Security Testing

With the onset of the digital age, a few clicks have replaced many day to day activities -like going to a bank for transferring funds or going to a store to buy a dress or going to a cinema hall to buy tickets for your favorite blockbuster movie. All these can now be accomplished with a single click on a plethora of devices.

To stay in the game, businesses have to move into the digital world. With this arises the need to make sure that their web applications, e-commerce sites, banking applications are safe, secure and not vulnerable to being attacked by hackers friendly or otherwise.

Security testing plays a key role here; by helping an organization to identify vulnerabilities to any kind of security attacks. Thereafter corrective measures can be taken to address the gaps in security. Security testing is a type of testing to check whether an information system protects data from outsiders, unwanted intruders and maintains functionality as it was intended. Basic aspects that a system must comply and adhere to are:

  • Authentication: Only valid users are allowed to enter/log in the system.
  • Authorization: Only valid users are able to access the content or information they are trying to access.

For example – In a company; employee, manager, the administrator will have different access rights based on their role.

  • Availability: The software application should always be running so that information and services are available whenever needed.
  • Confidentiality: Here information and services are only shown when requested and that too only to the intended users.For example, employees financial information will be available only to the concerned finance team/head not everyone.
  • Integrity: This means that information is right and up to date.In Security Testing the Tester must design tests to cover all the above-mentioned aspects.

Types of Security Testing

  • Vulnerability scanning: Here the entire system under test is scanned to find loopholes and vulnerable signatures.
  • Penetration testing: Here the tester has to think like a hacker to destroy the system and is a sort of simulated hacker attack on the system from the outside
  • Ethical hacking: Attacking the system from within to find out security flaws is Ethical hacking.

Process Steps

  • Risk assessment: All the above tests are conducted and the flaws and vulnerabilities are identified. These risks are then classified as High, Medium and Low depending on certain aspects.
  • Fix the Issues: The issues are studied in detail and then fixed by the development team with high-Risk items given a higher priority.
  • Security Review: The entire cycle of testing and assessment is repeated. The frequency is determined by the organization based on the type of business and their perceived vulnerability to attacks. There is also a periodic review to check whether the security standards have been implemented properly. With the increased sophistication of hacker attacks, it is essential that security standards are upgraded to deal with the latest threats.

What do Security Testers need to test?

Some very basic guidelines in ensuring whether an application is secured or not are:

  • Passwords are always in encrypted form.
  • Browser back-forward buttons do not break the secure login process.
  • An unauthorized user is not able to access pages he is not authorized for. Sessions should time out after a specific time when a user is not active.
  • Invalid content should not get uploaded and should be disallowed.
  • Test with random data which is included in requests.
  • Test using random data which is included as parameters.
  • Test using encoded random data included as parameters.

Website Security Testing tools in the market:

There are a variety of security testing tools available in the market. A few of these are listed as below:

  • Vega
  • ZAP (ZED Attack Proxy)
  • Wapiti
  • BeEF (Browser Exploitation Framework)
  • Google Nogotofail
  • NTOSpider
  • Brakeman
  • SiteDigger
  • NMap (Network Mapper)
  • OWASP (Open Web Application Security Project)

Security testing must be started at an early stage to minimize defects and costs of maintaining the quality. It is a good practice to understand the security requirements for an application at the time of requirement gathering, this ensures that quality and security of the end product will be appropriate to the business need.

Security should be an integral part of the software application and is an important factor in winning customers trust and confidence.

MetaSys Software offers web application development using secured and robust technologies like.NET, PHP MySQL and/or FileMaker. If you are looking for any consultation on these technologies? Then please feel free to contact us.




Agile Testing

Agile testing is a software testing process that follows the Agile methodology and the Scrum framework.

Agile methodology is a lightweight and effective development method.  Scrum is a Framework that supports it.  The main focus is on quick response to the customer requests or wish lists and an iterative method for application development and testing. Work is completed and reviewed in a set period of time which is called as ‘Sprint’. All iterations are of the same duration. At the end of each iteration, a working feature of the product is delivered to the customer.

How agile methodology in software development works:

  1. All requirements are in the form of a feature list and are added to the Product Backlog. The feature list is described in the form of a user story.
  2. The backlog list is prioritized and each user story is estimated.
  3. Based on the team size, sprint duration and complexity of the user story, a set of features is selected for each Sprint.
  4. Individual tasks are distributed among developers involved in the sprint.
  5. Development and Testing are carried out for all features selected in the sprint.
  6. A daily scrum meeting is conducted by the scrum master whose job it is to keep the team focused on the goal. Active participation from each individual of the scrum team is required. The meeting agenda is restricted to what was done yesterday and what you plan to do today and whether there are any known obstacles or risks.
  7. At the end of the sprint, a working feature of the product is delivered to the customer and immediate feedback from the customer is captured.

The role of Agile Testing Team:

  • In Agile testing, testing starts as soon as sprint development is done. The customer or product owner is involved with the progress of the software development. The whole team approach is to deliver a set of features which meets the customers’ current needs. The entire team works at the same workplace to allow for active collaboration. Throughout the sprint, the tester closely works with every team member and product owner to ensure better product quality and functioning. Team Interaction and active participation of each individual play an important role in Agile testing.

Why should one follow Agile testing methodology?

  • Testing starts at an early stage in the software development and features are tested within each Sprint improving quality of the product.
  • Defects are identified and either handled within the same sprint or added to the product backlog –to be taken care of by developers in the upcoming iterations while working on similar/relevant features.
  • Since defects are identified early in the development process, it reduces defect cost
  • Regular customer feedback increases the morale of the team and helps in improving the quality of the upcoming sprint work.
  • Priority features can be delivered early so that the customer does not have to wait too long. Low priority tasks can be completed later on. There is a flexibility to change scope/story points of the sprint based on the changes in customer requirements.
  • More focus on working software and Less focus on documentation.

MetaSys Software is a software services company with offices in Mumbai, India and Toronto Canada. Our team has experience in different development methodologies but we mainly prefer the agile approach to delivery. For more details on our products and services please free to contact us.


PHP MYSQL: Web application development

Two decades ago, ‘PHP’ started out as a small open source project and today has evolved into a major scripting language. ‘PHP MySQL’ is now widely used for developing complex web applications. Here are some of the major advantages of using the PHP platform:

  • Easy to develop websites with interactive dynamic content as well as user friendly.
  • PHP is fairly easy to learn and with PHP Model View Controller (MVC) framework is now available to develop, manage and maintain complex web applications.
  • LAMP, XAMPP are some of the better options to deploy the applications quickly & cost effectively.
  • PHP is compatible with all major web server platforms and web browsers.
  • PHP website development software can be easily embedded into an HTML file.

MetaSys Software has experienced PHP, MySQL developers who can help you with your requirements. Customers expect speed and often bounce rate goes up when websites load slowly. This can be effectively handled by experienced PHP developers at MetaSys. Our developers also use the  CakePHP Framework which speeds up the development process.

At MetaSys we offer PHP based web application development using MySQL and/or FileMaker as backend for multi-tier architectural solution. With FileMaker PHP API it is quick to extend existing FileMaker solution to web . A PHP MySQL being completely open source is a cost effective combination and allows you to develop a solution customized to your business needs.

Are looking for any consultation on these technologies? Feel free to contact us.


A Handy Reference of What’s New What’s Changed and What’s Gone in Bootstrap 4

Bootstrap is the most popular open source client-side web design framework used for creating web applications and websites. In the last four years, Bootstrap released three versions and from time to time upgrading with the new course of web components for better usability. On its fourth anniversary, 19th Aug. 2015, Bootstrap announced the release of version 4 alpha release and on 27th Jul. 2016, Bootstrap 4 alpha 3 was released. There are many changes and improvements in the new version of Bootstrap.

New Features

  • Brand New Bootstrap Cards
    Cards have been introduced to unify some of the previous elements such as panels, wells, and thumbnails. It is an extensible and flexible content container. It includes options for a wide variety of content, headers and footers, powerful display options, and contextual background colors. Cards are more flexible and allow a bigger space for creative implements.
  • Opt-in Flexbox Support
    In the newer version of Bootstrap you can  take advantage of CSS3’s Flexbox Layout. Flexbox layouts are adaptable and can be well utilized in the responsive design. It presents an elastic container which fills the available space either by expanding or shrinking itself to the most proficient way.
    IE 9 users, please note that Flexbox does not support version 9. Hence the default version of Bootstrap 4 uses float and display CSS properties for the implementation of a fluid layout.
  •  Relative CSS Units
    As a significant move to streamline the CSS -Bootstrap 4 dropped support for IE8 browser. The new release uses REMs and EMs which enables implementation of responsive typography on Bootstrap sites. It also improves readability and improvement in accessibility for physically challenged users.
  • Handy Utilities
    Various useful helper classes have been added such as margin and padding, and text helpers. Also, there are responsive and contextual colors helper classes to hide content on particular breakpoints.

Significant Changes

  • Improved Grid System
    Bootstrap’s fluid grid system allows programmers to focus various devices having different viewports. At present Bootstrap 3.x grid system offers 4 classes to define different size columns. Bootstrap 4 improves the fluid grid mechanism with a 5th one which facilitates programmers to aim for small devices having a viewport of 480 px or lesser than that.
  • Completely Redesigned Navbar
    The new Navbar is simpler. You can toggle it using the Collapse component, the `.navbar-toggleable-xs`, `.navbar-toggleable-sm`, etc.. let you control the breakpoint. Here’s an example.
  • Fonts are Bigger
    In Bootstrap 4, the default font size which was earlier 14px is now changed to 16px. Also, a new large display for headings which makes text stand out.
  • Tether powers tooltips and Popovers
    Tether, a JavaScript library, offers the position of an absolute positioned element stay next to each other on a web page. The power of Tether will enable automatic placement of tooltips and popovers. Note that it is a 3rd party library which supports IE9+, needs to be included separately in your HTML before adding the bootstrap.js.
  • A New Approach to Global Theming
    It will be the most interesting change. At present, with the version 3.x, it is very hard to do changes in RAW CSS, LESS file and overriding the settings. Easy customization of the global theme is expected in the new version.


  • Rearranged Support for IE
    The newer version has dropped support for IE8 as it was not supporting CSS media queries. IE 9 does not support Flexbox. To support IE9 Bootstrap has made Flexbox as optional to integrate with the framework.
  • Glyphicons Dropped
    Glyphicons, which was used by many, has been removed. The alternative provided is to use Font Awesome and Octicons as third party components. Instructions will be included eventually in the documentation.

Changes Behind the Scene

  • Bye Bye LESS, Hello SAASAs compare to LESS, SASS is more popular among frontend developers. SASS is easier to use, offers more possibilities and has an immense community base.
  • Refactored JavaScript Plugins
    All JavaScript plugins now are rewritten in ECMAScript 6 to take the benefit of the latest specification to improve the frontend experience.
  • Optimized Variable Customization
    Now all the Sass variables are incorporated into one single file named _variables.scss. This makes customization very easy. To change the default values, one needs to copy the settings into another file named _custom.scss.
  • New Reset Component Called Reboot
    The Reboot module now replaces the normalize.css file. The new module is the enhanced version of the normalize.css with the goal to include generic style and selectors within a single and easy to use .SCSS file. This change enabled the user to override the default setting in a better way without using ‘!important’.

This article is based on Bootstrap 4 alpha 3 version. For latest updates, visit the official blog.
Are you looking for assistance in a dot net or PHP implementation requiring Bootstrap?
Write to us at metasys@metasyssoftware.com or Call +912242545151 or visit www.metasyssoftware.com for more details.