Summary Overview
Technology
- Learn HTTP Standards
- You can base your 'bugs' on Standards
- HTTP Message Syntax and Routing RFC 7230
- Learn the common VERBS: GET, POST, DELETE, PUT
- Read the REST Dissertation
Testing
- Add as much variation as you can
- Use tooling to help you
- Go beyond the outcome
- Use headers
- Read the Docs
- Read the Swagger Open API output
- Combine everything you learned
- Use a Client, send in requests as easily as possible
- Use a Proxy, trust the proxy output rather than the tool output
- Track your testing
- Save HAR files to document your results
Tools - Clients
- Different tools have different capabilites
- Experiment with multiple tools
- Postman: Collections for Data Creation, Console
- Insomnia: Import, Timeline, Proxies
- Import/Export between Tools
Tools - Proxies
- Often used for Security Testing
- Fuzzers create data
- Automatically keep a record of your testing
- View actual requests and responses
- Replay requests
Tools
- Clients
- Bruno
- Hoppscotch.io
- Postman
- Insomnia
- cURL
- Proxies
- System
- Fiddler
- Charles
- Other
- BurpSuite
- Owasp Zap
- System
Automating
- HTTP libraries
- REST libraries
- Domain Abstractions
- Reuse for performance testing
Testing Summarised
- Requirements - domain, documentation, sdk
- Standards - HTTP, REST, Auth
- Security
- Capacity
- Interfacing Systems