HTTP Status Codes

HTTP status codes are extensible and HTTP applications are not required to understand the meaning of all registered status codes. Following is a list of all the status code.

1xx: Information

Message:	Description:
100 Continue	Only a part of the request has been received by the server, but as long as it has not been rejected, the client should continue with the request
101 Switching Protocols	The server switches protocol

2xx: Successful

Message:	Description:
200 OK	The request is OK
201 Created	The request is complete, and a new resource is created
202 Accepted	The request is accepted for processing, but the processing is not complete
203 Non-authoritative Information	The information in the entity header is from a local or third-party copy, not from the original server.
204 No Content	A status code and header are given in the response, but there is no entity-body in the reply.
205 Reset Content	The browser should clear the form used for this transaction for additional input.
206 Partial Content	The server is returning partial data of the size requested. Used in response to a request specifying a Range header. The server must specify the range included in the response with the Content-Range header.

3xx: Redirection

Message:	Description:
300 Multiple Choices	A link list. The user can select a link and go to that location. Maximum five addresses
301 Moved Permanently	The requested page has moved to a new url
302 Found	The requested page has moved temporarily to a new url
303 See Other	The requested page can be found under a different url
304 Not Modified	This is the response code to an If-Modified-Since or If-None-Match header, where the URL has not been modified since the specified date.
305 Use Proxy	The requested URL must be accessed through the proxy mentioned in the Location header.
306 Unused	This code was used in a previous version. It is no longer used, but the code is reserved
307 Temporary Redirect	The requested page has moved temporarily to a new url

4xx: Client Error

Message:	Description:
400 Bad Request	The server did not understand the request
401 Unauthorized	The requested page needs a username and a password
402 Payment Required	You can not use this code yet
403 Forbidden	Access is forbidden to the requested page
404 Not Found	The server can not find the requested page
405 Method Not Allowed	The method specified in the request is not allowed
406 Not Acceptable	The server can only generate a response that is not accepted by the client
407 Proxy Authentication Required	You must authenticate with a proxy server before this request can be served
408 Request Timeout	The request took longer than the server was prepared to wait
409 Conflict	The request could not be completed because of a conflict
410 Gone	The requested page is no longer available
411 Length Required	The "Content-Length" is not defined. The server will not accept the request without it
412 Precondition Failed	The precondition given in the request evaluated to false by the server
413 Request Entity Too Large	The server will not accept the request, because the request entity is too large
414 Request-url Too Long	The server will not accept the request, because the url is too long. Occurs when you convert a "post" request to a "get" request with a long query information
415 Unsupported Media Type	The server will not accept the request, because the media type is not supported
416 Requested Range Not Satisfiable	The requested byte range is not available and is out of bounds.
417 Expectation Failed	The expectation given in an Expect request-header field could not be met by this server.

5xx: Server Error

Message:	Description:
500 Internal Server Error	The request was not completed. The server met an unexpected condition
501 Not Implemented	The request was not completed. The server did not support the functionality required
502 Bad Gateway	The request was not completed. The server received an invalid response from the upstream server
503 Service Unavailable	The request was not completed. The server is temporarily overloading or down
504 Gateway Timeout	The gateway has timed out
505 HTTP Version Not Supported	The server does not support the "http protocol" version

What is HTTP ?

HTTP, the Hypertext Transfer Protocol, is the application-level protocol that is used t- transfer data on the Web. HTTP comprises the rules by which Web browsers and servers exchange information. Although most people think of HTTP only in the context of the World-Wide Web, it can be, and is, used for other purposes, such as distributed object management systems.

How Does HTTP Work?

HTTP Is a request-response protocol. For example, a Web browser initiates a request t- a server, typically by opening a TCP/IP connection. The request itself comprises

- a request line,
- a set of request headers, and
- an entity.

The server sends a response that comprises

- a status line,
- a set of response headers, and
- an entity.

The entity in the request or response can be thought of simply as the payload, which may be binary data. The other items are readable ASCII characters. When the response has been completed, either the browser or the server may terminate the TCP/IP connection, or the browser can send another request.

Security Testing

Security Testing is a process to determine that an information system protects data and maintains functionality as intended. The security testing is performed to check whether there is any information leakage in the sense by encrypting the application or using wide range of software’s and hardware's and firewall etc.

The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, availability, authorization and non-repudiation. Security testing as a term has a number of different meanings and can be completed in a number of different ways.

Broken Access Control Flaw

Access control, sometimes called authorization, is how a web application grants access to content and functions to some users and not others. These checks are performed after authentication, and govern what ‘authorized’ users are allowed to do. Access control sounds like a simple problem but is insidiously difficult to implement correctly. A web application’s access control model is closely tied to the content and functions that the site provides. In addition, the users may fall into a number of groups or roles with different abilities or privileges.

Introduction to Same Origin Policy (SOP)

Same Origin Policy (SOP), also called Single Origin Policy, is a security measure used in Web browser programming languages such as JavaScript and Ajax to protect the confidentiality and integrity of information. Same Origin Policy prevents a web site's scripts from accessing and interacting with scripts used on other sites.

HTTP cookies are dependent on the Same Origin Policy to ensure that sensitive information held about a certain user's activity pertains only to one site. Requiring scripts to be from the same site, or have the same origin, in order to interact with each other without restriction allows browsers to maintain user sessions securely without user re-authentication.

SQL Injection

SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.

Difference & Similarity between HTTP and HTTPS

Similarity between HTTP and HTTPS

In many ways, https is identical to http, because it follows the same basic protocols. The http or https client, such as a Web browser, establishes a connection to a server on a standard port. When a server receives a request, it returns a status and a message, which may contain the requested information or indicate an error if part of the process malfunctioned. Both systems use the same Uniform Resource Identifier (URI) scheme, so that resources can be universally identified. Use of https in a URI scheme rather than http indicates that an encrypted connection is desired.

Difference between HTTP and HTTPS

1. URL begins with “http://" in case of HTTP while the URL begins with “https://” in case of HTTPS.
2. HTTP is unsecured while HTTPS is secured.
3. HTTP uses port 80 for communication while HTTPS uses port 443 for communication.
4. HTTP operates at Application Layer while HTTPS operates at Transport Layer.
5. No encryption is there in HTTP while HTTPS uses encryption.
6. No certificates required in HTTP while certificates required in HTTPS.

What is HTTPS?

What is HTTPS?

HTTPS (Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol developed by Netscape.

One can say: HTTPS = HTTP + SSL

HTTPS uses Secure Socket Layer (SSL) as a sublayer under its regular HTTP application layering.

Need of HTTPS:

Hypertext Transfer Protocol (HTTP) is a protocol for transmitting and receiving information across the Internet. HTTP serves as a request and response procedure that all agents on the Internet follow so that information can be rapidly, easily, and accurately disseminated between servers, which hold information, and clients, who are trying to access it. You normally use HTTP when you are browsing the web, its not secure, so someone can eavesdrop on the conversation between your computer and the web server. In many cases, clients may be exchanging confidential information with a server, which needs to be secured in order to prevent unauthorized access. For this reason, https, or secure http, was developed by Netscape corporation to allow authorization and secured transactions.

Security Testing Cheat List

Information Gathering

Manually explore the site
Spider/crawl for missed or hidden content
Check for files that expose content, such as robots.txt, sitemap.xml, .DS_Store
Check the caches of major search engines for publicly accessible sites
Check for differences in content based on User Agent (eg, Mobile sites, access as a Search engine Crawler)
Perform Web Application Fingerprinting
Identify technologies used
Identify user roles
Identify application entry points
Identify client-side code
Identify multiple versions/channels (e.g. web, mobile web, mobile app, web services)
Identify co-hosted and related applications
Identify all hostnames and ports
Identify third-party hosted content

Downloading and Installing JMeter

Jmeter is a Java application, so a JRE or SDK first needs to be installed with a JAVA_HOME environment variable.

Jmeter can be downloaded in the below link:

http://jmeter.apache.org/download_jmeter.cgi

- Download Jmeter, and install by unzipping the .zip or .tgz file in any directory.
- Go to jakarta-jmeter Directory (Directory in which the .zip of .tgz file is unzipped)
- Type ./bin/jmeter on command prompt(for Unix) or Run bin/jmeter.bat (for Windows)
- JMeter is ready to test application.

Run jmeter.bat file in bin directory of  jakarta-jmeter Directory.

Performance Test Plan

Before executing any performance test, we should prepare a performance test plan. A good performance plan makes us prepare to look into foreseen issues and risks. Even a good performance plan can also give fair idea of goal or objective of performance test.

A good performance test plan should cover at least below mentioned points:

1. Overview

- Objective
- Scope
- References

2. Requirements

- Hardware
- Software
- Automation tools
- Test Environment

3. Approach

- Script Development
- Load Criteria
- Test Execution
- Status and Issue Reporting

4. Performance Deliverables

- Test Plan
- Primary Test Report
- Status Report (Daily or Periodic)
- Final Test Report

5. Resources Planning and Scheduling

- Application Learning Schedule
- Test Case creation Schedule
- Test Execution Schedule
- Equipment Gathering Schedule (including automation tools and system /devices)
- Resource Allocation

6. Metrics

- Transactions per second (TPS)
- Hits per second
- Concurrent connections
- Throughput

7. Entry and Exit Criteria

8. Assumption

9. Risk Assessment

- Resource Risk
- Technology Risk
- Schedule Risk

10. Limitations

Performance Testing Tools

Below is the comprehensive list of most widely used performance testing tools for measuring web application performance and load stress capacity. These load testing tools will ensure your application performance in peak traffic and extreme stress conditions.

The list includes open source as well as licensed performance testing tools. But almost all licensed tools have free trial version so that you can get chance to work hands-on before deciding which is the best tool for your needs.

Configuring Jmeter Classpath

JMeter automatically finds classes from jars in the following directories:

JMETER_HOME/lib - used for utility jars
JMETER_HOME/lib/ext - used for JMeter components and plugins

If you have developed new JMeter components, then you should jar them and copy the jar into JMeter's lib/ext directory. JMeter will automatically find JMeter components in any jars found here. Do not use lib/ext for utility jars or dependency jars used by the plugins; it is only intended for JMeter components and plugins.

TestNG vs Junit Annotations

Feature	JUnit 4	TestNG
test annotation	@Test	@Test
run before all tests in this suite have run	–	@BeforeSuite
run after all tests in this suite have run	–	@AfterSuite
run before the test	–	@BeforeTest
run after the test	–	@AfterTest
run before the first test method that belongs to any of these groups is invoked	–	@BeforeGroups
run after the last test method that belongs to any of these groups is invoked	–	@AfterGroups
run before the first test method in the current class is invoked	@BeforeClass	@BeforeClass
run after all the test methods in the current class have been run	@AfterClass	@AfterClass
run before each test method	@Before	@BeforeMethod
run after each test method	@After	@AfterMethod
ignore test	@ignore	@Test(enbale=false)
expected exception	@Test(expected = ArithmeticException.class)	@Test(expectedExceptions = ArithmeticException.class)
timeout	@Test(timeout = 1000)	@Test(timeout = 1000)

TestNG Annotations with Description

Annotation	Description
@BeforeSuite	The annotated method will be run only once before all tests in this suite have run.
@AfterSuite	The annotated method will be run only once after all tests in this suite have run.
@BeforeClass	The annotated method will be run only once before the first test method in the current class is invoked.
@AfterClass	The annotated method will be run only once after all the test methods in the current class have been run.
@BeforeTest	The annotated method will be run before any test method belonging to the classes inside the <test> tag is run.
@AfterTest	The annotated method will be run after all the test methods belonging to the classes inside the <test> tag have run.
@BeforeGroups	The list of groups that this configuration method will run before. This method is guaranteed to run shortly before the first test method that belongs to any of these groups is invoked.
@AfterGroups	The list of groups that this configuration method will run after. This method is guaranteed to run shortly after the last test method that belongs to any of these groups is invoked.
@BeforeMethod	The annotated method will be run before each test method.
@AfterMethod	The annotated method will be run after each test method.
@DataProvider	Marks a method as supplying data for a test method. The annotated method must return an Object[ ][ ] where each Object[ ] can be assigned the parameter list of the test method. The @Test method that wants to receive data from this DataProvider needs to use a dataProvider name equals to the name of this annotation.
@Factory	Marks a method as a factory that returns objects that will be used by TestNG as Test classes. The method must return Object[ ].
@Listeners	Defines listeners on a test class.
@Parameters	Describes how to pass parameters to a @Test method.
@Test	Marks a class or a method as part of the test.

Webdriver Script : Scrolling A Page

/*********************************

Title  : Scrolling Page
Author : Gaurav Khanna

 *********************************/

package com.gaurav.webdriver;

import org.openqa.selenium.JavascriptExecutor;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.firefox.FirefoxDriver;
import org.testng.annotations.Test;

public class ScrollingPage {

// Declaring variable 'webDriver' of WebDriver Type
WebDriver webDriver;

// Declaring baseURL variable of String Type
String baseUrl;

@Test
public void testscrollingPage() throws InterruptedException {

// Initializing FireFox Driver
webDriver = new FirefoxDriver();

// Assigning URL to variable 'baseUrl'
baseUrl = "http://not-just-a-tester.blogspot.in/";

// Open the link
webDriver.get(baseUrl);

// Maximize browser window
webDriver.manage().window().maximize();

// Initalize JavaScript Object
JavascriptExecutor jsx = (JavascriptExecutor) webDriver;

// Execute Scroll Page Java Script
jsx.executeScript("window.scrollBy(0,450)", "");

// Wait for 5 seconds
Thread.sleep(5000);

// Execute Scroll Page Java Script
jsx.executeScript("window.scrollBy(0,450)", "");

// Wait for 5 seconds
Thread.sleep(5000);

// Execute Scroll Page Java Script
jsx.executeScript("window.scrollBy(0,450)", "");

// This will close the browser
webDriver.quit();
}

}

Coordinates of a Web Object

Code

https://github.com/iamgauravkhanna/automation-repository-java/blob/master/learning-selenium/src/webdriverScripts/webElements/GetCoordinates.java

Downloading File

package webdriverScripts.others;

import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.firefox.FirefoxDriver;
import org.openqa.selenium.firefox.FirefoxProfile;

public class DownloadFile {

// Declaring variable 'webDriver' of WebDriver Type
WebDriver webDriver;

// Declaring baseURL variable of String Type
String baseUrl;

@Before
public void startUp() throws Exception {

// Creating New Firefox Profile
FirefoxProfile profile = new FirefoxProfile();

//
profile.setPreference("browser.download.folderList", 2);

// Setting the Default Download Location
profile.setPreference("browser.download.dir", "C:\\Code");

// Setting Firefox Preference to accept file with asking
profile.setPreference("browser.helperApps.neverAsk.saveToDisk",
"application/msword,application/x-rar-compressed,application/octet-stream,application/csv,text/csv");

// Initializing FireFox Driver
webDriver = new FirefoxDriver(profile);

// Assigning URL to variable 'baseUrl'
baseUrl = "http://it-ebooks.info/book/1125/";
}

@Test
public void DownloadingFileExample() throws Exception {

// Open the Link
webDriver.get(baseUrl);

// Will click on Download Link
webDriver
.findElement(By
.xpath("//html/body/table/tbody/tr[2]/td/div/table/tbody/tr/td[2]/table/tbody/tr[11]/td[2]/a"))
.click();

}

@After
public void shutDown() throws Exception {

// This will close the browser
webDriver.quit();
}

}

Webdriver Script065 : Picking Date from Calendar

/* Script Summary

 Title  : Webdriver Script065 : Picking Date from Calendar
 Author : QA Masterz
 Actions  :

 1. Set the Base URL to "http://www.redbus.in".
 2. Open the Calendar.
 3. Select the Date
 4. Wait for 5 seconds.

 */

Handling Java Script Alerts

/*
 *
 * @Author : Gaurav Khanna
 * 
 */

package webdriverScripts;

import org.openqa.selenium.Alert;
import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.firefox.FirefoxDriver;
import org.testng.annotations.Test;

public class HandlingJavaScriptAlerts {

    WebDriver webDriver = new FirefoxDriver();

    @Test
    public void testhandlingJavaScriptAlerts() {

        //
        webDriver.get("http://in.rediff.com");

        //
        webDriver.findElement(By.xpath("//*[@id='signin_info']/a[1]")).click();

        //
        webDriver.findElement(By.xpath("//input[@id='btn_login']")).click();

        //
        Alert javascriptAlert = webDriver.switchTo().alert();

        //
        System.out.println(javascriptAlert.getText());

        //
        javascriptAlert.accept();

        //
        javascriptAlert.dismiss();
    }

}

Webdriver Script062 : Opening New Tab

/* Script Summary

 Title  : Webdriver Script062 : Opening New Tab
 Author : QA Masterz
 Actions  :

 1. Set the Base URL to "http://qamasterz.blogspot.in/".
 2. Use Keys to Open New Tab

 */

package com.qamasterz.webdriver.junit;

import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.firefox.FirefoxDriver;
import org.openqa.selenium.Keys;

public class s062_TabbedBrowsing {

    // Declaring variable 'webDriver' of WebDriver Type
    WebDriver webDriver;

    // Declaring baseURL variable of String Type
    String baseUrl;

    @Before
    public void startUp() throws Exception {

        // Initializing FireFox Driver
        webDriver = new FirefoxDriver();

        // Assigning URL to variable 'baseUrl'
        baseUrl = "http://qamasterz.blogspot.in";
    }

    @Test
    public void tests062_TabbedBrowsing() throws Exception {

        // Open the link
        webDriver.get(baseUrl);

        // Maximize browser window
        webDriver.manage().window().maximize();

        // Store the Body Tag
        WebElement body = webDriver.findElement(By.tagName("body"));

        // Press CTRL + T Key for New Tab
        body.sendKeys(Keys.chord(Keys.CONTROL, "t"));

        // Wait for 5 Seconds
        Thread.sleep(5000);
    }

    @After
    public void shutDown() throws Exception {

        // This will close the browser
        webDriver.quit();
    }

}