Interface testing is an important work in software testing, which involves the interaction points between systems. The interface can be an external interface or an internal interface, including upper-layer service and lower-layer service interfaces and peer interfaces. In interface testing, we need to ensure that the interface communicates and interacts as expected, and that it handles input and output data correctly.
1. How HTTPS works
We all know that HTTPS can encrypt information to prevent sensitive information from being obtained by third parties, so many services with high security levels such as banking websites or e-mails will use the HTTPS protocol.
When the client uses HTTPS to communicate with the web server, there are several steps as follows:
The client uses the https URL to access the web server and requires an SSL connection to be established with the web server.
After the web server receives the client request, it will send a copy of the website's certificate information (the certificate contains the public key) to the client.
The client's browser and the Web server start to negotiate the security level of the SSL connection, that is, the level of information encryption.
The client's browser establishes a session key according to the security level agreed by both parties, and then encrypts the session key with the website's public key and transmits it to the website.
The web server uses its own private key to decrypt the session key.
The web server encrypts the communication with the client using the session key.
2. Advantages of HTTPS
Although HTTPS is not absolutely secure, organizations with root certificates and encryption algorithms can also conduct man-in-the-middle attacks, but HTTPS is still the most secure solution under the current architecture, with the following advantages:
Users and servers can be authenticated using the HTTPS protocol to ensure that data is sent to the correct client and server.
The HTTPS protocol is a network protocol constructed by the SSL+HTTP protocol that can perform encrypted transmission and identity authentication. It is safer than the HTTP protocol and can prevent data from being stolen or changed during transmission and ensure data integrity.
HTTPS is the most secure solution under the current architecture. Although it is not absolutely secure, it greatly increases the cost of man-in-the-middle attacks.
Google adjusted its search engine algorithm in August 2014, stating that "sites encrypted with HTTPS will rank higher in search results than equivalent HTTP sites".
3. Disadvantages of HTTPS
Although HTTPS has great advantages, relatively speaking, it still has some shortcomings:
The handshake phase of the HTTPS protocol is time-consuming, which will prolong the loading time of the page by nearly 50% and increase power consumption by 10% to 20%.
HTTPS connection caching is not as efficient as HTTP, which will increase data overhead and power consumption, and even existing security measures will be affected.
SSL certificates cost money, and the more powerful the certificate, the higher the cost. Personal websites and small websites are generally not used.
An SSL certificate usually needs to be bound to an IP, and multiple domain names cannot be bound to the same IP. IPv4 resources cannot support this consumption. The encryption scope of the HTTPS protocol is also relatively limited, and it has little effect on hacking, denial of service attacks, server hijacking, etc. The most important thing is that the credit chain system of SSL certificates is not secure, especially when some countries can control the CA root certificate, man-in-the-middle attacks are also feasible.
4. The difference between HTTPS and HTTP
The HTTPS protocol needs to apply for a certificate from a CA. Generally, there are few free certificates, so a certain fee is required.
HTTP is a hypertext transfer protocol, and information is transmitted in plain text; HTTPS is a secure SSL encrypted transfer protocol.
HTTP and HTTPS use completely different connection methods and different ports. The former is 80 and the latter is 443.
The HTTP connection is very simple and stateless; the HTTPS protocol is a network protocol constructed by the SSL+HTTP protocol that can perform encrypted transmission and identity authentication, and is safer than the HTTP protocol.
HTTP URL parameters are preserved in the browser history, while HTTPS parameters are not preserved.
HTTP parameter passing has a length limit, but HTTPS does not.
HTTP is less secure than HTTPS because parameters are exposed directly on the URL, so they cannot be used to pass sensitive information.
The parameters of the GET request are passed through the URL, while the parameters of the POST request are placed in the request body.
A GET request produces one TCP packet, while a POST request produces two TCP packets.
5. The difference between Session and Cookie
Session and Cookie are commonly used state management mechanisms in web development, and they differ in saving user information and maintaining user sessions.
Save location: Session data is saved on the server side, while Cookie data is saved on the client browser.
Save method: Session is stored in a file on the server by default, and the storage location can be manually set; Cookie is saved in the client memory by default, and it is saved in the hard disk if an expiration time is set.
Dependency: Session relies on Cookie to identify the sessionid. If the browser disables Cookie, the Session will also be invalid. At this time, the sessionid can be passed through the URL.
Safety
Security: Because the session data is stored on the server side, the security of the session is higher than that of the cookie.
Size: Session basically has no size limit, and the content saved by Cookie is relatively small, which is determined by the browser.
Server performance: Session puts more pressure on the server, and cookies are placed on the client, so it basically has no effect on the server.
6. The difference between TCP and UDP
TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are the two main transport layer protocols in the Internet protocol suite, and they have the following differences:
TCP is a connection-oriented protocol, while UDP is a connectionless protocol. TCP requires a connection to be established before communicating, while UDP does not.
TCP provides a reliable service, ensuring the reliability and order of data transmission, while UDP does not guarantee reliability, and delivers data on a best-effort basis.
TCP is byte-oriented and treats data as a continuous byte stream, while UDP is packet-oriented and treats data as independent packets.
TCP has a congestion control mechanism, which will adjust the rate of sending data according to the network conditions, while UDP has no congestion control, and the sending data is not limited.
TCP is one-to-one communication, that is, one sender communicates with one receiver, while UDP supports one-to-one, one-to-many, many-to-one and many-to-many communication.
The header overhead of TCP is large, occupying 20 bytes, while the header overhead of UDP is small, only 8 bytes.
7. What is TCP/IP?
TCP/IP is the Internet protocol suite, also known as the Internet communication protocol family, which is the basic communication architecture for building and organizing the Internet.
The two core protocols under the TCP/IP protocol family are TCP (Transmission Control Protocol) and IP (Internet Protocol). They are key protocols in the layered structure of network communication protocols, known as the TCP/IP protocol stack.
The TCP/IP protocol provides a point-to-point link mechanism, and defines standardized processes such as data encapsulation, addressing, transmission, routing, and how to receive data at the destination.
The protocol stack layers the protocols according to different functions, and each layer implements different communication protocols. Various protocols of the TCP/IP protocol family are classified into four hierarchical structures according to their functions, and are generally regarded as a simplified seven-layer OSI model.
8. Common interface types and API document templates
Common interface types include:
HTTP interface: The interface based on the HTTP protocol is one of the most widely used network protocols, and most software systems based on the browser/server architecture use the HTTP interface.
Web Service interface: the external interface of the system, refer to the provided interface according to the provided method, so as to obtain data.
RESTful interface: describes an architectural network system, communicates based on standard HTTP methods and URLs, and supports the interaction of resources between systems.
Common API documentation templates include:
Swagger
FlatDoc
RestDoc
API Blueprint
Slate
Miredot
9. The role of cookies and test points
Cookie is a mechanism for storing data on the client side. It has simplicity, scalability and availability, and can be used to solve the stateless problem of the HTTP protocol. The functions of cookies mainly include:
Session management: manage and track user status by storing session IDs.
User personalized settings: record user preferences and settings, and provide personalized user experience.
Shopping cart function: store the product information selected by the user in the e-commerce website, which is convenient for the user to shop.
Remember the login status: After the user logs in, store the login credentials, so that the user can access without login for a period of time.
When conducting cookie testing, you can focus on the following test points:
Disable cookies: Test whether the system works properly with cookies disabled.
Cookie storage path: Check whether the cookie storage path is consistent with the setting.
Cookie expiration check: Verify whether stored cookies are automatically deleted after expiration.
Check the cookie options in the browser: test the cookie options of different browsers to verify whether cookies can be accepted and stored normally.
The browser deletes the cookie: Through the browser settings, test whether the cookie file can be deleted correctly.
Cookie Encryption: Verify that data is properly encrypted when submitting sensitive information.
Cookie storage information: Verify that the cookie can normally save and read the required information.
Tampering with Cookies: Test whether the system can correctly identify and process cookies after modifying them.
Cookie Compatibility: Test the compatibility of Cookie files in different types or versions of browsers.
The impact of the refresh operation on cookies: test whether to regenerate or modify the cookie file after the refresh operation.
Check whether the cookie content storage is complete and correct: decrypt the encrypted cookie content, and check whether all relevant information is stored according to the design requirements.
Check for cookie updates and additions: Perform the same operation or setting multiple times to check whether a new cookie file has been updated or added.
Statistical function verification: If cookies are used to count times or record status, verify whether the statistical function is working properly.
10. In interface testing, why do you need to understand how HTTPS works? What are the important functions and advantages of HTTPS in interface testing?
Data security: HTTPS uses the SSL/TLS protocol to encrypt communication to ensure that data will not be obtained, tampered with or eavesdropped by a third party during transmission. It provides a higher level of data protection by using technologies such as symmetric encryption, asymmetric encryption, and digital certificates, ensuring the confidentiality and integrity of sensitive information.
Authentication: HTTPS can authenticate the server, ensuring that the connection is established with the expected server. In interface testing, this means that it can be verified whether the terminal point of the interface is the expected legitimate server, avoiding the risk of man-in-the-middle attacks and forged servers.
Preventing data tampering: HTTPS uses message digest algorithms (such as SHA) and digital signatures to ensure that data is not tampered with during transmission. In interface testing, this ensures the integrity of request and response data, ensuring data consistency and accuracy.
Compliance and Security Standards: Using the HTTPS protocol complies with the requirements of many industry and security standards, such as PCI DSS (Payment Card Industry Data Security Standard). In interface testing, if it involves handling sensitive data or meeting specific standards, using HTTPS can ensure compliance requirements and provide an additional layer of security.
Ranking boost and user trust: Search engines like Google are more inclined to rank websites that use HTTPS encryption higher because they provide a more secure user experience. In the interface test, if the interface involves public websites or scenarios that need to improve user trust, using HTTPS can improve the search ranking of the website and increase user trust.
Enhanced attack resistance: Compared with the HTTP protocol, HTTPS greatly increases the cost of man-in-the-middle attacks. HTTPS provides greater protection against threats such as hacking, denial-of-service attacks, and server hijacking. In interface testing, this means better protection of interfaces from security breaches and attacks.
Compatibility and standardization: HTTPS is a widely used standard protocol with good compatibility with various systems and platforms. In interface testing, using HTTPS can ensure the compatibility of the interface with other systems and ensure the consistency with industry standards.
Finally: In order to give back to the die-hard fans, I have compiled a complete software testing video learning tutorial for you. If you need it, you can get it for free【保证100%免费】
Software Testing Interview Documentation
We must study to find high-paying jobs. The following interview questions are the latest interview materials from first-tier Internet companies such as Alibaba, Tencent, and Byte, and some Byte bosses have given authoritative answers. After reading this set of interview materials, I believe everyone can find a satisfactory job.
