Category Archives: security

What is up with Error Codes for HTTP Methods

Photo by Vie Studio on Pexels.com

Hello Debug Ducker here, and I have a question. I am sure you are familiar with a 404 error code, as you may have run into it while surfing the web. 404 Not Found means that the server on the other end couldn’t find what it was looking for, and this is cause the URL is not recognized. This can happen when the webpage is no longer available and you tried connecting to it. 404 is quite the common error, that I believe many have seen at least once but would you be able to tell me what other errors you may have encountered in the web, there is quite a few and some obscures ones you may have never seen.

Perhaps you also wondered why 404 is even an error number, why the number is the way it is, why use those specific numbers. Well you see 4xx is specifically for client errors, which means they are errors on your end and not the server. If a server would to have an error than it would use 5xx instead. For example, there is the 500 error code that is an internal server error which just means something messed up in the server and sent you that as a response. Basically each response code are in different categories, with the error categories coming entirely from 4xx and 5xx.

Now here are ones you know and some obscure ones

400: Bad Request, as in the server could not process the request, either because of a syntax error such as misspelling something

402: Payment Required, says what is on the tin you need to pay, not often used

409: Conflict, the request conflicts with something within the server

414: The URI too long, the URI is long and the server is not willing to handle it

418: I’m a teapot…yeah I don’t understand this one, and yes this is real

There are many of these errors code for 4xx and I would recommend you check it out with the link below.

There are also some 500 server errors, that are interesting such as

501: Not Implemented, as in the request has not been implemented, so exactly what it says

503: Service is Unavailable, just means the server are down.

And Many More.

Thre are a fascinating amount of error codes for some interesting stuff and I reccomend you see a bunch in the link below.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

Anyway have a nice error free day day.

MozDevNet. “HTTP Response Status Codes – HTTP: MDN.” MDN Web Docs, developer.mozilla.org/en-US/docs/Web/HTTP/Status.

“HTTP Status Codes: All 63 Explained – Including FAQ & Video.” Umbraco, umbraco.com/knowledge-base/http-status-codes/#http-status-code-categories.

From the blog CS@Worcester – Debug Duck by debugducker and used with permission of the author. All other rights reserved by the author.

Static Testing vs. Dynamic Testing

Testing in software development is important because it helps to deliver efficient and user friendly products to the end user. It also provides the developers with a chance to improve upon the product. Static and Dynamic testing are two important techniques used in software development.

Static Testing

Static Testing has various names like Verification Testing, Non-execution Testing, etc. This testing technique is used to identify defects in software without actually executing the code. This method usually includes manual and automated evaluation of the software and the code. Developers use this method usually in the beginning stages of the development process to catch issues early on, which will also lead to be easier and cheap to fix. This method focuses on reviewing the test cases, test scripts, test plans, and source code.

Static Testing Techniques

1.) Informal Reviews: Developers review each of the documents and give feedback

2.) Walkthroughs: Someone presents the product to the team and someone else takes notes.

3.) Technical Reviews / Code Reviews: review the technical specifications and the source code to make sure everything meets the requirements and standards.

4.) Inspection: Check for defects. Developers usually review the process with a checklist to help identify and record for defects.

Dynamic Testing

Dynamic Testing is a technique that analyzes the dynamic behavior of the code by actually executing it. This method makes sure to check that the software functions correctly and that there are no underlying issues / conditions. Sometimes developers use this method in conjunction with black box or white box testing to provide more realistic results.

Dynamic Testing Techniques

1.) White Box Testing: Examines the internal code structure. You need to actually have the internal code (source code)

2.) Black Box Testing: Checks the functionality without the actual internal code (source code) .

Benefits of both Static Testing and Dynamic Testing

1.) Early detection of defects

2.) Cost efficient

3.) Showcases runtime errors

4.) Reliability

Why I picked this Resource

I chose the article “Static Testing vs. Dynamic Testing” because this article gave me a more detailed and in depth look between two very important testing methods that are currently being used in todays society. It is very important to understand these two testing methods in the software development process because they can deliver efficient and user friendly products to the end user. This article also aligns with what we have learned in the course, making it relevant to talk about and to understand.

Personal Reflection

This article deepened my understanding of static and dynamic testing. I was able to learn a lot about these two testing methods that I did not know, even the many benefits that each method has. Knowing how crucial these two methods are in the software development process and what I know now, this knowledge will help me on my future endeavors when approaching new projects in regards to testing .

The full article is here: https://www.geeksforgeeks.org/difference-between-static-and-dynamic-testing/

From the blog CS@Worcester – In's and Out's of Software Testing by Jaylon Brodie and used with permission of the author. All other rights reserved by the author.

Security Testing

In software development security testing is very important to making sure applications are strong enough against cyber attacks. Security testing encompasses a variety of practices like, application security testing, and penetration testing.

Overview of Security testing

For this blog post, I chose the article ” Security Testing from Bright Security. The article provides a lot of insight on security testing, it’s goal, benefits of security testing, key principles, and the different types of security testing.

1.) Goals: The article showcases the main goals of security testing, which are realizing what assess needs protection, identifying the potential threats and vulnerabilities, evaluate the risks that come with the vulnerabilities.

2.) Key Principles: The article covers the main key principles of security testing, which are availability, integrity, authentication, and authorization. These principles make sure that important/sensitive information is accessed only by authorized users, and that it remains accurate and trustworthy.

3.) Different types of Security Testing:

. Penetration Testing: This security testing method replicates real world cyber attacks to test the effectiveness of already existing security measures.

. Application Security Testing: This security testing method finds and eliminates the vulnerabilities within software applications.

. Web Application Security Testing: This security testing methods test different techniques that gauges the vulnerability of web applications.

. Security Audits and risks Assessment: This is a test method that checks to make sure that everything is structured properly and in compliance with the rules/standards.

4.) Benefits of Security Testing:

. Early Detection of Vulnerabilities: Security testing allows for the early recognition of potential security issues, reducing the risk of exposure.

. Risk Management: When the vulnerabilities are identified, then we can create solutions to solve the risks of a cyber attack or data leak.

. Trust and Cost Efficient: Early detection of risks and vulnerabilities will not only enhance the rust of customers but it will significantly reduce the cost of a data breach and various fines.

Why I picked this Resource

I picked this resource because it provided a comprehensive and detailed overview of Security Testing. This Article had a lot of similarities with the topics that we covered in our course. Also, the article makes it easier to understand the nature of security testing and various practices and principles associated with it.

Personal Reflection

Reading this article expanded my understanding of security testing beyond what we learned in class. I learned how important it is to just about everything related to technology. Identifying threats, risks, and vulnerabilities and how each of these things come together to reduce cyber attacks. One thing that I can takeaway from this is learning about the various types of Security Testing and each one does something different, but all have a similar goal.

In my future endeavors, I plan on using what I have learned about these Security Testing principles by implementing them on future projects. This new found knowledge will help me to make better decisions in the future.

The full Article is here:
https://brightsec.com/blog/security-testing/

From the blog CS@Worcester – In's and Out's of Software Testing by Jaylon Brodie and used with permission of the author. All other rights reserved by the author.