How to detect and fix bugs in software I

The term bug is no longer a new word, bugs may be unexpected error, failure or flaw which yield unexpected or incorrect result which might cause a great disaster to the software  and also the time require for bug fixing depends on the complexity of the code, structure of the code  , experience and the given time.

No doubt bug finding and fixing is a special job mean for security tester , but the main question is how to detect and fix bug in software .

STEP 1 TO DETECT BUG IN A SOFTWARE ( most especially web app )

Make sure the software can handle extremely large input

Some days ago I did a copy paste of 2048 character to google and bing search

2017-04-25 at 17-26-05 2017-04-25 at 17-27-23

2017-04-25 at 17-34-06

2017-04-25 at 17-33-37

Do you observe the both page response code are the same with different look ? Some engineers will definitely see this to be a good practice , while others may see it to be a bad practice. What does 404 response code mean ? Any response with 4xx: means the request contains bad syntax or cannot be fulfilled “therefore 404 response code means  cannot find the requested URI “. It’s no doubt that how the two applications handle  extremely large input are different ,remember too long strings can overflow database models.  The simple question is what and how does the error messages and page tells the user?

I did a similar thing ” Copy  – paste such huge amount of text to a proposed card verification app

2017-04-25 at 17-45-00

2017-04-25 at 17-45-42

Do you observe the text field discard all others characters greater than the specified length and then return error message ? Exactly, this proposed app seems to handle extremely large input and there is possibility that too long strings can’t overflow database models

STEP 2 : Does it handle boundary values properly, and support unicode ( ” The Turkish i and German ß  “)

STEP 3 : Does your app grant least permissions for actions?

STEP 4 : Does your app have throttling and rate limiting mechanisms?

STEP 5 : Does your app have a way to quickly rotate secrets?

STEP 6 : Have you scanned your code to ensure no valuable information is being released?

STEP 7 : Do your code have unit, integration and functional tests?

Hope you enjoy this ? Look out for the part II of this post…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: