Basic 2: Web Application Testing basics

Welcome Readers,

Today we will cover HTTP methods, response codes, types of interception tools and tips.

HTTP Methods:
In the last post we have seen every time server respond with specific response code so that browser understand and reflect the web page.
There are many HTTP methods application use but most commonly used are GET and POST methods. apart from that there are OPTIONS, TRACE, DELETE, PUT, CONNECT, HEAD methods.
Short description for each method,

GET: The GET method is used to retrieve information from the given server using a given URI. Requests using GET should only retrieve data and should have no other effect on the data. HEAD: Same as GET, but transfers the status line and header section only. POST: A POST request is used to send data to the server, for example, customer information, file upload, etc. using HTML forms. PUT: Replaces all current representations of the target resource with the uploaded content. DELETE: Removes all current representations of the target resource given by a URI. CONNECT: Establishes a tunnel to the server identified by a given URI. OPTIONS: Describes the communication options for the target resource. TRACE: Performs a message loop-back test along the path to the target resource. Response Codes: We have five different classes : 1XX: Informational >>100 Continue 2XX: Success >>200 OK 3XX: Redirection >> 302 Redirect,304 Not Modified 4XX: Client Error >> 401 Unauthorized, 403 Forbidden, 404 Not Found 5XX: Server Error >>500 internal server error, 502 bad gateway We have understood request/response, HTTP methods and response codes. so without any delay lets start with web application testing. In this post I will list down some useful manual and automated testing tools. Make note of this and try to do hands on on as many tools as you can. Automated Scanners: 1.IBM AppScan 2.Acunetix 3.Nikto 4.Net-Sparker Manual/Automated proxy interception Scanners: 1.Burpsuit 2.Paros 3.webscarab 4.Zed Attack proxy 5.charles proxy6.Fiddler Thick client testing tools: 1.EcoMirage 2.Javasnoop Web server and port scanners: 1.Nessus 2.Nmap We will cover most scanning tools and tips in the next post till then stay tuned..