security Questions

how to test vulnerability of ecommerce, whether the applied security is properly working or not?

whether the website can be hacked by anyone or not

My preference would be tools that have record and playback functionality.  There are lots of automated tools for Windows, but only a few for CentOS Linux.

I actally need someone who actually provides security testing services. I have a ecommerce website with 10K-12K visitors per month. I need to make it secure.



It is seen that many vendors publish thousands of android apps in a month. Unfortunately, most of them remain unnoticed in the app store. Lack of proper testing is the primary reason for the failure of these apps. Professional Android App Testing Services know how to make an app user friendly. Can you say some unavoidable aspects for all android app testing services?

I am facing this exception in IE browser,these xpath works fine in other browser with all windows combination.

Here are the xpath's below provided.

1. //form[@id='form1']/div[2]/table/tbody/tr[2]/th

2. //tr[2]/th

Please provide a solution for this issue which am unable to replicate.


org.openqa.selenium.InvalidSelectorException: The xpath expression '//form[@id='form1']/div[2]/table/tbody/tr[2]/th' cannot be evaluated or does not result in a WebElement

I've done a little research and came up with two links that offer some insight in this $34B industry!, which says that "the role of Automation is to support the testers and not to replace them. " That article also states that "Nelson Hall predicts that by 2017, the software testing market size will be $34 Billion." And, which mentions: "Independent Software testing (trending): With increased focus on QA, many businesses are relying on specialist QA organizations to provide testing services. This is largely due to the expertise that specialist QA organizations bring to the table, including TCoE capability. Hence partnering with them helps the business to circumvent the pain of finding skilled QA resources and setting up a mature QA, both in terms of process and technology."

I did my degree in correspondence am i eligible for IT field if so h

In our Organization we are planning to set up a Mobile Application Lab. Could you please help me in identifying the needs of the lab and its maintainance

  • Devices and equipments required (Mobiles of different platforms,tablets,macbook,kindle,sim cards with 2G and 3G, wifi, lan connection)
  • Emulators/ Cloud requirement
  • Lab security Maintainence
  • Set up requirements and maintenance.


I have had a hard time finding any kind of testing issues/guides for testing Windows 8 Surface Pro, any help?

I am working in a software company. I am testing a web application for security issues.

The web application contains the following characteristics:
1. The web application does not use <FORM> for user authentication and form filling. Javascript is used for handling HTTP POST instead.
2. JSON is largely used for HTTP requests and responses. Even viewing page source from a web browser, the source does not include dynamic data. Dynamic data is handled and displayed by Javascript.
3. After user authentication, dynamic links will be shown on web pages. These links consist of parameters and are generated by Javascript on loading a page.
4. Anti-CSRF token checking is implemented in GET/POST requests to prevent CSRF. These anti-CSRF tokens are included in parameters of GET/POST requests.

I am finding a web security scanner. The scanner should handle the following:
1. The scanner supports <FORM> and non-<FORM> authentication for scanning web pages requiring user authentication.
2. The scanner can scan the whole web application in a few steps (specifying the URL of the login page of the web application, user authentication information, the URL of the user logout link for exclusion).
3. Dynamic data is stored in JSON and HTML pages read JSON responses for displaying dynamic data. If a data field contains injected Javascript codes, the scanner can scan for XSS automatically.
4. The web crawler can find out links generated by Javascript.
5. The scanner can scan each GET/POST request for finding out missing anti-CSRF tokens.

What tools you suggest me to use? Thanks.


StickyMinds is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.