How to test a Web site by driving Konqueror thru its equivalent of Automation?
Phlip
phlipcpp at yahoo.com
Mon Jun 21 17:40:35 BST 2004
Koos Vriezen wrote:
> I'm sorry to fool around with your question and
> trying to mislead you to
> put an attack on a public site in your book. No, it
> was in no way just
> an example to get you going.
Mr. K, I never said you did wrong. You already have a
citation in my book. (I just changed the sample code
without testing it. In a book on testing, that's fishy
too, but at least I confessed it here.)
"vent" means "screaming for no reason"; everything
inside <vent> tags is frivolous.
I have a fine-tuned irony detector, and this situation
sent it bonkers. I will describe it again.
The last Case Study in my book could be called "How to
fuck public Web sites with insufficient security up".
Because that's what you must do when you automate user
responses to the HTTP protocol. For example, a certain
very famous Web site, by a noted industry leader with
a beard, recently got "attacked" by some skript kiddie
who wrote spam all over it.
My book shows skript kiddies and those even stupider,
all over the world, how to do that, using tools which
are increasingly popular, supported, and documented.
Come to think of it, I should put in a note about
security, and how tests must disable them.
I vented because I couldn't test the script as
responsibly as you did. Showing how to write a
username onto a public site, then mailing the result
around, is a completely correct way for recipients to
test the script and get the same result. I vented
because I could not, just as responsibly, test the
script on a private Web site that the book
demonstrates. And the ultimate irony is I could not
test a script that attacks public Web sites because
Mandrake, to avoid bankruptcy, illegally secured their
Web site!!!
In conclusion, just as the wonderful program SATAN
teaches us, testing is the same as attacking. Caveat lector.
=====
Phlip
http://industrialxp.org/community/bin/view/Main/TestFirstUserInterfaces
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail
More information about the kfm-devel
mailing list