Quality Testing

Quality is delighting customers

Hi all,

anyone suggest how to test the cache in the browsers (i need this for security testing)

Views: 313

Reply to This

Replies to This Discussion

Caches are expected to execute their operations behind the scenes.If this caching is so essential you need to analyze it, I'd go with an integration or acceptance test.

Hi Mohan

As per my knowledge Cache is store in your local User profile. when you download somthing 1st time and cache is Enable in your coding it will store in your local temp data and when you download same file it will check in your local Temp data if he find then will not check on server side. 

Cache main purpose of only that performance impovement of your product/website any static content which will take some time on UI.

when cacheing is not Unable it is always check on your server side data it tool more time for that.

Ref:-http://www.makeuseof.com/tag/browser-cache-makeuseof-explains/

Thanks,

Priyam

Or do you mean you need to test how web application reacts to browser cache?

First check the headers and see if there's any caching option. With quick check http://www.mnot.net/cache_docs/ that article explains quite well how different headers are working. But at the same time you should check also, that nobody can inject new headers to request. E.g. at many http-header based redirection sites there is possibility to inject new headers. If url is a.com/t.aspx?r=ht tp://google.com/ then a.com/t.aspx?r=ht tp://google.com/%0ANew-header:+somestuff might be possible attack vector.

But you should always remember, that browsers nor proxies do not to honor any cache directive. They still can cache what ever they want to, how ever they want, or just log them for own fun. For that reason there is https, and you should minimize the transmission of sensitive data like passwords and credit card info.

Hi Mohan,

This is srikanth.Are you working as security tester?I want to take the training please give me the details of coaching centers.

Thank you

Technically, the "Back" button is a history and not a cache. 

 The cache and the history are two different entities. However, they share the same weakness of presenting previously displayed sensitive information.


The first and simplest test consists of entering sensitive information into the application and logging out. Then the tester clicks the "Back" button of the browser to check whether previously displayed sensitive information can be accessed whilst unauthenticated.


If by pressing the "Back" button the tester can access previous pages but not access new ones, then it is not an authentication issue, but a browser history issue. If these pages contain sensitive data, it means that the application did not forbid the browser from storing it.


Authentication does not necessarily need to be involved in the testing. For example, when a user enters their email address in order to sign up to a newsletter, this information could be retrievable if not properly handled.


The "Back" button can be stopped from showing sensitive data. This can be done by:

  • Delivering the page over HTTPS.
  • Setting Cache-Control: must-re-validate

RSS

TTWT Magazine


Advertisement

Advertisement

Advertisement

Advertisement

© 2021   Created by Quality Testing.   Powered by

Badges  |  Report an Issue  |  Terms of Service