Sometimes software fails in obvious ways. Other times we're left to ask "Is there a problem here?"
Please vote, add your commentary, and submit possible problems for publication.
Have a bad, discombobulating, or funny software experience? How about a pleasant surprise by software that exceeds your expectations? Take a screen snapshot and submit your story.
Software testing tools: Heuristics for recognizing problems.
• Visibility of system status Visibility of system status: The system should always keep users informed about what is going on, through appropriate feedback within reasonable time.
• Match between system and the real world Match between system and the real world: The system should speak the users' language, with words, phrases and concepts familiar to the user, rather than system-oriented terms. Follow real-world conventions, making information appear in a natural and logical order.
• User control and freedom User control and freedom: Users often choose system functions by mistake and will need a clearly marked "emergency exit" to leave the unwanted state without having to go through an extended dialogue. Support undo and redo.
• Consistency and standards Consistency and standards: Users should not have to wonder whether different words, situations, or actions mean the same thing. Follow platform conventions.
• Error prevention Error prevention: Even better than good error messages is a careful design which prevents a problem from occurring in the first place. Either eliminate error-prone conditions or check for them and present users with a confirmation option before they commit to the action.
• Recognition rather than recall Recognition rather than recall: Minimize the user's memory load by making objects, actions, and options visible. The user should not have to remember information from one part of the dialogue to another. Instructions for use of the system should be visible or easily retrievable whenever appropriate.
• Flexibility and efficiency of use Flexibility and efficiency of use: Accelerators -- unseen by the novice user -- may often speed up the interaction for the expert user such that the system can cater to both inexperienced and experienced users. Allow users to tailor frequent actions.
• Aesthetic and minimalist design Aesthetic and minimalist design: Dialogues should not contain information which is irrelevant or rarely needed. Every extra unit of information in a dialogue competes with the relevant units of information and diminishes their relative visibility.
• Help users recognize, diagnose, and recover from errors Help users recognize, diagnose, and recover from errors: Error messages should be expressed in plain language (no codes), precisely indicate the problem, and constructively suggest a solution.
• Help and documentation Help and documentation: Even though it is better if the system can be used without documentation, it may be necessary to provide help and documentation. Any such information should be easy to search, focused on the user's task, list concrete steps to be carried out, and not be too large.
1. Injection Injection: Injection flaws occur when untrusted data is sent to an interpreter as part of a command. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without authorization.
2. Broken authentication and session management
Broken authentication and session management:
Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities.
3. Cross-Site Scripting
Cross-Site Scripting (XSS):
XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
4. Insecure Direct Object References
Insecure Direct Object References:
A dire
0 Comments:
Post a Comment