Archive for October, 2009

Codes and Bugs Quotes

October 29, 2009 Leave a comment
  • “All code is guilty, until proven innocent.” – Anonymous
  • “First, solve the problem. Then, write the code.” – Anonymous
  • “A code that cannot be tested is flawed.” – Anonymous
  • “Good programmers write code for humans first and computers next.” – Anonymous
  • “Don’t fix it if it ain’t broke.” – Anonymous
  • “A bug in the hand is worth two in the box.” – Anonymous
  • “The only certainties in life are death, taxes and bugs in code.” – Anonymous
  • “Failure is not an option. It comes bundled with the software.” – Anonymous
  • “Blame doesn’t fix bugs.” – Anonymous

Software Testers Quotes

October 29, 2009 Leave a comment
  • “Software testers do not make software; they only make them better.” – Anonymous
  • “The principle objective of software testing is to give confidence in the software.” – Anonymous
  • “Software testers always go to heaven; they’ve already had their fair share of hell.” – Anonymous
  • “f u cn rd ths, u cn gt a gd jb n sftwr tstng.” – Anonymous

Software Testing Quotes

October 29, 2009 Leave a comment
  • “Software testing proves the existing of bugs not their absence.” – Anonymous
  • “Alpha is simply that you want somebody to share your pain!”  – Anonymous
  • “Just because you’ve counted all the trees doesn’t mean you have seen the forest.” – Anonymous
  • “More than the act of testing, the act of designing tests is one of the best bug preventers known. The thinking that must be done to create a useful test can discover and eliminate bugs before they are coded – indeed, test-design thinking can discover and eliminate bugs at every stage in the creation of software, from conception to specification, to design , coding and the rest.” – Boris Beizer
  • ” If you don’t like unit testing your product, most likely your customers won’t like to test it either.” – Anonymous


Quality Quotes

October 29, 2009 Leave a comment

A collection of Software Testing Quotes. Some are inspirational, some are outrageous and some are stark. Be stirred!

  • “Quality is never an accident; it is always the result of intelligent effort.” – John Ruskin
  • “Quality is free, but only to those who are willing to pay heavily for it.” – T. DeMarco and T. Lister
  • “Quality is the ally of schedule and cost, not their adversary. If we have to sacrifice quality to meet schedule, it’s because we are doing the job wrong from the very beginning.” – James A. Ward
  • “The bitterness of poor quality remains long after the sweetness of meeting the schedule has been forgotten.” – Anonymous
  • “Software never was perfect and won’t get perfect. But is that a licence to create garbage? The missing ingredient is our reluctance to quantify quality.” – Boris Beizer
  • “A true professional does not waste the time and money of other people by handing over software that is not reasonably free of obvious bugs; that has not undergone minimal unit testing; that does not meet the specifications and requirements; that is gold-plated  with unnecessary features; or that looks like junk.” – Daniel Read
  • “It’s more about good enough than it is about right or wrong.” – James Bach

The Glass

October 29, 2009 Leave a comment
  • To an optimist, the glass is half full.
  • To a pessimist, the glass is half empty.
  • To a good tester, the glass is twice as big as it needs to be.
Categories: General

Why You Need To Secure Your Web Applications?

October 1, 2009 Leave a comment

Website security is possibly today’s most overlooked aspect of securing the enterprise and should be a priority in any organization.

Increasingly, hackers are concentrating their efforts on web-based applications – shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases and also allow hackers to perform illegal activities using the attacked sites. A victim’s website can be used to launch criminal activities such as hosting phishing sites or to transfer illicit content, while abusing the website’s bandwidth and making its owner liable for these unlawful acts.

Hackers already have a wide repertoire of attacks that they regularly launch against organizations including SQL Injection, Cross Site Scripting, Directory Traversal Attacks, Parameter Manipulation (e.g., URL, Cookie, HTTP headers, web Forms), Authentication Attacks, Directory Enumeration and other exploits. Moreover, the hacker community is very close-knit; newly discovered web application intrusions are posted on a number of forums and websites known only to members of that exclusive group. These are called Zero Day exploits. Postings are updated daily and are used to propagate and facilitate further hacking.

Web applications – shopping carts, forms, login pages, dynamic content, and other bespoke applications – are designed to allow your website visitors to retrieve and submit dynamic content including varying levels of personal and sensitive data.

If these web applications are not secure, then your entire database of sensitive information is at serious risk. A Gartner Group study reveals that 75% of cyber attacks are done at the web application level.

Why does this happen?

  • Websites and related web applications must be available 24 hours a day, 7 days a week to provide the required service to customers, employees, suppliers and other stakeholders.
  • Firewalls and SSL provide no protection against web application hacking, simply because access to the website has to be made public.
  • Web applications often have direct access to backend data such as customer databases and, hence, control valuable data and are much more difficult to secure.
  • Corporate web applications have large amounts of bandwidth available. Since bandwidth is expensive, for a hacker to transfer huge amounts of illegal content, they revert to steal bandwidth from others.
  • Most web applications are custom-made and, therefore, involve a lesser degree of testing than off-the-shelf software. Consequently, custom applications are more susceptible to attack.

Various high-profile hacking attacks have proven that web application security remains the most critical. If your web applications are compromised, hackers will have complete access to your backend data even though your firewall is configured correctly and your operating system and applications are patched repeatedly.

Network security defense provides no protection against web application attacks since these are launched on port 80 (default for websites) which has to remain open to allow regular operation of the business.

For the most comprehensive security strategy, it is therefore imperative that you regularly and consistently audit your web applications for exploitable vulnerabilities.

Categories: Security Testing