Setup framework :Selenium, Maven, TestNG, Java, Eclipse IDE

Selenium Framework(Selenium,Eclipse,Maven,TestNG, Java)

Resources/Checklist:
JDk
Eclipse IDE
Selenium server
Selenium-java-client driver
Starting and stoppig Selenium server
TestNG in Eclipse IDE
Maven in Eclipse IDE


1. JDK:
Download the latest version of JDK from Java official web site (www.oracle.com)
in your computer and set the system environmental variables accordingly.
select the JDK package with respect to your system OS.

2. Eclipse IDE:
Download the latest version of Eclipse IDE from eclise official website : 
 http://www.eclipse.org/downloads/

3. Selenium server and client driver:
Download the Selenium server and Selenium java client driver of latest version.
http://seleniumhq.org/download/

find the attached screen shot

4. Start and Stop server

After downloading the server unzip it.
Open the cmd prompt and point to the location where you have installed the server and type the command
java -jar selenum-standaloner-server.jar and press "Enter" button.

The server will start in the port 4444 by default where you can find the logs while running the tests.


5. TestNG and Maven integration for Eclipse:

GoTo Help>>Eclipse Market place>> search for TestNG
TestNG integration for eclipse will appear first in list.

Same process is followed for Maven plugin

Security Testing

Security Testing is a type of software testing in which testing 
is performed on an application to check if the security is maintained 
in such a way that the valid users are able to access, invalid users 
are unable to access and the vital information is protected from 
destructive agents like viruses and also protect from hackers.

This type of software testing can be done in many ways with
several objectives in many areas.

Some of them are given below.

Loging in to application:
Security testing is performed on login page to test valid user is able to
access and invalid user is unable to access.

Illegal access of web page:
Here, testing is performed to test the acess of the web page with URL
with out login and see the security is maintained.

Firewall:
Firewall is a means of security usually is established before the servers
where in vital information is stored. Security testing is performed to check if the firewall
is working as per the administrative setting to allow the desire requests
and not to allow the undesired requests. In other words it must have capability
to block destructive agents like viruses for the sake of protection.

Security should be maintained to avoid the following :
Checklist for security testing

A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards


Security testing is must for Banking & financial domain projects.
This type of testing is optional for all other domains and will be opted by clients.