staring at the blank page of Microsoft Word , and this thought struck to me. So many pages of my life had been filled and so many are yet to be filled. Past has been like a roller coaster ride, both professionally and in personal front. But something in every chapter was common, at least for me.  I never knew the ending lines while writing the starting ones.  But again something was constant at all times. The dream to end every chapter  with the climax I want and wish. This was constant even when I was a child crying for toys, when I was a teenage living in the fantasy world and when I became a man grounded with realities.  Let me share with you one of the pages of my life which started few months ago.

Read more of this post

%d bloggers like this: