Sunday, March 22, 2009

wolf in sheep's disguise


This incident which i am going to share with you , is dated back when I first started learning what testing was.... May be you too will find this interesting.I used to work as a freelancer, I was given a website to test. As I was starting up as a tester, I was really excited.were no documentation so was actually doing ET (I didnt know that was exploratory testing at that point :))
It was then I found this out, The bug was pretty funny but a very serious security flaw.There
The ‘Forgot password section’:

As you all know that the forgot password section is of great use in any website, but if not properly validated it could be a very serious security issue.


The system sends password to any given email id without validating if the given id was mapped against the corresponding user name in the system database

I just was negative testing it, but the password was actually sent the email ad, This was a real security flaw.A big one.

That was one bug that changed my whole concept about the testing.

I think This is going to help you guys too. Because I still find websites(Being tested) with the Similar issues. Its a wolf in sheep's disguise guys.

4 comments:

  1. You got the header right..... I have always used "Disguise" with boon, but this really is a Wolf in disguise without much thought......... Though you might have found it to be initially, i am pretty sure that, this would be one bug that would remain with you forever...... To end - "Life's funny, but be secure"...

    ReplyDelete
  2. Thank you Peixe...
    Yea sure it is !
    :) Thanks fo the comment!!!!

    ReplyDelete
  3. You know why these errors are created by programmers .. Cause they are very keen to test testers testing ability. :-)

    Don’t fall in any pit

    ReplyDelete
  4. @ rebirth in a mono color world:
    This is one Xcuse we get to hear all the time. Try a better one mate!!!

    ReplyDelete