Tagged articles

75 articles

Page 1 of 1

Apr 22, 2026 · Information Security

One‑Line Skill that Instantly Analyzes WeChat Mini‑Programs

This article presents a hybrid script‑plus‑LLM Skill that automates decompilation, interface extraction, sensitive data discovery, encryption analysis, and vulnerability assessment for WeChat mini‑programs, showing a step‑by‑step workflow, agent architecture, example results, and a GitHub implementation that reduces analysis time to about 20‑30 minutes.

GitHubLLM automationWeChat Mini Program

0 likes · 7 min read

One‑Line Skill that Instantly Analyzes WeChat Mini‑Programs

Test Development Learning Exchange

Apr 5, 2026 · Operations

Master API Testing: 20 Ready‑to‑Use Templates for Security, Performance, and Automation

This guide provides twenty detailed, ready‑to‑use templates that cover API overview translation, end‑to‑end call chains, OAuth2 flow analysis, JWT security testing, API key rotation, large file chunked upload, WebSocket messaging, payment callback verification, GraphQL optimization, gRPC testing, HTTP status‑code scenarios, circuit‑breaker testing, version compatibility, internationalization, OpenAPI validation, and contract‑test generation, each with concrete code snippets and step‑by‑step requirements.

API testingPerformance Testingsecurity testing

0 likes · 13 min read

Master API Testing: 20 Ready‑to‑Use Templates for Security, Performance, and Automation

Woodpecker Software Testing

Mar 20, 2026 · R&D Management

From Bug Hunting to Defense: How Adversarial Testing Teams Will Transform in 2026

The article examines how a 2025 supply‑chain poisoning incident sparked a paradigm shift toward adversarial testing, introducing new roles, AaaS platforms, and dual‑cycle processes that move testing teams from merely finding bugs to building resilient, attack‑aware systems by 2026.

MITRE ATT&CKResilience EngineeringSoftware quality

0 likes · 6 min read

From Bug Hunting to Defense: How Adversarial Testing Teams Will Transform in 2026

Black & White Path

Mar 12, 2026 · Information Security

AuthKit: A Burp Suite Plugin for Automated Privilege‑Escalation Detection

AuthKit is a Burp Suite extension that expands a single request into Original, Unauthorized and multiple‑role samples to uncover unauthorized access, horizontal and vertical privilege escalation, and BOLA issues, offering passive capture, right‑click active testing, multi‑identity replay, metric dashboards, diff views, context‑menu integration, and flexible scope controls.

AuthKitAutomationBOLA

0 likes · 3 min read

AuthKit: A Burp Suite Plugin for Automated Privilege‑Escalation Detection

Black & White Path

Mar 11, 2026 · Information Security

ByPassTamperPlus: Enhanced SQLMap Tamper Scripts for Advanced WAF Bypass

ByPassTamperPlus is a Python‑based collection of SQLMap tamper scripts tailored for MSSQL, MySQL and Oracle across multiple versions, employing version‑specific syntax, functions and obfuscation techniques to improve payload survivability against modern Web Application Firewalls, while acknowledging inherent limitations.

MSSQLOracleSQLMap

0 likes · 6 min read

ByPassTamperPlus: Enhanced SQLMap Tamper Scripts for Advanced WAF Bypass

Black & White Path

Feb 15, 2026 · Information Security

WebScan Pro: A High‑Performance Multithreaded Visual Site Directory Scanner

WebScan Pro is a Python‑based, multithreaded site directory scanner that offers both CLI and GUI modes, supports Windows, macOS, and Linux, and provides real‑time visual monitoring, customizable thread settings, and best‑practice recommendations for safe and efficient security testing.

CLIGUIPython

0 likes · 5 min read

WebScan Pro: A High‑Performance Multithreaded Visual Site Directory Scanner

Woodpecker Software Testing

Jan 28, 2026 · Industry Insights

Designing the Future Test Force: A 3‑Dimensional Skill Map for Automation Test Engineers

The article outlines a three‑dimensional skill framework—technical depth, business breadth, and engineering mindset—to guide automation test engineers in mastering programming fundamentals, test frameworks, CI/CD, quality metrics, AI‑driven testing, and career progression from junior to senior levels.

AI testingPerformance TestingSkill Development

0 likes · 7 min read

Designing the Future Test Force: A 3‑Dimensional Skill Map for Automation Test Engineers

Woodpecker Software Testing

Jan 26, 2026 · Industry Insights

2026 Software Testing Trends: AI‑Driven Automation, Full‑Chain Quality, and Career Evolution

The article forecasts that in 2026 software testing will be reshaped by AI‑generated test cases, self‑healing frameworks, predictive risk analysis, left‑shift quality gates, integrated security and privacy testing, and a shift toward test architects and business‑savvy consultants, urging professionals to expand their technical and soft‑skill portfolios.

AI testingCareer DevelopmentSoftware Testing

0 likes · 7 min read

2026 Software Testing Trends: AI‑Driven Automation, Full‑Chain Quality, and Career Evolution

Woodpecker Software Testing

Jan 13, 2026 · Fundamentals

Mobile vs Web Testing: 8 Key Differences Every QA Engineer Should Know

This article breaks down the eight core differences between mobile and web testing, covering platform fragmentation, network scenarios, interaction models, installation processes, performance metrics, interruption handling, security concerns, and automation tools, and explains why mobile testing demands broader technical breadth.

Performance Testingdevice fragmentationmobile testing

0 likes · 8 min read

Mobile vs Web Testing: 8 Key Differences Every QA Engineer Should Know

Woodpecker Software Testing

Jan 5, 2026 · Information Security

Deep Dive into the Five Core Security Attributes for Robust Testing

This article analyses the five fundamental security attributes—confidentiality, integrity, non‑repudiation, auditability and authenticity—detailing their definitions, testing goals, key techniques, a comprehensive banking transfer case study, discovered vulnerabilities, remediation measures, metrics and best‑practice recommendations for continuous security testing.

Authenticationauditabilityconfidentiality

0 likes · 16 min read

Deep Dive into the Five Core Security Attributes for Robust Testing

Woodpecker Software Testing

Dec 20, 2025 · Fundamentals

Comprehensive AI-Generated Test Cases for User Registration Forms

The article presents a thorough AI‑driven test‑case suite for a user registration interface, detailing strategies such as equivalence partitioning, boundary‑value analysis, decision‑tree modeling, and error‑guessing, and covering fields like account, password, confirm password, mobile and email with functional, security, concurrency, and usability scenarios.

Software Testingconcurrencyregistration form

0 likes · 25 min read

Comprehensive AI-Generated Test Cases for User Registration Forms

FunTester

Dec 11, 2025 · Fundamentals

When and Where to Test: Choosing the Right Test Types for Your Application

This article outlines a comprehensive testing matrix that maps common test types—unit, API, UI, security, performance, smoke, and regression—to their problem domains, SDLC stages, and execution methods, helping teams select and prioritize tests based on risk, feedback speed, and ownership.

API testingPerformance TestingSoftware Testing

0 likes · 11 min read

When and Where to Test: Choosing the Right Test Types for Your Application

Advanced AI Application Practice

Nov 11, 2025 · Information Security

How to Perform Basic Performance and Security Checks Without Writing Code

This guide shows non‑coding testers how to conduct quick performance and security assessments by relying on user perception, simple timing, multi‑browser simulations, basic input manipulation, and network inspection to uncover obvious issues before involving professional test teams.

Performance Testingbug reportingmanual testing

0 likes · 7 min read

How to Perform Basic Performance and Security Checks Without Writing Code

Ops Development & AI Practice

Sep 18, 2025 · Information Security

Choosing the Right Java Security Testing Tool: SAST vs DAST vs IAST Explained

This article examines script injection threats in Java applications and compares static, dynamic, and interactive security testing tools—SAST, DAST, and IAST—highlighting their strengths, weaknesses, and popular options to help developers select the most suitable solution.

Application SecurityDASTIAST

0 likes · 9 min read

Choosing the Right Java Security Testing Tool: SAST vs DAST vs IAST Explained

Huolala Tech

Aug 12, 2025 · Information Security

Can AI Boost Traditional SAST to Detect Complex Logic Bugs?

This article explores a hybrid approach that combines traditional static application security testing (SAST) with large language models (LLM) to automatically detect business‑logic vulnerabilities, detailing the methodology, implementation stages, experimental results, and the challenges of integrating AI into code security analysis.

AILLMSAST

0 likes · 15 min read

Can AI Boost Traditional SAST to Detect Complex Logic Bugs?

Test Development Learning Exchange

Apr 3, 2025 · Operations

Case Studies of Monkey Testing for Stability, Performance, and Security in Applications

This article presents three practical case studies—social app stability testing, game app performance optimization, and e‑commerce app security testing—demonstrating how Monkey testing, combined with targeted parameters and monitoring tools, can uncover hidden issues and improve overall product quality.

App StabilityMonkey testingsecurity testing

0 likes · 6 min read

Case Studies of Monkey Testing for Stability, Performance, and Security in Applications

Test Development Learning Exchange

Mar 15, 2025 · Operations

API Automation Testing: Requirement Analysis, Test Case Design, and Best Practices

This article outlines a comprehensive approach to API automation testing, covering requirement analysis, test case design for functional, performance, and security aspects, tool selection, a practical login‑API case study, and best practices such as CI/CD integration, regression testing, and environment management.

API testingAutomationPerformance Testing

0 likes · 4 min read

API Automation Testing: Requirement Analysis, Test Case Design, and Best Practices

MaGe Linux Operations

Jan 3, 2025 · Operations

Master tcpdump: Essential Commands for Network Troubleshooting and Security

Learn practical tcpdump examples to boost network troubleshooting and security testing, covering common parameters, ASCII output, protocol and IP filtering, file writing, buffering modes, combined filters, and advanced use cases like extracting HTTP headers, detecting port scans, capturing ICMP, DHCP, SNMP, and more.

LinuxPacket Capturenetwork troubleshooting

0 likes · 20 min read

Master tcpdump: Essential Commands for Network Troubleshooting and Security

Huolala Tech

Dec 24, 2024 · Information Security

How Huolala Accelerated Risk‑Control Testing with Automated Tools

This article details Huolala's challenges in risk‑control testing amid rapid business growth, outlines the inefficiencies of manual configuration verification, and explains how a suite of automated tools and a full‑scope interception strategy dramatically improved testing efficiency, data quality assurance, and cross‑team collaboration.

Data QualityTesting Automationprocess optimization

0 likes · 21 min read

How Huolala Accelerated Risk‑Control Testing with Automated Tools

Huolala Tech

Nov 19, 2024 · Information Security

Understanding JWT Security Risks and How to Test Them

This article explains the structure of JSON Web Tokens, outlines common attack vectors such as algorithm confusion, weak keys, replay, and header injection, and provides practical mitigation strategies and a testing checklist with recommended security tools.

JWTReplay attackalgorithm confusion

0 likes · 13 min read

Understanding JWT Security Risks and How to Test Them

Alibaba Cloud Native

Nov 18, 2024 · Information Security

How Browser Synthetic Monitoring Detects CDN Supply‑Chain Attacks

The article explains how browser‑based synthetic monitoring can observe the full user experience, use rich assertions and multi‑step scripts to spot CDN supply‑chain poisoning and traffic hijacking, illustrated with real polyfill.io and BootCDN attack cases.

CDN poisoningObservabilitybrowser monitoring

0 likes · 10 min read

How Browser Synthetic Monitoring Detects CDN Supply‑Chain Attacks

Software Development Quality

Aug 12, 2024 · Information Security

How to Detect and Prevent Financial Losses in Banking Systems

This guide explains what capital loss means, outlines common financial loss scenarios, details a comprehensive testing methodology, presents real-world banking and insurance loss cases, and offers practical prevention measures to safeguard financial operations.

Fraud Preventionbanking systemsfinancial loss

0 likes · 9 min read

How to Detect and Prevent Financial Losses in Banking Systems

Software Development Quality

Feb 21, 2024 · Information Security

Master JWT Security: Test, Forge, and Exploit Tokens with jwt_tool.py

jwt_tool.py is a Python toolkit that validates, forges, scans, and manipulates JSON Web Tokens, offering features such as token validity checks, testing of known CVE‑related vulnerabilities, misconfiguration scanning, claim fuzzing, secret/key verification, dictionary‑based weak‑key detection, timestamp tampering, RSA/ECDSA key reconstruction, and interactive token editing.

JWTPythonsecurity testing

0 likes · 4 min read

Master JWT Security: Test, Forge, and Exploit Tokens with jwt_tool.py

FunTester

Jan 26, 2024 · Fundamentals

Understanding Mid‑Level and Senior Test Engineer Roles, Certification Benefits, and a Comprehensive Testing Skill Map

This article explains how mid‑level and senior software test engineers are defined, highlights the career‑advancing value of certification, and presents a detailed testing skill map covering automation, performance, and security testing techniques and tools.

AutomationCareer DevelopmentPerformance Testing

0 likes · 11 min read

Understanding Mid‑Level and Senior Test Engineer Roles, Certification Benefits, and a Comprehensive Testing Skill Map

360 Quality & Efficiency

Dec 22, 2023 · Information Security

Testing Methods for Windows Filtering Platform (WFP) Network Drivers

This article explains the principles of the Windows Filtering Platform, outlines functional, compatibility, performance, and security testing techniques for WFP‑based network drivers, and presents a case study on diagnosing throughput issues using filter isolation tools.

WFPWindows Filtering Platformdriver performance

0 likes · 8 min read

Testing Methods for Windows Filtering Platform (WFP) Network Drivers

FunTester

Nov 20, 2023 · Information Security

Mastering Bulk API Access Control Testing with Burp Suite Auth Analyzer

This guide explains how to use Burp Suite's Auth Analyzer plugin to efficiently perform bulk API access‑control (broken access control) testing, covering vulnerability types, tool installation, step‑by‑step testing procedures, result analysis, and report export for improved software security.

API testingAuth AnalyzerAutomation

0 likes · 6 min read

Mastering Bulk API Access Control Testing with Burp Suite Auth Analyzer

OPPO Amber Lab

Oct 27, 2023 · Information Security

How Syzkaller Powers Kernel Fuzzing on Android: Architecture and Workflow

This article explains the architecture, core principles, and implementation details of Syzkaller, the coverage‑guided kernel fuzzing framework, and shows how it is set up and runs on Android devices to discover kernel vulnerabilities efficiently.

AndroidKCOVcoverage-guided

0 likes · 10 min read

How Syzkaller Powers Kernel Fuzzing on Android: Architecture and Workflow

Cloud Native Technology Community

Sep 7, 2023 · Information Security

Kubernetes Security Testing: Importance, Methods, and Best Practices

This article explains why security testing is critical for Kubernetes clusters, outlines key testing approaches such as SAST, DAST, container image scanning, configuration audits, and network policy testing, and provides practical steps for integrating these methods into CI/CD pipelines to ensure robust cloud‑native security.

Configuration AuditContainer ScanningDAST

0 likes · 9 min read

Kubernetes Security Testing: Importance, Methods, and Best Practices

Test Development Learning Exchange

Aug 22, 2023 · Operations

Using Charles Proxy for Software Testing: Benefits and Step‑by‑Step Setup

This guide explains the advantages of using the Charles proxy tool for software testing—including network traffic monitoring, debugging, environment simulation, security testing, and automation support—followed by detailed instructions for downloading, installing, registering, and configuring the tool.

Charles ProxyDebuggingNetwork Monitoring

0 likes · 4 min read

Using Charles Proxy for Software Testing: Benefits and Step‑by‑Step Setup

php Courses

Aug 11, 2023 · Information Security

PHP Code Security Testing: Review, Tools, and Practices

This article explains how to secure PHP web applications by performing code reviews, validating user input, preventing SQL injection and XSS, and using security testing tools such as PHP Security Scanner, OWASP ZAP, and Kali Linux, along with practical testing methods like boundary, authorization, and exception handling.

Code reviewPHPXSS

0 likes · 5 min read

PHP Code Security Testing: Review, Tools, and Practices

Programmer DD

Jun 3, 2023 · Information Security

How a Simple API Parameter Leak Exposed Thousands of Student Records

This article details the discovery and exploitation of an API‑based information leakage in a university system, showing how default passwords, missing parameters, and directory depth allowed an attacker to retrieve thousands of student records, and concludes with lessons for security testing.

API vulnerabilitydata exposureinformation leakage

0 likes · 10 min read

How a Simple API Parameter Leak Exposed Thousands of Student Records

FunTester

May 19, 2023 · Fundamentals

Comprehensive Guide to Software Testing Points: UI, Functional, Performance, Security, and Compatibility

This article outlines essential software testing points—including UI usability, functional correctness, performance load, security controls, and cross‑platform compatibility—explaining why enumerating each test item helps testers design comprehensive cases, detect defects early, and ensure reliable, secure, and user‑friendly applications.

CompatibilityPerformance TestingSoftware Testing

0 likes · 15 min read

Comprehensive Guide to Software Testing Points: UI, Functional, Performance, Security, and Compatibility

Software Development Quality

May 13, 2023 · Information Security

Top SAST and DAST Tools for DevSecOps: Boost Your Software Security

This article explains how security testing tools integrate into DevOps to form a DevSecOps model, outlines the differences between static and dynamic application security testing, and reviews popular SAST and DAST solutions that help protect software throughout its lifecycle.

DASTDevSecOpsSAST

0 likes · 10 min read

Top SAST and DAST Tools for DevSecOps: Boost Your Software Security

FunTester

Apr 25, 2023 · Fundamentals

An Overview of Software Testing: Types, Purposes, and Career Prospects

This article provides a comprehensive overview of software testing, covering its purpose, various test types such as functional, performance, security, compatibility, reliability, user experience, internationalization, and automation, as well as career prospects and essential skills for testers.

Performance TestingSoftware Testingfunctional testing

0 likes · 8 min read

An Overview of Software Testing: Types, Purposes, and Career Prospects

DeWu Technology

Apr 24, 2023 · Frontend Development

Community Client-Side Testing Practices and Quality System Construction

The guide outlines community-driven client‑side testing practices—functional, compatibility, exploratory, UX, performance, stability, and security testing—detailing tool use such as TeslaLab, automation and AI techniques, cross‑device and platform challenges, memory‑leak and crash analysis, and combined black‑box/white‑box approaches to improve app quality and data privacy.

Client-Side TestingPerformance TestingUI automation

0 likes · 21 min read

Community Client-Side Testing Practices and Quality System Construction

FunTester

Apr 11, 2023 · Fundamentals

Guidelines for Software Test Engineers (1–3 Years) to Master Core Testing Skills and Advanced Topics

This article provides software test engineers with 1‑3 years of experience a comprehensive roadmap to master fundamental testing skills, automation, performance, security testing, and essential programming languages, emphasizing systematic learning, practical application, and continuous improvement for career growth.

Performance TestingSoftware Testingprogramming languages

0 likes · 12 min read

Guidelines for Software Test Engineers (1–3 Years) to Master Core Testing Skills and Advanced Topics

FunTester

Mar 27, 2023 · Mobile Development

Key Considerations for Mobile App Testing

This guide outlines essential mobile app testing practices, including device and platform selection, handling user mobility and network changes, multitasking scenarios, gesture conflicts, user experience factors, permissions, caching, web dependency, layered and exploratory testing, security checks, and effective log usage.

PermissionsUser experienceapp testing

0 likes · 6 min read

Key Considerations for Mobile App Testing

MaGe Linux Operations

Mar 21, 2023 · Information Security

How to Exploit Horizontal Privilege Escalation: A Step‑by‑Step Guide

This article documents a complete horizontal privilege escalation attack, showing how modifying POST parameters, REST‑style paths, and cookies can lead to unauthorized view, edit, and delete of other users' data, followed by techniques to combine the flaw with XSS and CSRF for greater impact.

CSRFXSScookie manipulation

0 likes · 6 min read

How to Exploit Horizontal Privilege Escalation: A Step‑by‑Step Guide

FunTester

Nov 16, 2022 · Mobile Development

How to Build a Robust Manual Testing Strategy for Mobile Apps

This guide outlines practical steps for selecting devices, weighing real devices versus emulators, leveraging cloud and network testing, and conducting UX, performance, and security checks to ensure high‑quality mobile app deployments in today’s fast‑paced digital landscape.

Performance Testingcloud testingdevice selection

0 likes · 6 min read

How to Build a Robust Manual Testing Strategy for Mobile Apps

NetEase LeiHuo Testing Center

Oct 21, 2022 · Operations

A Step-by-Step Guide to Interface Testing in Game Development

This article explains why interface testing is essential for game quality and security, and provides a detailed, step-by-step methodology—including planning, analysis, test case design, execution, result verification, and automation—to help QA teams efficiently test server APIs and prevent player cheating.

AutomationPerformance Testinginterface testing

0 likes · 10 min read

A Step-by-Step Guide to Interface Testing in Game Development

NetEase Smart Enterprise Tech+

Sep 20, 2022 · Information Security

How GameSentry Simplifies Game Security Testing: Design, Risks, and Open‑Source Benefits

GameSentry, an open‑source tool from NetEase Yidun, streamlines game security testing by analyzing protocols, function logic, memory, and code hot‑updates, offering detailed risk categories, testing steps, and advantages that lower the barrier for developers to detect vulnerabilities before release.

GameSentryMobile Gamesinformation security

0 likes · 12 min read

How GameSentry Simplifies Game Security Testing: Design, Risks, and Open‑Source Benefits

DevOps

Aug 26, 2022 · Information Security

Security Testing Practices in DevSecOps and Huawei Cloud

The article explains the importance of security testing within DevSecOps, outlines key testing methods such as SAST, DAST, IAST, and SCA, discusses penetration testing, and describes Huawei Cloud's comprehensive security testing framework and practices for ensuring software safety in modern development pipelines.

DASTDevSecOpsIAST

0 likes · 13 min read

Security Testing Practices in DevSecOps and Huawei Cloud

MaGe Linux Operations

Jul 16, 2022 · Information Security

How to Exploit Horizontal Privilege Escalation: From Parameter Tampering to XSS

This article walks through a full horizontal privilege escalation attack, showing how altering POST data, REST‑style URLs, and cookie fields can grant unauthorized view, edit, and delete rights, and how to amplify the impact with self‑XSS and CSRF techniques.

CSRFXSShorizontal privilege

0 likes · 7 min read

How to Exploit Horizontal Privilege Escalation: From Parameter Tampering to XSS

Software Development Quality

Jul 14, 2022 · Fundamentals

Mastering Software Testing: From Basics to Advanced Strategies

This comprehensive guide walks you through the fundamentals of software testing, covering test analysis and design, mobile testing techniques, performance and security testing methods, algorithm validation, data quality assurance, and effective cross‑domain project management for modern development teams.

Software Testingalgorithm testingdata testing

0 likes · 68 min read

Mastering Software Testing: From Basics to Advanced Strategies

58 Tech

Mar 15, 2022 · Information Security

Research and Practice of IAST/RASP: Instrumentation, Taint Analysis, and Integration with SkyWalking

This article surveys IAST and RASP technologies, detailing Java bytecode instrumentation methods, passive probing techniques, taint analysis algorithms, integration with SkyWalking, and compares their capabilities with SAST and DAST, providing practical implementation guidance and reference resources.

IASTJava InstrumentationRASP

0 likes · 14 min read

Research and Practice of IAST/RASP: Instrumentation, Taint Analysis, and Integration with SkyWalking

JD Tech

Feb 28, 2022 · Information Security

Integrating Functional Security Testing into Daily Test Practices: Concepts, SDL Roles, and Test‑Case Design

This article explains how test engineers can incorporate functional security testing into routine testing by outlining the differences between security and functional testing, describing the Security Development Lifecycle (SDL) responsibilities, and providing concrete test‑case design guidelines for various security scenarios.

SDLSoftware Securityfunctional testing

0 likes · 12 min read

Integrating Functional Security Testing into Daily Test Practices: Concepts, SDL Roles, and Test‑Case Design

HaoDF Tech Team

Feb 10, 2022 · Information Security

Good Doctor Online's Practice of Integrating and Optimizing Open-Source IAST in Its Security Development Lifecycle

This article details how Good Doctor Online integrated and optimized the open-source IAST tool within its security development lifecycle, covering architecture, performance enhancements, RPC adaptation, CI/CD pipeline integration, and real-world deployment results.

Application SecurityContainer OptimizationDevOps

0 likes · 12 min read

Good Doctor Online's Practice of Integrating and Optimizing Open-Source IAST in Its Security Development Lifecycle

Sohu Tech Products

Feb 2, 2022 · Information Security

Command2API: Exposing Command Execution Results via HTTP API with Python

This article introduces the open‑source Command2API tool, explains its origin in internal security testing, describes its simple Python‑based architecture that runs commands in a thread and serves results through an HTTP API, provides usage examples, examines the source code, and suggests possible improvements.

Command ExecutionHTTP APIPython

0 likes · 6 min read

Command2API: Exposing Command Execution Results via HTTP API with Python

政采云技术

Dec 30, 2021 · Information Security

Introduction to Web Security Testing and Common Vulnerabilities

This article introduces web security testing, explains why it is essential, describes common vulnerabilities such as weak passwords, XSS, CSRF, SQL injection, authorization bypass, and file upload issues, and offers practical prevention measures and testing guidelines for developers and testers.

SQL injectionVulnerabilityWeb Security

0 likes · 14 min read

Introduction to Web Security Testing and Common Vulnerabilities

Programmer DD

Aug 29, 2021 · Information Security

Spring Boot Vulnerability Checklist: Exploits, Detection Routes, and Mitigation Tips

This article presents a comprehensive GitHub collection of Spring Boot vulnerabilities, explains how to identify information‑leakage and remote‑code‑execution flaws via exposed Swagger and Actuator endpoints, and provides step‑by‑step verification commands for security testing.

ActuatorExploitSpring Boot

0 likes · 11 min read

Spring Boot Vulnerability Checklist: Exploits, Detection Routes, and Mitigation Tips

Dada Group Technology

Jul 16, 2021 · Information Security

Application Security Testing Practices and Risk Assessment at JD Daojia

This article outlines JD Daojia's comprehensive application security strategy, including risk analysis, threat modeling, DevSecOps processes, open‑source component scanning, SAST/DAST/IAST testing, manual security assessments, and evaluation of testing effectiveness to mitigate vulnerabilities before production.

Application SecurityDevSecOpsThreat Modeling

0 likes · 13 min read

Application Security Testing Practices and Risk Assessment at JD Daojia

New Oriental Technology

May 17, 2021 · Mobile Development

Comprehensive Mobile Testing Plan for the Cloud Classroom Application

This document outlines a detailed testing strategy for the Cloud Classroom mobile app, covering security, static code analysis, performance, compatibility, and overall quality assurance to ensure stable functionality and a positive user experience.

CompatibilityPerformance Testingcloud classroom

0 likes · 12 min read

Comprehensive Mobile Testing Plan for the Cloud Classroom Application

Youzan Coder

Nov 25, 2020 · Information Security

Design and Implementation of an Interface Authorization Scanning Platform

The article presents a systematic, automated platform that captures, replays, and compares API requests using intelligent sampling and vertical/horizontal privilege checks to detect authorization flaws, dramatically reducing manual testing effort, uncovering over twenty issues monthly, and outlining future CI integration and AI‑enhanced detection.

APIAuthorizationAutomation

0 likes · 16 min read

Design and Implementation of an Interface Authorization Scanning Platform

Ctrip Technology

Oct 15, 2020 · Information Security

Deploying OpenRASP IAST at Ctrip: Architecture, Challenges, and Data‑Pollution Prevention via Bytecode Instrumentation

This article describes Ctrip's practical deployment of OpenRASP‑based IAST, outlines the challenges of data pollution caused by traffic replay, and presents a Java bytecode instrumentation solution that intercepts SocketOutputStream writes to prevent dirty data from persisting in databases, caches, and message queues.

IASTJavaOpenRASP

0 likes · 9 min read

Deploying OpenRASP IAST at Ctrip: Architecture, Challenges, and Data‑Pollution Prevention via Bytecode Instrumentation

FunTester

Oct 14, 2020 · Industry Insights

How to Tackle IoT Device Testing: Key Challenges and Strategies

This article examines the growing need for comprehensive IoT testing, outlines how to select representative devices, and details the four main testing domains—security, performance, functionality, and compatibility—while offering practical guidance for QA teams to ensure high‑quality connected products.

CompatibilityIoTPerformance Testing

0 likes · 6 min read

How to Tackle IoT Device Testing: Key Challenges and Strategies

Fulu Network R&D Team

Aug 26, 2020 · Information Security

Establishing a Comprehensive Security Testing Process

This article explains the importance of security testing, outlines where to start, and details a step‑by‑step security testing workflow covering requirement analysis, static code scanning, third‑party component checks, data masking, permission checks, XSS, SQL injection, privilege escalation, file upload/download, server port scanning, and business‑specific test cases.

risk managementsecurity testingsoftware development

0 likes · 9 min read

Establishing a Comprehensive Security Testing Process

FunTester

Aug 6, 2020 · Fundamentals

How to Design Comprehensive Login Test Cases: From Basics to Security and Performance

This article explains practical techniques—equivalence partitioning, boundary value analysis, and scenario testing—to create thorough login test cases, then expands with advanced functional, security, performance, and compatibility scenarios, helping testers improve coverage and demonstrate expertise in interviews.

Performance Testingboundary value analysisequivalence partitioning

0 likes · 8 min read

How to Design Comprehensive Login Test Cases: From Basics to Security and Performance

FunTester

Jul 2, 2020 · Mobile Development

Mastering Mobile App Testing: Pyramid, Types, Tools, and Real‑World Challenges

This article explores why mobile app testing is crucial, explains the mobile testing pyramid, details functional, regression, performance, security, usability, and compatibility testing types, compares automation frameworks and tools, and discusses practical challenges such as device fragmentation, network variability, and battery constraints.

AppiumPerformance Testingcloud testing

0 likes · 16 min read

Mastering Mobile App Testing: Pyramid, Types, Tools, and Real‑World Challenges

FunTester

Apr 15, 2020 · Industry Insights

How to Turn Software Testing Experience into a High‑Paying Career

The article examines why basic functional testing jobs are dwindling, highlights growing opportunities in automation, performance, security, big‑data and AI testing, and offers a practical roadmap to help testers acquire new skills and advance toward higher‑salary roles.

Career DevelopmentSoftware Testingautomation testing

0 likes · 4 min read

How to Turn Software Testing Experience into a High‑Paying Career

FunTester

Mar 15, 2020 · Fundamentals

What Is White-Box Testing and How to Perform It

White-box testing examines a program’s internal structure, code, and logic by creating and executing test cases that cover all paths, conditions, and statements, enhancing security, reliability, and code quality, while outlining its steps, techniques, examples, advantages, and drawbacks.

Software Testingcode coveragesecurity testing

0 likes · 9 min read

What Is White-Box Testing and How to Perform It

Ziru Technology

Feb 16, 2020 · Information Security

Mastering Drozer: Step‑by‑Step Android Security Testing Guide

This guide walks through installing Drozer, configuring port forwarding, connecting the console, and using a variety of commands to enumerate packages, activities, content providers, services, and broadcast receivers on Android devices, while also addressing common errors and demonstrating vulnerability scans such as SQL injection and directory traversal.

DrozerMobile Securityinformation security

0 likes · 9 min read

Mastering Drozer: Step‑by‑Step Android Security Testing Guide

dbaplus Community

Oct 19, 2019 · Information Security

Mastering Enterprise Code Auditing: Strategies, Tools, and Best Practices

This comprehensive guide explains why code auditing is essential for modern enterprises, compares enterprise and white‑hat audits, outlines a seven‑step methodology, and reviews both open‑source and commercial SAST tools with practical case studies across PHP, Node.js, Python, and Go.

DevSecOpsDynamic analysisSAST

0 likes · 24 min read

Mastering Enterprise Code Auditing: Strategies, Tools, and Best Practices

转转QA

Oct 9, 2019 · Information Security

Understanding Security Testing: SQL Injection, XSS, CSRF, and Permission Vulnerabilities

This article explains the differences between functional and security testing, introduces common web vulnerabilities such as SQL injection, cross‑site scripting (XSS), and cross‑site request forgery (CSRF), provides concrete code examples, and offers practical tips for detecting and preventing these issues.

CSRFSQL injectionWeb Vulnerabilities

0 likes · 12 min read

Understanding Security Testing: SQL Injection, XSS, CSRF, and Permission Vulnerabilities

360 Tech Engineering

May 8, 2019 · Fundamentals

Payment Testing Guide: Classification, Methods, and Test Points

This guide explains how to classify payment types, outlines functional, interface, and security testing methods, and lists comprehensive test points for payment amounts, processes, methods, and coupon handling to ensure reliable and secure payment flows in software products.

Software Testingfunctional testinginterface testing

0 likes · 6 min read

Payment Testing Guide: Classification, Methods, and Test Points

360 Quality & Efficiency

Apr 23, 2019 · Operations

Comprehensive Guide to Payment Testing: Classification, Methods, and Test Points

This article provides a detailed overview of payment testing, covering payment classification, common testing methods such as functional, interface, and security testing, key test points for payment flow, amounts, methods, and coupons, and includes illustrative diagrams to help testers ensure reliable and secure transaction processes.

Software Testingfunctional testingpayment flow

0 likes · 7 min read

Comprehensive Guide to Payment Testing: Classification, Methods, and Test Points

360 Tech Engineering

Mar 13, 2019 · Fundamentals

Comprehensive Guide to Software Testing Process and Types

This guide outlines a comprehensive software testing framework, covering basic smoke tests, functional, security, interface, compatibility, installation, performance, regression, and advanced testing practices, with detailed steps, responsibilities, and reporting requirements for development, testing, and product teams.

Software Testingcompatibility testingquality assurance

0 likes · 8 min read

Comprehensive Guide to Software Testing Process and Types

Node Underground

Dec 23, 2018 · Fundamentals

Master the 20+ Essential Software Testing Types in One Guide

This comprehensive guide explains the most common software testing types—from Alpha and Beta to Security, Load, and Compatibility testing—detailing their purposes, execution contexts, and how they help ensure software quality before release.

Beta TestingSoftware Testingalpha testing

0 likes · 9 min read

Master the 20+ Essential Software Testing Types in One Guide

JD Tech

Jun 20, 2018 · Mobile Development

Comprehensive Guide to Android UI and API Automation Testing

This article presents a comprehensive guide to Android UI and API automation testing, covering framework selection, script development with Robotium and Genymotion, Docker-based Selenium grid deployment, Python RemoteDriver usage, security testing, and best practices for efficient mobile test automation.

AndroidDockerPython

0 likes · 12 min read

Comprehensive Guide to Android UI and API Automation Testing

ITFLY8 Architecture Home

Mar 11, 2018 · Information Security

Understanding CSRF Attacks: Risks, Detection, and Defense Strategies

This article explains what CSRF (Cross‑Site Request Forgery) is, illustrates its attack model, details the potential damages, walks through the attack process with examples, and outlines practical detection methods and multiple defense techniques including token‑based protection and referer checks.

Anti‑CSRF TokenCSRFCross-Site Request Forgery

0 likes · 13 min read

Understanding CSRF Attacks: Risks, Detection, and Defense Strategies

Huawei Cloud Developer Alliance

Aug 22, 2017 · Fundamentals

What’s Next for Software Testing? Emerging Trends and Technologies Shaping the Future

This article surveys the latest software testing trends—from security, AI‑driven testing, static analysis, and precise testing to cloud, IoT, open‑source tools, container‑based DevOps, agile, big‑data, and mobile testing—highlighting opportunities, challenges, and future directions for test engineers.

AI testingAutomationIoT testing

0 likes · 17 min read

What’s Next for Software Testing? Emerging Trends and Technologies Shaping the Future

JD Retail Technology

May 11, 2017 · Information Security

Unmanned Customer Service System Architecture and Security Testing Overview

This article explains the concept and architecture of an unmanned customer service system, outlines its security testing strategy—including interface, vulnerability scanning, privilege and data protection tests—describes database and web security methods, and provides practical command examples and tool recommendations.

SQLMapWeb Securityinformation security

0 likes · 14 min read

Unmanned Customer Service System Architecture and Security Testing Overview

360 Quality & Efficiency

Nov 25, 2016 · Information Security

Common Ciphertext Leakage Scenarios and Escape Testing Methods for File Encryption Software

This article examines typical ciphertext leakage scenarios in file encryption software, such as process forgery, driver hijacking, temporary file exposure, and embedded object insertion, and outlines practical escape testing techniques to improve security and product robustness.

ciphertext leakagedriver hookingsecurity testing

0 likes · 13 min read

Common Ciphertext Leakage Scenarios and Escape Testing Methods for File Encryption Software

Baidu Intelligent Testing

Jun 28, 2016 · Information Security

Business Security Testing: Concepts, Techniques, and Practical Tools

This article introduces business security testing, explaining its background, overall workflow, and detailed techniques such as network request interception with tools like TamperIE, Chrome DevTools, and tcpdump, as well as cookie manipulation, backend authentication forging, and replay attacks on GET and POST interfaces.

Network InterceptionReplay attackbusiness security

0 likes · 12 min read

Business Security Testing: Concepts, Techniques, and Practical Tools

360 Quality & Efficiency

Jun 6, 2016 · Information Security

Software Security Testing: Objectives, Common Vulnerabilities, and Static/Dynamic Approaches

Security testing, performed from near completion to release, verifies that software meets security requirements and quality standards by identifying common vulnerabilities such as DLL hijacking, ASLR/DEP misuse, and heap overflows, and employs static scanning and dynamic testing methods to detect and remediate these issues.

DLL hijackingDynamic analysisSoftware Security

0 likes · 5 min read

Software Security Testing: Objectives, Common Vulnerabilities, and Static/Dynamic Approaches

360 Quality & Efficiency

May 9, 2016 · Information Security

Comprehensive Guide to Security Testing: Methods, Tools, and Best Practices

This article provides an in‑depth overview of security testing, covering its definition, lifecycle, test types, a wide range of scanning and injection tools, practical checklists, evaluation metrics, and recommendations for integrating security assessments throughout the software development process.

information securitynetwork securitypenetration testing

0 likes · 20 min read

Comprehensive Guide to Security Testing: Methods, Tools, and Best Practices