What is HTTP Strict Transport Security

This is a web security policy cracy where by a web server declares that the complying of users’ agents is to interact with it using only secure HTTPS connections.

HSTS Policy is communicated through the server to the user’s agent through a HTTP response headers fields named "Strict-Transport-Security". HSTS Policy specifies the period of time during which the user’s agent shall approach the server in a secure only manner.

HSTS mechanisms:

Servers implement an HSTS policy through supplying the header over HTTPS connections.

1. An automatically turn any in-secure links referencing the web application into secure links.

2. If the security of the connections can’t be ensured, show an error message or do not allow the user’s to access the web application.

Limitations:

The first request remains un-protected from active attacks, if it uses an in-secure protocol such as plain HTTP and if the URL for the starting request was obtained over an in-secure channel. The same as applies to the initial request after the process period specified in advertised the HSTS Policy max-age. Google Chrome or Mozilla Firefox addresses this limitation through implementing a "STS pre-loaded list", which is a list of that contains known sites supporting to the HSTS. A probable solution might be achieved through using Data Name Source (DNS) record to declare the HSTS Policy, & accessing them securely by DNSSEC, optionally with certificate of finger prints to ensure legality.

What is DNSSEC?

The full form of the “Domain Name System Security Extensions “and it is a page, and it is about the various possible meanings of abbreviation, acronym, short hand and slang term: “DNSSEC”.

To test by manually, access the web site through typing of any web site URL

“http://abc.com” in URL bar of the browser. If you are capable to access the web site over http then “HSTS” is not enabled. When this feature is enabled in browser always communicate with server over HTTPS.

This can be tested using CURL.

1. Download from internet and installs the CURL in you PC.

2. Open the “Run command” prompt window as administrator.

3. Executes the command.

“Strict-Transport-Security: max-age=xxxxxx” header will be present if HSTS is enabled.

Comments

Steps To Hunt the Bugs Successfully

The testers should catch the bugs in software that they’re testing. Testers should try to catch as several vital bugs as soon as possible. Catching the crucial bug earlier on Product-Life-Cycle can save the Projects from financial losses & mitigate the risks as compared for catching the same at a later stage in SDLC. Steps to hunt the bugs: Sometimes it’s useful to break the rules: The following test cases, which were predefined a tester can miss the bugs so it makes it impossible’s to provide the product i.e. 100 percent bug free. If you-follow pre-determined test cases you risks becoming blind to outside the bugs. A first secret is to check the functionality under the test. It’ll be an effective channel to discover the more bugs, because functionality is not generally covered by the test cases. Examine the patterns: You might have noticed that the bugs can be often met in the groups, one can call them-gregarious. The testing a new but the similar functionality...

Cross browser testing Tools

Cross Browser testing It is a process to test the web apps across multiple browsers. It involves the checking compatibility of the app across multiple web browsers & ensures that your web app’s works correctly across different web browsers. Tools for Cross Browser Testing Browser shots: The browser shots might be most exhaustive cross browser-testing tool that exists. Browser Shots includes all of most popular-browsers, like Firefox, Chrome, & Safari, along with the tons of another browser’s that might sound unfamiliar, like Sea Monkey, Flock, & Iceape. You can adjust the resolution, color-settings, & even Flash and JavaScript settings. Cross Browser Testing: It allows users to test their websites with over the hundred resolution or browser and Operating System combinations. This also has support to mobile web-browsers, which is crucial because the web traffic is making shift from the primarily desktop computer users to primarily mobile ...

Mobile Application Testing: Strategy for Development

There are a huge number of demands and lots of competitions in the mobile application industries. In that demands and competitions, the mobile application testing has become more important. The testing phase of the mobile application testing looks like evil between the creative process and excitement of new products in the market. According to the survey, “In US, on an average 2-3 hours per day people spends their time on smartphones and tablets. On that time, they spent 80% on mobile application and remaining 20% on web applications.” Few list of key factors for successful mobile application testing strategies are: Selection of Device for Testing : Before introducing the mobile application test activities, first select the devices for testing the application. Selection decision is very important because only devices can help to targets maximum numbers of the customers for accessing the application. There are two parts for device selection: § Device Model ...

Precise -Blog

Search This Blog