See the source

The source of the web page is often a great place to find bugs, areas for further exploration and potential security flaws and leakage of information.

When I talk about the source I am referring to the source code for the page you are testing. The source code is what’s making the page work and as such contains snippets of information about how the application and page is put together.

There could be comments, usernames and passwords, hints referring to methods and implementations that could be useful from a security point of view. There could be rants and raves and loose comments about the company or the customers. There could be joke comments or comments alluding to partially implemented code.

There could be secret URLs and credentials in there too.

How to see the source code
When your site is open in your browser click “View" on your browser menu bar and then choose “View Source" (note: This is true for most browser but some may operate differently or call it something other than “View Source")

The page source will open in a window. Simply reading through it may reveal some interesting areas to explore further.

Useful Hint
Right clicking on the web page typically provides you with a context menu to view the page source too.

Useful Links
Andréas Prins article on Hidden Treasures - http://www.ministryoftesting.com/2010/12/hidden-treasures-for-everyone/

Firefox Extension to visualise page source - https://addons.mozilla.org/en-US/firefox/addon/view-source-chart/



If you’re interested in a career in Software Testing then check out my book Remaining Relevant And Employable (Tester’s Edition) - it’s packed full of ideas about writing good CVs, communicating your value to employers and doing well in an interview.