SlideShare a Scribd company logo

Cookies testing

Download as PPTX, PDF
A
abhi2632

cookie testing

Technology
1 of 13
COOKIE TESTING Prepared By – Abhinav Pal
What is Cookie •A cookie is some small information stored in a text file on the user’s hard drive by a web server •Later used by the web browser to retrieve information from that machine •Instructions for reading and writing cookies are coded by website authors and executed by user browsers
Why are Cookies used •Cookies are nothing but the user’s identity and used to track where the user has navigated throughout the web site pages •The communication between the web browser and the web server is stateless
Applications where cookies can be used •To implement a shopping cart •Personalized sites •User tracking •Marketing •User sessions
How to test cookies •Disabling Cookies 1. This is probably the easiest area of cookie testing 2. Disable all cookies and attempt to use the site’s major features and functions 3. With cookies disabled, our testing job is somewhat reduced
Continued… •Selectively Rejecting Cookies 1. Start by deleting all cookies from our PC 2. Analyze site cookie usage in advance and draw up a test plan 3. Detailing what cookies to reject/accept for each function
Continued… •Corrupting Cookies 1. Altering the data in the persistent cookies 2. Allow the cookie to be modified 3. Selectively deleting cookies
Continued… •Cookies Encryption 1. By using encryption of the cookie data 2. Sensitive information like usernames and passwords should be encrypted before it is sent to our computer 3. A case can certainly be made that certain types of sensitive data – credit card numbers
Test Cases For Cookie Testing •Check if the application is writing cookies properly or not •Test to make sure that no personal or sensitive data is stored in the cookie. If it is there in cookies, it should be in encrypted format •If the application under test is a public website, there should not be overuse of cookies
Continued… •Close all browsers, delete all previously written cookies and disable the cookies from our browser settings •Set browser options to prompt whenever cookie is being stored / saved in your system •Close all browsers windows and manually delete all cookies
Continued… •Edit few cookies manually in notepad or some other editor •Cookies written by one web site should not be accessible by other website •If we are testing an online shopping portal, Check if reaching to our final order summary page deletes the cookie of previous page of shopping cart properly
Conclusion •Cookies shouldn't be put in the same category as the viruses, spam, or spyware •They are the tools to help us and manage our time more efficiently on the web •Testing should be done properly to check that website is working with different cookie setting
Thank You

Recommended

Bug Bounty Programs For The Web
Bug Bounty Programs For The WebBug Bounty Programs For The Web
Bug Bounty Programs For The Web
Michael Coates
 
自宅サーバーの世界へようこそ LT版
自宅サーバーの世界へようこそ LT版自宅サーバーの世界へようこそ LT版
自宅サーバーの世界へようこそ LT版
ProjectDC-01
 
JenkinsとDockerって何が良いの? 〜言うてるオレもわからんわ〜 #jenkinsstudy
JenkinsとDockerって何が良いの? 〜言うてるオレもわからんわ〜 #jenkinsstudyJenkinsとDockerって何が良いの? 〜言うてるオレもわからんわ〜 #jenkinsstudy
JenkinsとDockerって何が良いの? 〜言うてるオレもわからんわ〜 #jenkinsstudy
Kazuhito Miura
 
超絶技巧 Ruby プログラミング - Esoteric, Obfuscated Ruby Programming
超絶技巧 Ruby プログラミング - Esoteric, Obfuscated Ruby Programming超絶技巧 Ruby プログラミング - Esoteric, Obfuscated Ruby Programming
超絶技巧 Ruby プログラミング - Esoteric, Obfuscated Ruby Programming
mametter
 
CloudHubのログバックアップについて
CloudHubのログバックアップについてCloudHubのログバックアップについて
CloudHubのログバックアップについて
MuleSoft Meetup Tokyo
 
Android デバッグ小ネタ
Android デバッグ小ネタAndroid デバッグ小ネタ
Android デバッグ小ネタ
l_b__
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suite
jasonhaddix
 
とある診断員と色々厄介な脆弱性達
とある診断員と色々厄介な脆弱性達とある診断員と色々厄介な脆弱性達
とある診断員と色々厄介な脆弱性達
zaki4649
 

Recommended

Bug Bounty Programs For The Web
Bug Bounty Programs For The WebBug Bounty Programs For The Web
Bug Bounty Programs For The Web
Michael Coates
 
自宅サーバーの世界へようこそ LT版
自宅サーバーの世界へようこそ LT版自宅サーバーの世界へようこそ LT版
自宅サーバーの世界へようこそ LT版
ProjectDC-01
 
JenkinsとDockerって何が良いの? 〜言うてるオレもわからんわ〜 #jenkinsstudy
JenkinsとDockerって何が良いの? 〜言うてるオレもわからんわ〜 #jenkinsstudyJenkinsとDockerって何が良いの? 〜言うてるオレもわからんわ〜 #jenkinsstudy
JenkinsとDockerって何が良いの? 〜言うてるオレもわからんわ〜 #jenkinsstudy
Kazuhito Miura
 
超絶技巧 Ruby プログラミング - Esoteric, Obfuscated Ruby Programming
超絶技巧 Ruby プログラミング - Esoteric, Obfuscated Ruby Programming超絶技巧 Ruby プログラミング - Esoteric, Obfuscated Ruby Programming
超絶技巧 Ruby プログラミング - Esoteric, Obfuscated Ruby Programming
mametter
 
CloudHubのログバックアップについて
CloudHubのログバックアップについてCloudHubのログバックアップについて
CloudHubのログバックアップについて
MuleSoft Meetup Tokyo
 
Android デバッグ小ネタ
Android デバッグ小ネタAndroid デバッグ小ネタ
Android デバッグ小ネタ
l_b__
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suite
jasonhaddix
 
とある診断員と色々厄介な脆弱性達
とある診断員と色々厄介な脆弱性達とある診断員と色々厄介な脆弱性達
とある診断員と色々厄介な脆弱性達
zaki4649
 
OWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISOWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITIS
Null Bhubaneswar
 
Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilities
ebusinessmantra
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentation
Confiz
 
最近のBurp Suiteについて調べてみた
最近のBurp Suiteについて調べてみた最近のBurp Suiteについて調べてみた
最近のBurp Suiteについて調べてみた
zaki4649
 
Hack like a pro with burp suite - nullhyd
Hack like a pro with burp suite - nullhydHack like a pro with burp suite - nullhyd
Hack like a pro with burp suite - nullhyd
n|u - The Open Security Community
 
XSS再入門
XSS再入門XSS再入門
XSS再入門
Hiroshi Tokumaru
 
Web開発者が始める .NET MAUI Blazor App
Web開発者が始める .NET MAUI Blazor AppWeb開発者が始める .NET MAUI Blazor App
Web開発者が始める .NET MAUI Blazor App
TomomitsuKusaba
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
Megha Sahu
 
MAASで管理するBaremetal server
MAASで管理するBaremetal serverMAASで管理するBaremetal server
MAASで管理するBaremetal server
Yuki Yamashita
 
IAM Roles Anywhereのない世界とある世界(2022年のAWSアップデートを振り返ろう ~Season 4~ 発表資料)
IAM Roles Anywhereのない世界とある世界(2022年のAWSアップデートを振り返ろう ~Season 4~ 発表資料)IAM Roles Anywhereのない世界とある世界(2022年のAWSアップデートを振り返ろう ~Season 4~ 発表資料)
IAM Roles Anywhereのない世界とある世界(2022年のAWSアップデートを振り返ろう ~Season 4~ 発表資料)
NTT DATA Technology & Innovation
 
Go言語のスライスを理解しよう
Go言語のスライスを理解しようGo言語のスライスを理解しよう
Go言語のスライスを理解しよう
Yasutaka Kawamoto
 
プロのためのNode-RED再入門
プロのためのNode-RED再入門プロのためのNode-RED再入門
プロのためのNode-RED再入門
Makoto SAKAI
 
GoらしいAPIを求める旅路 (Go Conference 2018 Spring)
GoらしいAPIを求める旅路 (Go Conference 2018 Spring)GoらしいAPIを求める旅路 (Go Conference 2018 Spring)
GoらしいAPIを求める旅路 (Go Conference 2018 Spring)
lestrrat
 
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp ExtensionsCusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
August Detlefsen
 
Burp Suite 2.0触ってみた
Burp Suite 2.0触ってみたBurp Suite 2.0触ってみた
Burp Suite 2.0触ってみた
Yu Iwama
 
Bug bounty
Bug bountyBug bounty
Bug bounty
n|u - The Open Security Community
 
kvm-clock に時間を尋ねるのは 間違っているだろうか
kvm-clock に時間を尋ねるのは 間違っているだろうかkvm-clock に時間を尋ねるのは 間違っているだろうか
kvm-clock に時間を尋ねるのは 間違っているだろうか
Takaaki Fukai
 
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/Min
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/MinAdvanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/Min
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/Min
Masahiro Nagano
 
20220409 AWS BLEA 開発にあたって検討したこと
20220409 AWS BLEA 開発にあたって検討したこと20220409 AWS BLEA 開発にあたって検討したこと
20220409 AWS BLEA 開発にあたって検討したこと
Amazon Web Services Japan
 
ウェブ・セキュリティ基礎試験(徳丸基礎試験)の模擬試験問題
ウェブ・セキュリティ基礎試験(徳丸基礎試験)の模擬試験問題ウェブ・セキュリティ基礎試験(徳丸基礎試験)の模擬試験問題
ウェブ・セキュリティ基礎試験(徳丸基礎試験)の模擬試験問題
Hiroshi Tokumaru
 
Cookies and browser exploits
Cookies and browser exploitsCookies and browser exploits
Cookies and browser exploits
Iftach Ian Amit
 
Cookie testing
Cookie testingCookie testing
Cookie testing
BugRaptors
 

More Related Content

What's hot

Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentation
Confiz
 

What's hot (20)

OWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISOWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITIS
 
Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilities
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentation
 
最近のBurp Suiteについて調べてみた
最近のBurp Suiteについて調べてみた最近のBurp Suiteについて調べてみた
最近のBurp Suiteについて調べてみた
 
Hack like a pro with burp suite - nullhyd
Hack like a pro with burp suite - nullhydHack like a pro with burp suite - nullhyd
Hack like a pro with burp suite - nullhyd
 
XSS再入門
XSS再入門XSS再入門
XSS再入門
 
Web開発者が始める .NET MAUI Blazor App
Web開発者が始める .NET MAUI Blazor AppWeb開発者が始める .NET MAUI Blazor App
Web開発者が始める .NET MAUI Blazor App
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
 
MAASで管理するBaremetal server
MAASで管理するBaremetal serverMAASで管理するBaremetal server
MAASで管理するBaremetal server
 
IAM Roles Anywhereのない世界とある世界(2022年のAWSアップデートを振り返ろう ~Season 4~ 発表資料)
IAM Roles Anywhereのない世界とある世界(2022年のAWSアップデートを振り返ろう ~Season 4~ 発表資料)IAM Roles Anywhereのない世界とある世界(2022年のAWSアップデートを振り返ろう ~Season 4~ 発表資料)
IAM Roles Anywhereのない世界とある世界(2022年のAWSアップデートを振り返ろう ~Season 4~ 発表資料)
 
Go言語のスライスを理解しよう
Go言語のスライスを理解しようGo言語のスライスを理解しよう
Go言語のスライスを理解しよう
 
プロのためのNode-RED再入門
プロのためのNode-RED再入門プロのためのNode-RED再入門
プロのためのNode-RED再入門
 
GoらしいAPIを求める旅路 (Go Conference 2018 Spring)
GoらしいAPIを求める旅路 (Go Conference 2018 Spring)GoらしいAPIを求める旅路 (Go Conference 2018 Spring)
GoらしいAPIを求める旅路 (Go Conference 2018 Spring)
 
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp ExtensionsCusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
 
Burp Suite 2.0触ってみた
Burp Suite 2.0触ってみたBurp Suite 2.0触ってみた
Burp Suite 2.0触ってみた
 
Bug bounty
Bug bountyBug bounty
Bug bounty
 
kvm-clock に時間を尋ねるのは 間違っているだろうか
kvm-clock に時間を尋ねるのは 間違っているだろうかkvm-clock に時間を尋ねるのは 間違っているだろうか
kvm-clock に時間を尋ねるのは 間違っているだろうか
 
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/Min
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/MinAdvanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/Min
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/Min
 
20220409 AWS BLEA 開発にあたって検討したこと
20220409 AWS BLEA 開発にあたって検討したこと20220409 AWS BLEA 開発にあたって検討したこと
20220409 AWS BLEA 開発にあたって検討したこと
 
ウェブ・セキュリティ基礎試験(徳丸基礎試験)の模擬試験問題
ウェブ・セキュリティ基礎試験(徳丸基礎試験)の模擬試験問題ウェブ・セキュリティ基礎試験(徳丸基礎試験)の模擬試験問題
ウェブ・セキュリティ基礎試験(徳丸基礎試験)の模擬試験問題
 

Viewers also liked

Cookies and browser exploits
Cookies and browser exploitsCookies and browser exploits
Cookies and browser exploits
Iftach Ian Amit
 

Viewers also liked (9)

Cookies and browser exploits
Cookies and browser exploitsCookies and browser exploits
Cookies and browser exploits
 
Cookie testing
Cookie testingCookie testing
Cookie testing
 
Electronic computer cookies
Electronic computer cookiesElectronic computer cookies
Electronic computer cookies
 
How Autodesk creates better digital experiences with UserTesting
How Autodesk creates better digital experiences with UserTestingHow Autodesk creates better digital experiences with UserTesting
How Autodesk creates better digital experiences with UserTesting
 
Introduction to Unit Testing with PHPUnit
Introduction to Unit Testing with PHPUnitIntroduction to Unit Testing with PHPUnit
Introduction to Unit Testing with PHPUnit
 
4 Steps Toward Scientific A/B Testing
4 Steps Toward Scientific A/B Testing4 Steps Toward Scientific A/B Testing
4 Steps Toward Scientific A/B Testing
 
Experimental Design
Experimental DesignExperimental Design
Experimental Design
 
Z test
Z testZ test
Z test
 
Ppt on unemployment
Ppt on unemploymentPpt on unemployment
Ppt on unemployment
 

Similar to Cookies testing

Cookies: HTTP state management mechanism
Cookies: HTTP state management mechanismCookies: HTTP state management mechanism
Cookies: HTTP state management mechanism
Jivan Nepali
 
Cookies: best practice September 2012 by Fedelma Good, Barclays
Cookies: best practice September 2012 by Fedelma Good, BarclaysCookies: best practice September 2012 by Fedelma Good, Barclays
Cookies: best practice September 2012 by Fedelma Good, Barclays
theidm_quals
 
Tech4Africa Google Workshop 1
Tech4Africa Google Workshop 1Tech4Africa Google Workshop 1
Tech4Africa Google Workshop 1
Sarah Blake
 

Similar to Cookies testing (20)

COOKIES.pptx
COOKIES.pptxCOOKIES.pptx
COOKIES.pptx
 
A Comprehensive Guide to Cookie Management Using HeadSpin's Cutting-Edge Remo...
A Comprehensive Guide to Cookie Management Using HeadSpin's Cutting-Edge Remo...A Comprehensive Guide to Cookie Management Using HeadSpin's Cutting-Edge Remo...
A Comprehensive Guide to Cookie Management Using HeadSpin's Cutting-Edge Remo...
 
Sessions&cookies
Sessions&cookiesSessions&cookies
Sessions&cookies
 
Enterprise java unit-2_chapter-2
Enterprise java unit-2_chapter-2Enterprise java unit-2_chapter-2
Enterprise java unit-2_chapter-2
 
Cookie Jar
Cookie JarCookie Jar
Cookie Jar
 
Website Cookies
Website CookiesWebsite Cookies
Website Cookies
 
APEX & Cookie Monster
APEX & Cookie MonsterAPEX & Cookie Monster
APEX & Cookie Monster
 
Cookies in servlets.ppt
Cookies in servlets.pptCookies in servlets.ppt
Cookies in servlets.ppt
 
Cookies authentication
Cookies authenticationCookies authentication
Cookies authentication
 
Online Privacy Eric Zhu T5
Online Privacy Eric Zhu T5 Online Privacy Eric Zhu T5
Online Privacy Eric Zhu T5
 
Session and cookies,get and post
Session and cookies,get and postSession and cookies,get and post
Session and cookies,get and post
 
DMA Cookies update
DMA Cookies updateDMA Cookies update
DMA Cookies update
 
State Management.pptx
State Management.pptxState Management.pptx
State Management.pptx
 
Cookies: HTTP state management mechanism
Cookies: HTTP state management mechanismCookies: HTTP state management mechanism
Cookies: HTTP state management mechanism
 
Cookies: A brief Introduction
Cookies: A brief IntroductionCookies: A brief Introduction
Cookies: A brief Introduction
 
Cookies: best practice September 2012 by Fedelma Good, Barclays
Cookies: best practice September 2012 by Fedelma Good, BarclaysCookies: best practice September 2012 by Fedelma Good, Barclays
Cookies: best practice September 2012 by Fedelma Good, Barclays
 
Cookies in php lecture 1
Cookies in php lecture 1Cookies in php lecture 1
Cookies in php lecture 1
 
Tech4Africa Google Workshop 1
Tech4Africa Google Workshop 1Tech4Africa Google Workshop 1
Tech4Africa Google Workshop 1
 
Cookie Policy Verfication Framework
Cookie Policy Verfication FrameworkCookie Policy Verfication Framework
Cookie Policy Verfication Framework
 
Cookies
CookiesCookies
Cookies
 

Recently uploaded

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

Cookies testing

  • 1. COOKIE TESTING Prepared By – Abhinav Pal
  • 2. What is Cookie •A cookie is some small information stored in a text file on the user’s hard drive by a web server •Later used by the web browser to retrieve information from that machine •Instructions for reading and writing cookies are coded by website authors and executed by user browsers
  • 3. Why are Cookies used •Cookies are nothing but the user’s identity and used to track where the user has navigated throughout the web site pages •The communication between the web browser and the web server is stateless
  • 4. Applications where cookies can be used •To implement a shopping cart •Personalized sites •User tracking •Marketing •User sessions
  • 5. How to test cookies •Disabling Cookies 1. This is probably the easiest area of cookie testing 2. Disable all cookies and attempt to use the site’s major features and functions 3. With cookies disabled, our testing job is somewhat reduced
  • 6. Continued… •Selectively Rejecting Cookies 1. Start by deleting all cookies from our PC 2. Analyze site cookie usage in advance and draw up a test plan 3. Detailing what cookies to reject/accept for each function
  • 7. Continued… •Corrupting Cookies 1. Altering the data in the persistent cookies 2. Allow the cookie to be modified 3. Selectively deleting cookies
  • 8. Continued… •Cookies Encryption 1. By using encryption of the cookie data 2. Sensitive information like usernames and passwords should be encrypted before it is sent to our computer 3. A case can certainly be made that certain types of sensitive data – credit card numbers
  • 9. Test Cases For Cookie Testing •Check if the application is writing cookies properly or not •Test to make sure that no personal or sensitive data is stored in the cookie. If it is there in cookies, it should be in encrypted format •If the application under test is a public website, there should not be overuse of cookies
  • 10. Continued… •Close all browsers, delete all previously written cookies and disable the cookies from our browser settings •Set browser options to prompt whenever cookie is being stored / saved in your system •Close all browsers windows and manually delete all cookies
  • 11. Continued… •Edit few cookies manually in notepad or some other editor •Cookies written by one web site should not be accessible by other website •If we are testing an online shopping portal, Check if reaching to our final order summary page deletes the cookie of previous page of shopping cart properly
  • 12. Conclusion •Cookies shouldn't be put in the same category as the viruses, spam, or spyware •They are the tools to help us and manage our time more efficiently on the web •Testing should be done properly to check that website is working with different cookie setting