Is it possible to do this? Ideally to return the report in the very same page with ajax?
Example the user adds www.mywebsite.com to the field and then the report of pagespeed is returned. If not possible then redirect to Pagespeed result page.
You have a few options here. Starting from easiest to hardest (and in my opinion "worst" to "best" solution).
Add the Page Speed Insights (PSI) test page to an iframe on your site. You can then change the URL of that iframe to https://developers.google.com/speed/pagespeed/insights/?url=yourwebsite.com and manipulate the ?url=yourwebsite.com to be whatever you want.
This may be against Google's terms of service and is also a bad user experience but it is the easiest way to achieve it. I will leave you to investigate that option if you decide to do it.
Redirect users to a new tab. So just do <a target="_blank" href="https://developers.google.com/speed/pagespeed/insights/?url=yourwebsite.com">view your report</a> or redirect via JS on a button click.
Yet again not a great option as people are leaving your site but at least this won't be against Google's terms of service.
Use the page speed insights API. https://developers.google.com/speed/docs/insights/v5/get-started.
This is your best option in terms of time vs flexibility. You supply the API with the URL and it returns a JSON response with all of the metrics it gathers and the scoring.
Please note PSI is on version 6 of the API which should be available for general use soon.
Obviously this is a lot more work but well worth the effort as you can style everything as you please.
Install Lighthouse, the engine that drives PSI on your own server.
You can find the Lighthouse repository here. Please note you need to know how to use node, it is useful to understand puppeteer and you need a reasonable amount of server admin knowledge to get chromium (used as a headless web browser for running the tests) working and linked correctly.
At this stage you have complete control and can write your own test, scoring criteria etc. You can also run as many tests as your server will allow. If you want this level of control and freedom then this is the best option. However be prepared to sink a lot of hours into this solution!
Related
I am new to vulnerability testing at my new job at an EC site development (we also get them up and continue to run them on AWS EC2).
I am wondering if there is a way to configure Spider so that I can get ouput of the the "URL chain" to serve all the requests that are listed when I run php artisan route:list
Currently, my colleague who joined the company a few months before me is manually inputting this info into a spreadsheet.
Ex. "Home->Register user info->Confirm registered user info->main shopping page->item category page->item description page->confirm adding product to cart page->etc."
I find this to be extremely tedious, he does as well, and because he only speaks Japanese, I don't think he is able to post questions here.
I have started looking through the Zap documentation but have not seen anything relevant yet. Any advice is appreciated.
You can Active Scan specific orders of operations by leveraging the Sequence addon: https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsSequenceSequence. You can get it via the ZAP Marketplace:
There's also the Call Graph addon which might be of benefit to you, though I don't know the export options it provides off the top of my head.
Another alternative that might work for you would be writing a Standalone script that goes through the Sites Tree or History table looking at URLs and Referer headers:
https://github.com/zaproxy/community-scripts/blob/master/standalone/Traverse%20sites%20tree.js
https://github.com/zaproxy/community-scripts/blob/master/standalone/Loop%20through%20history%20table.js
I am trying to figure out how to run an A/B Test for a change on a Page Step for a Single Page. The idea is we have a payment flow with several page steps each containing a form. We'd like to swap out forms and test how our users react. We are trying to avoid changing the URL.
I looked into tools such as Google Analytics, but that requires a different URL to run the A/B test. The hesitation about creating a new URL is because our users are known to bookmark them, and we don't want to keep a backlog of redirects from invalid URLs, also we'd like to avoid constantly deploying new URLs for our tests.
I cannot seem to find any tool to do this, so I've tried to think of a few solutions but I'm not having a lot of luck.
My best idea is to build both a and b forms into the page, and when a user accesses the flow, the session randomly(based on a preset%) stores a value that dictates whether the user is in test a or b. Then when they step into that form, the server will serve the proper form to them. If they abandon their session, we'd track that, and if they complete the action, we'd track that.
I feel like there should be a better solution, but I just cannot come up with one.
My results online were either blogs showing how to approach it from a high level, and all of them used different URLs, I have found almost no developer resources.
Thanks.
We're using ExtJS 4.2.2, and .NET as our server.
Whenever you need the server to be involved, you need server-side instrumentation. No free tools offer that, but you could consider Optimizely "full-stack" (has support for C#) or Variant (does not yet).
A friend of mine has to fill online forms every day, and she wonders if there is a way to make this things automatically because she has all the data in a separate file. I showed her protractor, so she asked me if it is possible to use protractor for filling these forms. I think that one is able to use protractor when owns the project, but I don't really know if it is possible to use it when not. If it is not possible to do it, what can I do. I mean what she can do.
In some cases you could, but mostly no. Protractor only appears to work with websites built using AngularJS, however the website does not need to be served locally. The example on the Protractor homepage performs a test on the public/offical AngularJS website:
browser.get('http://www.angularjs.org');
From your own home computer, you can run automated Protractor/Jasmine tests (or other such things) on public websites built with AngularJS. However, you won't be able to perform a Google Search with this method for example, since http://www.google.com does not use Angular.
For more versatile browser automation, you could look at Greasemonkey for Firefox, or Tampermonkey for Chrome. These allow you to write JavaScript which will run in your browser, on top of a particular website, to modify that website's appearance or behaviour.
One other possibility is to write some kind of full automation script, using Python or BASH/curl. Deconstruct the web forms, treat the website effectively like an API, and use HTTP POST to submit form content. However, this would only be effective if your friend uses a select few web forms since it would need to be heavily custom-designed for each form. Also, it would not allow her to manually interact with the website or enter any values. That said, it is probably the most universal and commonly used method of achieving the automation you speak of. Additionally, the website(s) your friend uses might even publish some kind of official documented API, which would make this process far easier.
I am new ta GWT and I would like to know if there is a way to handler browser refresh. What happens now is that each time a user refreshes the page, or click F5, the application returns the user to the login page. what I want is to have the user stay at the same page when the page is refreshed. An example would be perfect.
Thanks a lot in advance!
Take a look at the Activities and Places design pattern for GWT.
It is a highly recommended approach that can handle page refreshes as well as back and forward buttons, and allows users to bookmark "pages" within your app.
Along with looking at activities and places which is a very useful way of handling navigation in an ajax application you will also need to handle the session from the server. You would have a call to do authentication either through a realm or some kind of homegrown authentication. I recommend Apache Shiro if you are just getting started. When you application loads from a refresh you need to make a call to the server to validate that the session you have is still valid and if so, you would send the user to the correct Place/Activity. The Activity/Places is a little bit more boiler plate but it is worth it in the long run and makes the application much more flexible. You may also want to checkout Arcbees GWTP plugin. This will handle most of the boilerplate for you but beware it can be a little complex to a newby. It uses Gin for dependecy injection and has some custom place mapping things that are a little different. But overall the documentation is very good and the gwtp eclipse plugin can save you some copying and pasting for some things.
You should look at the GWTP car store example. They did what you are looking for. https://github.com/ArcBees/GWTP/tree/master/gwtp-carstore
I would recommend you to consider History Tokens in your development to handle adhoc F5 refresh problems. Please have a look at http://www.gwtproject.org/doc/latest/DevGuideCodingBasicsHistory.html. While changing from one screen/layout to other, History Tokens help your browser keep track of the changes, because History Tokens change the URL itself. Examples can be found in the shared link.
I have an internal tool written in java. It would be useful to get a little
feedback on how much it is used by colleagues.
A simple solution would be to have the application display an image which it fetches from
a web hit counter like application and just look at how often the image is accessed.
So what I am looking for: a stand-alone application (i.e. no Apache modules, cgi scripts, etc),
which serves one or a couple of static images and and can log accesses, preferably with as
little as possible of support of everything else.
Searching for "hit counter" gave little relevant, "lightweight http server" was more relevant, although mostly overkill still. Any suggestions?
You could try using Google Analytics. Most of the time, people using Google Analytics are tracking pageviews on a web page, and Google Provides some javascript that you can place on your page and it will track the visits to that page as well as browser capabilities/etc. Behind the scenes, that javascript is placing an image tag on the page in the manner you describe.
However, since your application is java and not a web app (I assume it's a standalone and not an applet), you won't be able to include Google's javascript (unless you embed a javascript interpreter...yick). Fortunately, it is possible to use Google's analytics without javascript.
The trick is that Google's scripts use the image http://www.google-analytics.com/__utm.gif and pass parameters via the query string. You can find a list of the parameters you can pass to the query string here. So all you'd have to do is figure out what the query string should be and have your client make the request to google's image (after setting up your google analytics account, of course).
Just use Google Analytics, it's really easy and requires a short script on your pages.
Michal Kebrt's simple UNIX HTTP server does exactly what I was looking for.