Intro to Security Testing: DOS Attacks

Security testing is a specialization in the world of software QA. It takes a lot of expert-level knowledge and a good deal of thinking outside the box to be able to pinpoint security vulnerabilities and predict what hackers will do. There’s lots of ways you can get started on the path of becoming a security testing expert, and they all begin with research and learning.

Here’s a video by Scientific America’s Instant Egghead series that explains the basics of a Denial of Service attack and how companies can help protect themselves. DOS attacks are one of the more common security issues today and no on is immune. Learning about them is a good place to start getting into security testing. You can find more helpful resources below the video.

If you want to know more, here are additional resources to help you become a security tester or help you make your app more secure from attacks:

Web Design & Usability Then and Now

Web design and usability standards have changed a lot in the past two decades. When moving forward, it’s always helpful to look back at where we started. BusinessInsider has a slideshow of “then and now” images of popular websites. From the 1994 version of AOL (the one that come on a disk) to sites that still seem newish (Foursquare circa 2009) you can see definitely changes and trends.

I’ll let you click through the gallery and form your own opinions, but two things stood out to me about today’s web design and UX.

Right now, we’re really in love with impactful images, giant hero images and sharper layouts that overall feel more dramatic, important and focused. Examples of this include Tumblr, Whitehouse.gov, Foursquare, The Huffington Post, Myspace, The New York Times, Facebook and BusinessInsider.

myspace-now

On the flip side, a surprising number of sites still seem cluttered. These pages are filled with options, links, images, ads and a million other things all competing for a user’s attention. Weather.com, Buzzfeed, AOL, Yelp, LinkedIn, YouTube and Yahoo! all have this issue. Some of these sites also have large images as their central focus, but they have so much around those images that it negates the point of a hero image. The question becomes, do they need to change? Millions of people visit those sites everyday and don’t seem to have a problem navigating nor are they driven away to a sleeker competitor. Is it a problem if it ultimately works?

buzzfeed-now

How big of a role does design play in website usability. Do you find the sites that tend toward large images easier to use or somehow better?

Is ‘Beautiful’ Web Design Actually Hurting Us?

Minimalist wed design and memoryOliver Burkeman of The Guardian wrote an interesting blog post about his feelings toward the trend of making reading platforms and apps “beautiful” and minimalist. UIs have been tending toward clean designs with lots of white space and easy-to-consume content for the past few years now, but Oliver doesn’t think that’s necessarily a good thing.

You hear the word “beautiful” all the time, these days, when web design’s being discussed. Medium, the blogging platform created by the Twitter co-founder Ev Wiliams, was conceived to be “simple [and] beautiful”. Likewise Svbtle, another “beautiful” stripped-down publishing system, was designed to “get out of the way”. This is the aesthetic of Jony Ive’s iOS7, with its flat icons and defiant lack of adornment; it’s an aesthetic for a world that does its reading on smooth pieces of black glass with curved corners. It’s the aesthetic that’s rapidly coming to dominate the web – which is why I feel some nervousness in poking my head above the parapet to say: what if I don’t want my reading experience to be this beautiful?

The post was inspired by Facebook’s new app, Paper, which is “uncluttered, slick, minimalist, polished. As one of the project’s engineers put it: ‘Paper was designed on a principle: content should be respected … [and] if content is to be respected, it should be beautifully presented.’” Beauty is usually a good thing, something that designers in every field strive for. But Oliver wonders if a beautiful UI is overshadowing, and maybe even hurting, the actual purpose of these content-focused apps and websites.

There’s some evidence to suggest that when you make the reading experience too smooth and glossy and beautiful, you make it less engaging and satisfying, too. The key concept here, explored in depth by the psychologist Adam Alter, author of the book Drunk Tank Pink, is “cognitive disfluency”. When information glides by too frictionlessly, we’re liable to find it harder both to understand and to retain.

The basic concept (boiled down to a very, very simple level) is that if something is harder to physically read it makes you concentrate on the content more, thus helping you process and retain the information better. There’s also an argument that design decisions that make content harder to read might signal to your brain that it’s filled with important information you should pay undivided attention to. On the flip side, if something is easy to read, it’s also easy to skim without deeply processing the information.

[T]here’s an unbearable lightness to the slippery minimalism of Medium, and sometimes it gets in the way. Writing presented like that is wonderfully easy to consume, yet also wonderfully easy to forget. By the time I get to the end of even a short piece, the first paragraph has faded not just from the screen, but from my mind.

Oliver admits that he’s likely in the minority when it comes to this opinion, but it raises a few good questions. Beyond wondering if he really is in the minority, his post makes me wonder:

  • When you think about it, do you retain less information that you read online on a minimalist site?
  • Should companies take these studies into account when designing their websites – especially the important pages that tell visitors what the company does, why it’s important and why they stand out? This is information you want visitors to absorb and retain.
  • Or does a beautiful design stick in a visitor’s head and make it easier to remember your site?
  • Does minimalist design (and the apparent consequences) go hand-in-hand with apps like Paper and other sites that feed us ultimately inconsequential information? (Let’s be honest, no one spends time on Facebook to become knowledgeable about world events or important topics – you’re too distracted by all the cat pictures and memes.)
  • Can you have a beautiful design that’s not too minimalist? Something that pleases users but makes them struggle just enough to be effective?
  • Should I write this post in a hard-to-read, tiny font so you remember it?

The internet has put a world of information at our fingertips and people have the ability to be more informed than ever before. But does it matter if we’re not retaining that information? What happens if we all become ‘jacks of all trades, masters of none?’ Or maybe we just need to change the way we approach information.

Oliver links to a Time piece that looked into whether or not e-reading made content harder to retain. Topics like recall methods and how quickly people learned the information are discussed. Links are made to the effects of spatial context and even screen size. But the article was written in early 2012 and one expert the journalist talked to found no difference in the long run between e-reading and paper-reading students. Is it just a matter of adjusting? Will reading on a neat, clean web platform become second nature and just as effective after enough time?

Beauty is a definite trend right now, and all the web best-practices tell us to keep content short and broken up into easy-to-consume pieces. Is this the right call or are we ultimately hurting our cause? Will our brains catch up to this new method of content delivery? (After all, newspapers are filled with white space compared to their counterparts from a century ago.) It’s a great topic that might just open a Pandora’s box and spark a great debate. Thanks for bringing it up Oliver!

What do you think about “beautiful” web design?

Did Super Bowl Advertisers Learn Their Load Testing Lesson?

Maserati site crashes during Super BowlDid companies finally learn the lesson about load testing? Traditionally, the Monday morning news following the Super Bowl is all about the best commercials and which websites buckled under the pressure of so many simultaneous visitors.

Last year, Coke, SodaStream, Calvin Klein, Axe and several other companies suffered down time after spending millions to air an ad during the Super Bowl. This year, the only account of a crashed site I can find is of the Maserati Ghibli site going down.

This might be the shortest blog post in history, but I think it’s an important one. If the vast majority of websites stayed functional during the biggest ad night of the year it means that:

A) Companies are finally doing sufficient load testing before the big game

B) Commercials for some reason aren’t driving as many viewers online

or

C) Viewers just aren’t taking the bait and not visiting websites following the ads

Did you experience or hear of any down sites during the 2014 Super Bowl? I’d be pretty impressed if we went from 13 crashed sites last year to only one.

8 Web Design Trends for 2014

2014 web design trendsIf you’ve been testing websites for the better part of a decade, you’ve likely lost track of all the web design trends that have come and gone. What can you expect to see this year? Here are eight web design trends Sitepoint and Business 2 Community predict for 2014.

Parallax Scrolling
Both Sitepoint and B2C think we’ll see parallax scrolling being adopted more widely this year. Parallax adds a level of depth and a definite wow factor to websites. Plus, it works off HTML5, so it’s mobile compatible.

Parallax scrolling brings websites to life while adding depth to images and text. Examples of this technique include changing graphics or animations so that they start to play as you scroll past them on a page. (Sitepoint)

Testers should pay special attention if they encounter this feature to make sure it works correctly in a variety of circumstances.

Continuous Scrolling
B2C heralds continuous scrolling as the answer to making your information easy to consume. Instead of trying to cram all the important information “above the hold” or overwhelming users with links, continuous scrolling offers users an easy, more pleasant experience, writer Jessie-Lee Nichols notes.

In today’s world of smart phones, tablets and track pads, users know how to scroll. Don’t be afraid to let them! …

Continuous scrolling eliminates the need for links and multiple pages. As a user scrolls down a page, they are automatically taken to the next “link” without having to click and wait for a reload.

Single Page Sites
In the same vein as B2C’s continuous scrolling predicition, Sitepoint thinks we’ll see more single page websites.

Websites usually have a handful of pages that you can access using navigation links. Smaller sites with less content are easing away from this model to a simpler one, incorporating images and content onto a single web page.

Single page design often utilizes parallax scrolling so visitors do not have to search through many pages to find the most important information.

In either case, testers should look at these designs with a careful eye and make sure the information really is easy to interact with and consume. Companies with good intentions may lose their way if they blindly follow these trends. As a tester, you should warn them if something doesn’t work or raises usability issues.

Responsive Design
Though responsive web design isn’t a new trend, both authors think it will continue to grow this year. This is as logical prediction as companies adapt to the fact that more and more user are accessing the web via mobile devices. Responsive design is a better way to optimize sites for mobile consumption.

When testing, make sure responsive design sites work well and look right on a range of devices and browsers – particularly on mobile.

Continue Reading

Web Apps are Moving Into Native App Stores

Native App StoresLooking for a way to spread the word about your web app and make money? The Amazon Appstore could be your answer. Last year, Amazon began letting HTML5 web apps be listed in the app store and featured as free apps of the day, but developers had no option to charge for the app. That policy is changing now and Amazon is poised to let companies set prices for their web apps in the app store.

After first allowing web apps into the store, developers reportedly saw spikes in traffic, but lost out on the potential revenue associated with this new interest. From Gigaom:

Amazon says that can drive significant traffic to the app for promotional purposes, although we’ve seen that may not amount to developer revenue. One app featured in 2011 jumped from 20 sales per day to more than 100,000 downloads while featured. Once the daily promotion was over, sales dropped right back down and the developer didn’t make a dime from what would have been $54,805 if it could have charged for the downloads.

While apps featured as free apps of the day might still encounter this problem, it at least opens the door for web developers to make some money off the native app market. As Gigiaom points out, this move might be a sign that big companies are embracing web apps for mobile as a credible alternative to platform specific native apps. And Amazon isn’t the only one looking to expand web apps.

Google Chrome is finally making a new feature they announced in May 2013 available to developers. The newly released tools let developers make Chrome apps available on other platforms, including mobile operating systems. This new approach will let developers make web-based apps available in native app stores. From Gigaom:

Based on Apache Cordova, the tool is basically a native application wrapper that fits around the Chrome app so it can be distributed through either the Google Play Store or Apple’s App Store. …

The idea has always been that Chrome is not just a browser, but a platform built upon web-based technologies; one that can run atop other platforms, such as OS X or Windows. The introduction of the new toolset for developers simply gives the Chrome platform the basis of an application ecosystem. And it offers developers a chance to target multiple platforms through Chrome apps.

So if you always wanted to capitalize on the searchability of native app stores but decided to stick to web apps, here’s your chance.

Google Cracks Down on Malicious Chrome Extensions

Google ChromeIf you notice some of your Chrome extensions disappearing don’t panic, it’s a good thing. Google recently cracked down on a couple of extensions after it came to light that malicious parties were approaching extension creators looking to buy the extensions and turn them into something that Chrome doesn’t allow.

The problem is that these parties buy extensions that likely went through a lot of testing and were perfectly innocent and functional when introduced to Chrome, then add code to turn the extension into malware and adware machines. According to International Business Times, this is exactly what happened to the “Tweet This Page” and “Add to Feedly” extensions – which are no longer available.

“Tweet this Page” and “Add to Feedly” were removed by Google as they violated Google’s terms of service regarding advertising. News hit the internet last week that “investors” have been approaching Chrome extension developers asking to purchase their programs, intending to secretly add malware after the purchase has completed, and now Google is cracking down. Google updated its policies in December to prevent developers from including additional code in their extensions, stating that extensions should be “simple and single-purpose in nature.”

The article notes that this crackdown is especially necessary since Chrome extensions update automatically. Once a user installs an extension they can unexpectedly be subjected to this malware with a simply update that they may not even notice.

Unfortunately, there’s not much anyone can do to prevent this. Extension developers need to think carefully about selling their extensions and do thorough research about the buyer first – but even that might not help.

Amit Agrawal, the developer of “Add to Feedly,” admitted on his blog this weekend that he sold his Feedly-friendly extension to a woman for a “four-figure offer for something that had taken an hour to create.” He states that he googled the woman’s name but got no results.

Once an extension is sold, it’s up to Google to make sure extra code isn’t added and to users to report if they notice anything unusual. As web app testers you’re more attuned to the ways of the web than most people, so if you’re a Chrome user keep an eye out in the next few months and make sure extensions don’t start acting up.

Is Your Website Ready for the Big Game Mobile Rush?

Mobile web across devicesThe biggest football game of the year is only days away and every advertiser has been scrambling for months to make sure their website is ready for the influx of visitors. They’ve optimized, they’ve load tested, they’ve planned and worried and tweaked – all in an attempt to stay off the “these sites failed during the Superbowl” lists that come out every year.

But in the rush to test the websites and one-off native app promotions they’ll be directing users to, have they taken the time to test on mobile web?

Last year, mobile internet use accounted for at least 15% of internet access in the US and 17% globally. On big event days, that number trends much higher. Black Friday and Cyber Monday saw 39% of all online traffic come from mobile.

When a sporting event is involved, people are even more likely to reach for a mobile device rather than a computer. Think about it, many people attend or throw parties to watch the big game with family and friends. All those guests won’t have access to a computer, but they will have a variety of mobile devices in all shapes and sizes at their buffalo-sauce-covered fingertips.

Adobe says that, according to trends, companies that advertise during the Superbowl will see a 20% increase in web traffic that day. Much of that is sure to come from mobile devices. The NFL has even made improvements at MetLife Stadium to ensure the fans actually at the game get consistent mobile internet access.

Even if you’re not advertising, you might want to consider ramping up your site before next Sunday, especially if you have a media or video streaming site. Research by Adobe of 10 major sporting events last year found that streaming sports clips via mobile devices increases dramatically while consumers are actively watching an event.

The Dig­i­tal Index team ana­lyzed 1.4 bil­lion video starts dur­ing 10 large sport­ing events in 2012 and com­pared them to typ­i­cal, non-event days.  View­ers demon­strated an increas­ing propen­sity to check sports-related videos from their mobile phones and an even larger desire to watch those videos from tablets dur­ing these spe­cial sport­ing events. These data points are com­pelling, but most strik­ing is the per­cent­age of online videos accessed by tablets and mobile phones, reach­ing 16% on a day with a major sport­ing event – a 100% increase com­pared to a typ­i­cal day in sports. View­er­ship lev­els of this mag­ni­tude are sig­nif­i­cant and demon­strate the need for media web­sites to con­tinue to invest in usabil­ity, design, and opti­miza­tion of mobile con­tent.

So how can you prepare for the onslaught of mobile traffic? Start by ensuring you have a pleasant mobile web experience. According to Google, 48% of people interpret a poorly performing mobile site as meaning the company doesn’t care. Trying to cover the screen size of every mobile device on the market can drive you nuts, but going with a responsive design for your website will alleviate that headache. If your site isn’t responsive already, it’s too late to make the switch before the game. Instead, identify the top mobile devices and browsers your visitors use and test, test, test on those. Pinpoint any major issues and spend the next week doing your best to address them. Then test all over again to make sure you didn’t introduce a bug somewhere else. (Though it sounds like a tall order, testing on quick notice is, in fact, possible.) If you’re in the last stages of perfecting your responsive site, testing across devices is just as important.

More eyes on your website is a good thing. Just make sure that if those eyes turn to your site on a mobile device, they have a pleasant experience.

Broadband Speed Test Hits 1.4 Terabits Per Second

Fiber Optic internetEver since the days of the dial-up tone, internet users have been seeking faster data speeds and putting more stress on existing broadband networks by increasing the number and types of activities we do online. As video calls and online media streaming continue to grow in popularity, those old systems are going to be stretched even thinner. From BBC News:

Alcatel-Lucent told the BBC that the demand for higher bandwidth grew by around 35% every year, making the need for more efficient ways to transfer data a massively pressing issue for ISPs, particularly with the growing popularity of data-heavy online services, such as film-streaming website Netflix.

Now, two companies in the UK are proving that existing broadband systems can support faster internet speeds.

Alcatel-Lucent and BT said speeds of 1.4 terabits per second were achieved during their joint test – enough to send 44 uncompressed HD films a second.

The test was conducted on a 410km (255-mile) link between the BT Tower in central London and Ipswich. …

The high speeds were achieved using existing fibre cable technology that has already been installed in much of the UK and other parts of the world.

Kevin Drury, optical marketing leader at Alcatel-Lucent, likened the development to reducing space between lanes on a busy motorway, enabling more lanes of traffic to flow through the same area. …

In internet terms, this would mean, for example, streaming video would get a large, wide lane, while accessing standard web pages would need only a small part of the fibre’s capacity.

While it may be while before these speeds become available to the public – much less become the norm – it’s promising and could mean that internet providers can keep up with demand as more and more people interact with media online.