Skip to main content

What is Enumerate Infrastructure and Application Admin Interfaces and How to Test

By
Administrator’s interfaces may be present in the application and on the application servers to allow few users to start privileged activities on the site. Tests should be start work to reveal if or how this privileged functionality that can be accessed through an un-authorized and standard user.
Applications may need an administrator interface to enables a privileged user to access functionality that may develop changes to, how the site functions? Such changes may involve:

1.       User account purveying
2.       Site design or layout
3.       Data fetch
4.       Configuration changes

Admin Interface completes any of the following tasks:

1.       Create or configure groups.
2.       Handle basic software configurations.
3.       Create or manage new forest.
4.       Create or manage databases.
5.       Backup or restore forest content.
6.       Create & manage security configurations.
7.       Configure namespaces & schemas.
8.       Tune system execution.
9.       Check the status of resources on your systems.

Accessing Admin Interface:

Only authorized administrator can log in the Admin Interface. An authorized administrator is a user who has the play admin role. Official administrators have the access to all administrative actions in Mark Logic Server; therefore official administrators are trusted on personnel & are assumed to be no hostile, appropriately trained, or follow proper administrative mechanics.

How to Test:

Gray Box Testing:

More detailed examinations of the server or application components should be undertaken to ensure hardening or where applicable, verification that each constituents do not use default credentials and configurations.
Source codes should be re-viewed to ensure that the authorization or authentication model insures clear separation of responsibilities between normal users & site administrators.
Users interface functions shared between normal & administrator users should be re-viewed to insure clear separation between the drawing of such elements & information drip from the shared functionality.

Black Box Testing:

The following sections describe vectors that may be used to test for the impendence of administrative interfaces.
1.       There are several tools available to perform beast forcing of server contents.
2.       Comments or links in source code. Many web sites use common code i.e. loaded for every site users.
3.       Directory & file enumeration. An administrative interface may be current but not visibly existent to the tester.
4.       Publicly available data. Many of applications such as word press have default admin interfaces.

5.       A GET & POST parameter and a cookie variable may be expected to enables the administrator’s functionality.
Labels:

Comments

Post a Comment

Popular posts from this blog

Steps To Hunt the Bugs Successfully

By
The testers should catch the bugs in software that they’re testing. Testers should try to catch as several vital bugs as soon as possible. Catching the crucial bug earlier on Product-Life-Cycle can save the Projects from financial losses & mitigate the risks as compared for catching the same at a later stage in SDLC. Steps to hunt the bugs: Sometimes it’s useful to break the rules: The following test cases, which were predefined a tester can miss the bugs so it makes it impossible’s to provide the product i.e. 100 percent bug free. If you-follow pre-determined test cases you risks becoming blind to outside the bugs. A first secret is to check the functionality under the test. It’ll be an effective channel to discover the more bugs, because functionality is not generally covered by the test cases. Examine the patterns: You might have noticed that the bugs can be often met in the groups, one can call them-gregarious. The testing a new but the similar functionality...
Post a Comment
Read more

Cross browser testing Tools

By
Cross Browser testing It is a process to test the web apps across multiple browsers. It involves the checking compatibility of the app across multiple web browsers & ensures that your web app’s works correctly across different web browsers. Tools for Cross Browser Testing Browser shots: The browser shots might be most exhaustive cross browser-testing tool that exists. Browser Shots includes all of most popular-browsers, like Firefox, Chrome, & Safari, along with the tons of another browser’s that might sound unfamiliar, like Sea Monkey, Flock, & Iceape. You can adjust the resolution, color-settings, & even Flash and JavaScript settings. Cross Browser Testing: It allows users to test their websites with over the hundred resolution or browser and Operating System combinations. This also has support to mobile web-browsers, which is crucial because the web traffic is making shift from the primarily desktop computer users to primarily mobile ...
Post a Comment
Read more

Mobile Application Testing: Strategy for Development

By
There are a huge number of demands and lots of competitions in the mobile application industries. In that demands and competitions, the mobile application testing has become more important. The testing phase of the mobile application testing looks like evil between the creative process and excitement of new products in the market. According to the survey, “In US, on an average 2-3 hours per day people spends their time on smartphones and tablets. On that time, they spent 80% on mobile application and remaining 20% on web applications.” Few list of key factors for successful mobile application testing strategies are: Selection of Device for Testing : Before introducing the mobile application test activities, first select the devices for testing the application. Selection decision is very important because only devices can help to targets maximum numbers of the customers for accessing the application. There are two parts for device selection: §   Device Model ...
Post a Comment
Read more