Thursday, April 27, 2017

Web Accessibility Testing Techniques

Testing the web site is a key activity to ensure Web Accessibility for All. Testing allows us to find and understand issues existing in our website to be rectified while developing websites. There are various techniques to testing accessibility in websites. Some of them are listed below:

1. Code Scanning

There are many tools available on the internet that can help us by automatically detecting accessibility issues. These tools can be used to test the accessibility status of our web pages during the development stage and when performing web accessibility audit for websites.

These tools are valuable in identifying and rectifying preliminary web accessibility issues during the development stage. After completing code scanning and making sure that there are no detectable issues, we should carry out other forms of more detailed and manual testing methods as well.
Some of the more popular testing tools available in the internet are:
- AChecker
- Total Validator

2. Visual Review

Many issues and rectifiable measures can be figured out about the state of accessibility in a website just by visual browsing with the following questions in mind:
- Can the content be easily read?
- Can the forms for collecting input be used effectively?

Paying particular attention to visual components that might not work well can help us find these issues. For example, we should be asking questions like:
- Is the font size too small?
- Do the colors of the background and the text possess proper contrast?

The following steps can be taken while doing visual review of websites:
  1. Turn off CSS (Cascading Style Sheets) in the website. This will give you an overview of how screen readers will interpret your website. See if the content has a logical flow and structure even without any styling.
  2. Try using the built in browser text enlargement functions. Make sure that they work.
  3. Try navigating through the website using only the keyboard. Make sure all links and functions accessible.

Example Tools:

- Color Contrast Analyzer
- Developer Console on Chrome and Firefox

3. Manual Testing with Screen Readers

The best way to make sure that your website is properly usable with screen readers, is to try and use it yourself. Try to navigate the website using screen readers using only the keyboard and simply turn off the monitor and attempt to use the website.

  • Navigate around the website and determine how much information can be accessed with screen readers.
  • Make sure there isn’t any information that can not be reached this way.
  • Try reading headings, navigations, images, and also test more complex features like forms, inputs and tables.

Example Tools:

- VoiceOver
- Windows Light

Other Tools

Other than screen readers, persons with disabilities might also use a variety of other tools to interact with website.

For example:
  • Screen Magnification Tools – commonly used by people with partial visual impairments to zoom into particular sections for being able to read the content better.
  • Voice Control Tools – Persons with motor disabilities use voice command tools as the means to interact with websites as they cannot properly use a mouse or a keyboard. These people navigate using voice commands like “next link” and “go”.

Testing with these assistive technologies also gives you in-depth knowledge about accessibility issues present in your website.

Example Tools:

- ZoomText Magnifier
- Dragon Naturally Speaking

4. Human Testing

The most thorough approach to ensure accessibility in websites is to ask persons with various disabilities to test your website and give feedback on what needs to be taken care of what needs to be better. Persons with disabilities can provide meaningful insights on the way they use and interact with websites and can help you uncover subtler issues.

Obviously, this technique is time consuming and requires a lot of resources. This method can be done after going through the above mentioned methods to make sure that nothing was ignored in the process.

Various Disability organizations might be able to help you make this test by bringing in human testers for your website.

Accessibility Guidelines for Websites

World Wide Web Consortium (W3C) and Web Content Accessibility Guidelines (WCAG)

The World Wide Web Consortium (W3C) is an international community that develops open standards and guidelines to ensure the long-term growth of the web.

One of the core principles of W3C is to ensure the Web for all. Out of the need to support the creation of websites that work for persons with disabilities, W3C put together the Web Accessibility Initiative (WAI).

The Web Accessibility Initiative (WAI) is an initiative led by W3C to bring together people from the web industries, disability organizations, government bodies, policy makers, research labs, etc., from around the world to develop guidelines and resources to help make the web accessible to persons with disabilities.

The Web Accessibility Initiative (WAI) works in five levels
  • Ensuring that web technologies support accessibility
  • Developing guidelines for accessibility
  • Improving tools to evaluate and repair accessibility
  • Developing tools for education and outreach
  • Coordinating with research and development

As part of the third level of work of WAI, W3C has created and published a set of guidelines for ensuring accessibility in web technologies. These guidelines are named the Web Content Accessibility Guidelines (WCAG).

These guidelines explain how to make web content more accessible to persons with disabilities and the current version is known as the WCAG 2.0 which was published in December of 2008.
At first, the guidelines can appear pretty complex. However, the guidelines and all its components are logical and with some effort, anybody can understand and learn how to use and comply with these guidelines.

The WCAG 2.0 consists of four layers of guidance that describe the overall principles, general guidelines, testable success criteria and proper techniques to achieving accessibility. These 4 layers are:
  • Principles: The top level of guidance that describes the overall principles that provide the foundation for Web Accessibility: Perceivable, Operable, Understandable and Robust.
  • Guidelines: Under the principles, there are, in total, 12 guidelines that describe the goals that the developers and content creators should work on to achieve Web Accessibility.
  • Success Criteria: For each guideline, testable success criteria are defined that can be used to test the level of accessibility. There are 3 levels of success criteria defined, Level A for Basic, Level AA for Recommended and Level AAA for Ideal.
  • Sufficient and Advisory Techniques: For the guidelines and success criteria, WCAG also defines various techniques to better achieve and comply with them while developing content and technologies for the web.
There are 4 basic principles defined by WCAG 2.0 to Web Accessibility. These principles provide the foundation to achieving accessibility in web technologies. The guidelines and success criteria of WCAG 2.0 are all categorized under one of these 4 principles:
  1. Perceivable: Information and user interface components must be presentable to users in ways they can perceive. i.e. Users must be able to perceive the information being presented in the form of the senses that they possess.
  2. Operable: User interface components and navigation must be operable. i.e. Users must be able to operate the interface and should not consist of interaction that a user can not perform.
  3. Understandable: Information and the operation of user interface must be understandable. i.e. User must be able to understand the content and the interface and should not go beyond any user’s understandings.
  4. Robust: Content must be robust enough that it can be interpreted reliably by a wide variety of user agents, including assistive technologies. i.e. Users must be able to access the content with any technology as they advance. If any of these is not true, persons with disabilities will not be able to use the website.

WCAG 2.0 Guidelines

There are 12 guidelines defined by WCAG 2.0 that a developer or a content creator of the web should comply to, in order to make their websites accessible to persons with disabilities. The guidelines are categorized under the four principles mentioned above.

Monday, April 24, 2017

Download Free Havij 1.15 Advanced SQL Injection Tool

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.

The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injecting vulnerable targets using Havij.

The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

Download Free Havij 1.15 Advanced SQL Injection Tool

New Features

  •    HTTPS support
  •     Add MSSQL Blind
  •     MSAccess more Blind (commercial version only)
  •     PostgreSQL added (only commercial version)
  •     Check for more updates.
  •     User manual query with additional results. (Only the commercial version)
  •     First line on the first request (all in one request), plus (commercial version only)
  •     Dumping the data to a file is added (only commercial version)
  •     Data stored in XML format added (only commercial version)
  •     Inject the target with an increase in port (the default http port is 80) (only commercial               version)
  •     XSS bug in saved reports fixed.
  •     Remove log added.
  •     Apply button is added to the set makes it possible to change the settings at any time (only         commercial version)         
  •     Keyword testing and repair methods are added.
  •     Find a sequence of computed columns and optimized for better injection and database to           detect.
  •     Find the number of columns and column wires for the better.
  •     “414 Request URI too long” error fixed.
  •     New method to get the table and column in MSSQL further.
  •     An in MSAccess injection when syntax errors are fixed manually defined.
  •     Active XP_Exec add cmdshell (only commercial version)
  •     Active OS_Ex add cmdshell (only commercial version)
  •     Remote desktop-Enable added to cmdshell (only commercial version)
  •     Confusing MySQL, MSSQL 2005, when they found that the number of         fixed columns.
  •     Broken MD5-cracker site removed.
  •     Bug in MSSQL error detection is not fixed.
  •     An error in the error column MSSQL is not fixed.
  •     Bug in injecting into access database fixed.
  •     Bug fixed in the data in MSSQL.
  •     Find an error in mssql fixed.
  •     Bug in detecting database type when the number of fixed columns.
  •     Bug in MSSQL error syntactic fixed and executation manually.

Download Free Havij 1.15 Advanced SQL Injection Tool


For installation process contact me at email: cdcsit400[at]gmail[dot]com