I am testing one Desktop based client server application. I want to perform a Security test of that application.
Can anybody explain me which points i can consider while performing Security Test of the Desktop application?
Testing of desktop application is easier than web application as there are less users than web applications.
Followings are two important point that you need to keep in mind during security testing of desktop application
• Test user’s rights and roles-authorized person should allow to login
• Test security of data or information stored in application.
Security testing on Desktop application is not that much easy task, in market we can't find the proper free tools like web application tools
for java based desktop application use JavaSnoop tool and proxy tool
for .Net based desktop application use echo-mirage and proxy tools
the test cases are quite simple
1. System testing: verification of registries, files and logs
2. Static testing: de-compile the files and do code-review, Gendarme tool is perfect
- do memory dump analysis
3. Dynamic testing: verify the communication
i hope this will help you
Related
I am in a development team which have just about finished developing a system for a client which involves a MVC4 Web, a WCF service platform and a Windows Store App which communicates with the web that the service.
We are running Continuous Integration practices for the Web & Service solutions which include automated deployment to dev, test, acctest and production environments. Building, testing, configuring and deploying to production is one click and five minutes away.
The one huge pitfall that we've had in this project was the fact that we chose to develop the app as a Windows Store App without investigating deployment possibilities which do not involve publishing the application to Windows Store. This is a process called sideloading, and i will not go deep into the technical requirements which Microsoft impends to enable this.
Our client will be using the application on 20~ Surface Pro tablets, and we are investigating into an automated release/deploy process for the application. As of this moment, we are using OneDrive to manage build artifacts and let the customer IT admin download the artifact from there to manually install the app on all clients. In the future, however, it is very possible that the organization who ordered the system will deploy this worldwide and there will be a requirement to deploy the application to hundreds, if not thousands of clients.
We spent entire weeks investigating whether Windows Intune can be a good platform for automated deployment of the application. If an organization installs the Intune platform, it's clients get the Company Portal which is like a private Store, where we could upload the app and updates to it in the future. There was, however, one big minus with the Company Portal - it has NO update management for Store Apps. That is, releasing a new version of our application to the Company Portal does not work like releasing a patch or update of your app to the Windows Store - there's no notification that there is a new version, and the application does not update itself. It's basically a new application that needs to be downloaded and installed after the previous version has been uninstalled.
Has anyone developed Windows Store Line-Of-Business applications which you had to sideload to multiple clients, and if so - which solution did you choose for update/patch management?
I am experiencing the exact same problem. Intune is indeed limited and too complex for many scenarios at the same time. Another option to "deploy" LOB Windows Store apps is described here: http://msdn.microsoft.com/en-us/library/windows/apps/jj657971.aspx. This covers the well known powershell deployment which is not very practical.
However, I have found an early stage, unofficial POC project on codeplex which I am currently investigating. You might want to take look at this: https://bootybay.codeplex.com/
I have used LoadRunner a long time ago for web applications, now i wonder if i can use it for desktop application automation. Is it possible ? Can someone link to any guide or examples?
Thanks in advance.
LoadRunner is a tool for performance testing. Usually you want to test the performance of some server that serves several clients via some form of communication. This can work for both web and desktop (and mobile) applications.
I think what you are looking for is a functional testing tool - a tool that can use the application in an automatic way instead of the user. There is a complementary product called UFT (previously QTP) that does exactly that!
UFT - http://www8.hp.com/us/en/software-solutions/software.html?compURI=1172957#.UUlnERxTDRM
LoadRunner can test web and non web client-server applications for performance. Load all of the sample applications and you will find flight samples for Web, for database, for Winsock, for DCOM, etc... You can look to the VUGEN manuals and find all sorts of non-web based client-server protocols for use by thick client applications.
I have a Small ERP Financial Software developed in VB.Net and SQL Server consisting on modules
HRM, Accounts, General Ledger etc.
Now i want to run some module on web but Creating all application in asp.net or other web tools is too much time taking.
Is There any way to run this Desktop application on web espacially in Web Browsers. ?
Any Help.
If you don't want to re-write your application you could have a look at Go Global.
I can't vouch for it as I have personally never used it, but I know of people who have.
I have tested that for a proof of concept on the past and it runs great. Called .net zero deployment, you can look it up. The only concern is off you need database access, remember that you are paying through the port 80, so a need for a web service to access database call may be needed. Not sure of I have still the code trial, but I can look.
I'm in the process of providing a Web UI as an alternative to our current desktop UI for our C/S enterprise application.
When developing the client-side in our desktop version, UI developers could connect to any server so they only needed the client-side environment.
When developing a Web UI (Client-side JavaScript in the browser), we are bound by the browser's "Same origin policy" so the UI must talk to the same server from which the UI code is downloaded.
As far as I see it till now, the development scenario for the UI guys is:
Developer installs server on local
machine and runs it.
Developer edits the HTML+JS+CSS files on local installation.
Developer has to reinstall/update server on local machine each time there's a need to test UI code against new server behaviour.
This does not seem too comfortable, at least compared to our previous C/S style development.
Are there any other ways you can suggest to that will not require UI developers from installing and updating server side components on their development machine ?
Or anything else related that can simplify the development process ?
Thanks :-)
Editing in some clarifications:
I'm mostly interested in the aspects of UI coding, not UI design.
I need a lot of server interaction - getting data from RESTful web services, which are developed in parrallel - hence the need to have an up-to-date server
You haven't specified the development platform.
As far as pure HTML/JS/CSS is concerned, you don't need a server. The UI developer can fine tune UI components locally.
The moment you want to talk/integrate to Server (via AJAX, JSP, ASP...) then you need to connect a development server as now your changes have to be served by Server.
Most of UI fine tuning can also be done from Firebug
In our office when changes to styling are required we save the page as a local copy and send it to the UI designer, he makes his changes and we integrate them. So the UI designer don't have to maintain a development environment.
JSONP lets you work around the same-origin problem (with server support) -- check it out! If the front-end-in-the-browser developers are using a good framework suc as jQuery or (my favorite) Dojo, JSONP should be no harder for them than plain JSON.
Develop on a shared server, but depending on the size of the team.. that's challeging with respect to version control.
Or deploy automatically generated virtual machines with nightly builds, so the devs don't have to install, but always use a recent version.
In the case of UI developers depending on a common REST server, the UI development can be done on the local machine and the REST service should be on a central server. When changes are made to the REST service these should be deployed to the central server (when stable), so all developers can use the newest version (this also helps with testdata).
You could try using a proxy on the developer's machine where some paths redirect to the server and some paths redirect to local folders.
Hmm, I actually didn't really get any information on what kind of technology you're using. If - with UI Developers - you mean designers, which have to take care about the CSS, layout etc, then we do it the same as lud0h said. We (developers) send the UI designers a copy of the server-side produced HTML pages. They then edit the HTML pages according to accessibility guidelines, CSS and layout and send us back the outcome of their work. We use their HTML pages then for integrating them in our web applications.
If you don't just mean tuning CSS, but also to write JavaScript / Ajax functionality you HAVE to use a server with which you're communicating. As you said, normally this is done by having a local environment which is similar to the server-one. In .Net Visual Studio '08 provides an internal webserver, alternatively you have to install IIS locally. In Java environments you have to install Tomcat and related technologies. In my eyes this is a must. What you have to have is
Versioning system (CVS, SVN,...) where developers commit regularly (minutes/hours)
local environments where developers checkout the source from the repository and develop
Test server where you deploy on a daily basis (could be like daily builds) in order to test your running product
I guess this should be what a professional development environment should consist of. The difference to C/S application development is that web UI and web-client code are not that separable as a Client UI in C/S environment from the server-side. Unless you develop with technologies like GWT or Silverlight which are quite similar to C/S, just running inside the browser, but communicating over RPC calls or web services.
//Edit:
What I nearly forgot. Don't do something like developing on the server directly, meaning that all of the developers access the server's filesystem where the code, UI etc. lies!!
You can use CORS. a new technique just like Ajax, but with ability to make calls on other domains. so you will need only one UI on one server. think this can help you.
What method would you use for testing a new version of a ClickOnce application (side by side with the current version) amongst multiple users? Are there any best practices (especially as the applications depend on different servers for the live/test versions of SQL / web services etc).
We use internal DNS to set up http://application.ourdomain.test sites to test web based applications. It's obvious from the address bar that you're logged into a test site and it's just a change to the connection string to force that deployment to connect to our test SQL server. Is there any way to approximate this?
For ClickOnce deployment testing, we set up a few virtual machines and have testers connect using remote desktop. The VM desktop backgrounds are an ugly color and say "TESTING" in big bold red letters.
Also, all of our applications display a warning message if the user is about to connect to anything but the production database.
I came across this link text this afternoon, which seems to offer a way of doing it - you have to use different certificates to sign the manifests. I vary the Suite Name in the Publish Options dialog to create different menus.