[Novo Testing](http://172.105.94.254/)

# [Novo Testing](http://172.105.94.254/) ## Passing Tests --- - ### SQL Injections  ## Failed Tests --- ## 1- Language ('Performance') Issue (High) ### Testing 1- Go To [Novo](http://172.105.94.254/) You Will See That The Main Language is English 2- Change The Cookies `sessionid` To `4tv8zh90do33ul204pyrjqf9a0wiiipk` 3- Refresh The Page You Will See That The Website Now Is Arabic ### Conclusion Changing Language To Arabic Or English Is Done By Server >**Generated Session ID With combining It With Language and Saved It In Database** #### Causes - Huge Database in Session table - Low in performance - Delay In Loading ## 2- Language ('Security') Issue (High) ### Testing 1- Go To [Novo](http://172.105.94.254/) You Will See That The Main Language is English 2- In New Tab Go To [Novo Change Lang. API](http://172.105.94.254/change_language/?language=ar) 3- Refresh The Page You Will See That The Website Now Is Arabic 4- In The URL Before There Is `/?language=ar` ,If You Change It To `en` And Refresh The Main Page It Will Return To English 5- What If You Change The `ar` Or `en` With Something Like `blabla` 6- Then Back To The Website and Refresh It, The Website Will Crash Exceptions Errors > For Shortcut Go [Novo Change Lang. API With Blabla](http://172.105.94.254/change_language/?language=blabla) > Then Go To [Novo](http://172.105.94.254/) ### Conclusion Changing Language To UnExpected One Will Make A Huge Security Threads ### Causes - 500 Server Error - Failed To Load API's For The Attached Session id - User Cannt Login/Order/Doing Anyting ## 3- Cart ('Performance') Issue (High) ### Testing 1- Go To [Novo](http://172.105.94.254/) You Will See That The Cart is Empty 2- Change The Cookies `sessionid` To `2au0r80qlp45mxy6o52chew4h1x9ftrt` 3- Refresh The Page You Will See That There are 252 Products in Cart ### Conclusion Changing Cart is Connected To Session On Database Not Local one >**Generated Session ID With combining It With Cart and Saved It In Database** #### Causes - Huge Database in Session table - Low in performance - Delay In Loading ## 4- Chat ('Performance') Issue (High) ### Testing 1- Chat Messages Are Loaded Every Time You Chat One Single Message Will Loaded The Whole Chat 2- If You Are Talking To Admin With more Than 100 Message Between You and Him . Go Send One More Message So Admin Wont See It In Real Time He Must Close Chat Icon And Press Chat Icon Again To Load 101 Messages 3- There is No Ending For This Chat So If I Enter Again or Refresh i will Access The Old Chat `It Seems Good` No Its Not You Will Loading All Old Messages Every Single New Message ### Conclusion - Not Real Time Chat - Even The "Not Real Time Chat" Could Be Better - Beside It's Connected To Session. #### Causes - Low in performance - No Real Time - Huge Lazy Loading If I Have 5k Messages ## 5- Subscription ('Feature') Issue (Low) ### Testing 1- Try To Subscribe 2- Check Your Mail No Subscription Happen Or Confirmation ### Conclusion - No Confirmation|Subscription ## 6- Social Icons ('Feature') Issue (Low) ### Testing 1- Try To Click On Any Social Icons ### Conclusion - Not Linked Icons ## 7- Register ('Feature') Issue (Low) ### Testing 1- Try To Register With Wrong Fields Or Not Equal Password ### Conclusion - There is Validation On Server Side But No On Client Side > Some Get Validation and Some Not ## 8- Email Activation ('Feature') Issue (Low) ### Testing 1- Activation Link That Sent To Email is Wrong ## 9- Login With Social Network ('Feature') Issue (Low) ### Testing 1- Try To Login/Register With Facebook Or Google You Will Get Error ## 10- VISA ('Feature') Issue (Low) ### Testing 1- Try To Use VISA You Can not # Dashboard Test  ## 1- Products Tab ('Feature') Issue (High) ### Testing 1- Validation Error On Add New Item is Still Appear After Enter Valid Data 2- Uploading Images For Product Must Validate For Its Image OR Not 3- Add New Product Got Server Error on Writing More Than 500 Character At Product benefits 4- Edit New Nutrition On Arabic/English ,One Section Only Got Server Error 5- Delete Product Got Server Error 6- Filters Got Server Error ## 2-Recipes Tab ('Feature') Issue (Low) ### Testing 1- Adding New Recipes Description Has No Limit So It Make Main Website Design Ugly When Exceed Number Of Characters (Recipe Tab On Main Website). 2- Cook Time Didnt appear On Main Website 3- Try To Acces Deleted Recipe Got Server Error Instead Of 404 Not Found (Main Website) 4- Filter Got Server Error ## 3-Blog Tab ('Feature') Issue (Low) ### Testing 1- Add New Blog With Same Title Of Another One Got Validation Error But Edit Blog With Same Title Of Another One Didnt 2- Social Links Didnt Validated So If User write "blablabla" It Will Appear 3- Add More Than One Blog On Main Website Go Unresponsive Design But More Than 3 Got Responsive One Check Website On Blog Now ## 4- Coupons ### Testing 1- Add Coupons On Checkout Added Coupon Value On Total Grand When Coupon is Larger Than Total Price. > If Product is By 50 LE and The Coupon by 20 LE Total Grand Must Be 30 LE Instead Of That It Is 70 (50 LE Product Price + 20 LE Coupon Value) 2- Add New Coupon With Today Got Expired Once I Created It ## 4- Orders ### Testing 1- We Can Change Deliver Date To Date Already Done. ## 5- User Tab ('Feature') Issue (High) ### Testing 1- Try Adding New User (Admin/Staff) 2- Try Update User From/To (Admin/Staff)e ### Conclusion It Isnt Work. >**And After Digging Found That :** >-The Request Isnt Sent . >-The Validation On Fields Isnt Right For Password It Says Password Didnt Match >-There is No Validation On Phone Like I Can Write "1" And Its OK For System (<a href="https://ibb.co/60rRbzY"><img src="https://i.ibb.co/Sw5X0bN/1.jpg" alt="1" border="0"></a>) On Update I Got Server Error (<a href="https://ibb.co/gRpWv0y"><img src="https://i.ibb.co/LZWgQTS/2.jpg" alt="2" border="0"></a>) # The Way That This Application Deals With Sessions Considered As Highly Security Issue ## It Make This Application Easily For - ### CSRF Attacks - ### Server Error - ### Server Crashed