Thursday, September 24, 2009

JAVA / J2EE / SWING Interview Questions W/ Solutions

Sharing Java interview questions being asked for mid-level to senior-level test engineering positions at well-established companies:
  1. What's the difference between a String and a StringBuffer?
  2. What's the difference between EJB and Hibernate?
  3. What's the difference between final, finally, and finalize?
  4. Difference between ArrayList and HashMap ?
  5. Expalin Swing Action architecture ?
  6. How will you communicate between two Applets ?
  7. How would you detect and minimize memory leaks in Java ? (Very important question)
  8. Explain SOA ?
  9. Explain Web and EJB containers ?
  10. Which Java pattern you have used, explain ?
  11. How to get a pop-up window when clicking on a button ?
  12. Given following code what will be output ?
  13. Explain exception handling in java ?
  14. Garbage collection - Can you force it ? (Very important)
  15. What is RMI ?
  16. How do you check that a date given as a combination of day, month and year is a valid date? For instance a date 2008-02-31 (as in yyyy-mm-dd) would be invalid date ?
Solution:
    Date parseDate(String maybeDate, String format, boolean lenient) {
    Date date = null;
    // test date string matches format structure using regex
    // - weed out illegal characters and enforce 4-digit year
    // - create the regex based on the local format string
    String reFormat = Pattern.compile("d+|M+").matcher(Matcher.quoteReplacement(format)).replaceAll("\\\\d{1,2}");
    reFormat = Pattern.compile("y+").matcher(reFormat).replaceAll("\\\\d{4}");
    if ( Pattern.compile(reFormat).matcher(maybeDate).matches() ) {
      // date string matches format structure, 
      // - now test it can be converted to a valid date
      SimpleDateFormat sdf = (SimpleDateFormat)DateFormat.getDateInstance();
      sdf.applyPattern(format);
      sdf.setLenient(lenient);
      try { date = sdf.parse(maybeDate); } catch (ParseException e) { }
    } 
    return date;
  } 
  // used like this:
  Date date = parseDate( "21/5/2009", "d/M/yyyy", false);
OR
package <>
import java.text.ParseException;
import java.text.SimpleDateFormat;


public class ValidateDate {
  public static boolean isValidDateStr(String date, String format) {
   try {
    SimpleDateFormat sdf = new SimpleDateFormat(format);
    sdf.setLenient(false);
    sdf.parse(date);
   } catch (ParseException e) {
    System.out.println(e.getMessage());
    return false;
   } catch (IllegalArgumentException e) {
    System.out.println(e.getMessage());
    return false;
   }
   return true;
  }
  public static void main(String[] args) {
   System.out.println(" 1900-12-13 valid ? "
     + ValidateDate.isValidDateStr("1900-12-13", "yyyy-MM-dd"));
   // "1990-12/13" throws a ParseException
   System.out.println(" 1900-12/13 valid ? "
     + ValidateDate.isValidDateStr("1900-12/13", "yyyy-MM-dd"));
   // "1990-13-12" throws a IllegalArgumentException
   System.out.println(" 1900-13-12 valid ? "
     + ValidateDate.isValidDateStr("1900-13-12", "yyyy-MM-dd"));
   /*
    * output : 1900-12-13 valid ? true 1900-12/13 valid ? false 1900-13-12
    * valid ? false
    */
   //LEAP YEAR
   System.out.println("2009-02-29 valid ? "
     + ValidateDate.isValidDateStr("2009-02-29", "yyyy-MM-dd"));    //EPOCH TIME
   System.out.println("1969-01-01 valid ? "
     + ValidateDate.isValidDateStr("1969-01-01", "yyyy-MM-dd"));
  }
}

How to test Private or Protected methods ?
Solution: You can not test Private methods they have to be made either protected or public. Though using Goovy framework you could achieve it, look for the same on web. Protected methods are for sub-classing so sub-class it and have a public method that will "exercise" the protected method in the unit test of that subclass. thats just a quick thought.

Monday, September 21, 2009

Security Testing - Web 2.0 and Web Applications

Web application security is not like regression testing that you come up with test scenarios once and keep running these from time to time or build to build. Rather security testing is a process to determine :confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Despite of the fact that you have best of best firewall, still security attacks on web applications is a huge concern and something that needs to be treated an important aspect of quality assurance or testing of web 2.0 - new web apps.

What kind of security attacks possibly could be detected and needs to be taken care of as part of testing: Vulnerability: Cause of vulnerability can be bugs in application or script code or presence of viruses.
URL manipulation: When web application communicates between client and server through a regular means - browser, changing information in URL could led to unintended behavior on server side.
XSS - Cross-site scripting: Standard issue when one tries to insert client-side script and when such insertion is viewable to user then one must test for XSS attacks.
SQL Injection: Insertion of SQL query which is then executed by server.

Test Approach To Perform:
URL Manipulation through HTTP GET Methos: In HTTP GET methods, information is sent in the form of querystring. One should modify parameter value in querystring to check if server accepts it.

SQL Injection: These are very critical as attacker get vitalinformation from server database. To check these, look at the snippet of code where direct MySql queries are executed by accepting some user inputs.If user input data is crafted in SQL queries to query the database, attacker can inject SQL statements or part of SQL statements as user inputs to extract vital information from database. Even if attacker is successful to crash the application, from the SQL query error shown on browser, attacker can get the information they are looking for. Special characters from user inputs should be handled/escaped properly in such cases.

XSS - Cross-Site Scripting: As the name suggests one must test applications for XSS using any HTML or any script