My portfolio showcases various projects created throughout my career.
Project Name – HR technology / payroll
EmCentrix is a US based HR technology / payroll integration organization, organization’s HRIS Software is built with the goal of creating great software that helps make the lives of HR & payroll professionals easier. EmCentrix online software-as-a-service solutions are designed to help customers efficiently manage their internal processes from a web browser whenever and wherever they are, giving them the freedom to focus on their jobs rather than filling out paper or dealing with outdated systems.
- I did UI/Cross Site Scripting/Functional/Performance testing for Aspire project
- Task allocation and new resource training.
- Monthly QA tasks progress report to management.
- QA process improvement plan implementation, monitoring and managing.
- I did automation task in Katalon Studio.
Project Name – Web EHR
White Wings MTS (Money Transfer System) application is used by Money exchange companies like IDT, ITranfer, Afro International, Rupali all over the world, application has integration with banks and other money exchange software.
- I did Money Transfer System (MTS) cross site Scripting testing.
- MTS performance testing using JMeter.
- Did Requirements gather and Storyboarding.
- Did SharePoint Design proposal for Content/Sites Management in White Wings.
- Tested, Money Transfer System (MTS) complete Application
Project Name – Web EHR
- External Audit conducted by DAS Pakistan in December 2013, served as ISMS implementer.
- Served as an ISMS implementer in external Audit conducted by DAS Pakistan in December 2014
- Testing of Web-HER (Electronic Health Record) MU1 and MU2 projects. Module includes Labs, Patient Demographics, Transcriptions, Messages, Patient Education, Patient Search, Dynamics Reports, and Patient Letters etc.
- Application Life Cycle Management implementation in MTBC and storyboarding on Team Foundation Server.
- Analyzed existing business operations and information systems of MTBC i.e., MTBC WebEHR/MTBC-Soft/MTBC-PHR and smart devices applications.
- Defined application problem by evaluating procedures and processes.
- Developed Solution by preparing and evaluating alternative workflow solutions.
- Interacted with internal users and clients to learn and document requirements that are then used to produce “Change Management Form 7.3-DD-F-03”
- Ensured that new technical requirements are properly integrated with existing process and skill sets.
- Developed prototypes to identify the proposed change in system and impact of the change on existing functionalities.
- Helped programmers during system development: Provided use cases with storyboard.
Project Name – Online Course Development
Developed the ISTQB Foundation Level preperation course on Udemy for the people who want to learn about software testing and specially quality assurance professionals who want to get the foundation level certification from ISTQB.
ISTQB Foundation Level Practice Exams
I have enriched experience in testing Electronic Health Record (E.H.R), Money Transfer software (MTS), Management Information System (MIS), Human Resource Information Systems (HRIS) and E-Commerce applications both mobile and web for their load/performance/UI/Functional/Regression/exploratory testing.
Test Automation Samples:
API Testing Samples:
Browserstack Testing _ Work Samples:
Cross Site Scripting:
It uses characters such as ; < > ” ( ) / and some ascii
Instead of blacklisting these characters, use anti-xss library methods to encode fields. From Microsoft: https://www.microsoft.com/en-pk/download/details.aspx?id=28589
It uses characters as – ; ‘ ” + = * !
Though we are already using parameters and stored procedures but there are cases where we need to allow such characters considering user didn’t made a malicious input. In that case we need to properly validate (escape, constraint and sanitize) input based on data. Here is how we need to do that:
Check for known good data by validating for type, length, format, and range. Consider following cases:
SSN Field: We know SSN type should be integer, its length, format and range is known, so use regular expression/custom validator on the field on server side.
First/Middle/Last Name: We know these fields contain only letters no special characters or integers. So apply custom validator to check if the field contains letters allow input otherwise sanitize it on server side.
Email: Apply regular expression validator for format handles input.
Date: Apply format validation.
Title/Notes: This field can contain characters such as – ( ) , : In this case we will encode the field using anti-xss encode method and leave it to our framework to perform necessary encoding. Making sure that there are sql parameters being used at the backend which take input as literal not as an execution code.
Username: Validate for special characters, since no platform allows username to have special characters.
Perform same validation checks on all fields by checking its type, length, format and range and validation must be on server side.
There is a Security Runtime Engine (SRE) provided as defense in-depth strategy in web protection library for sql injection and cross site scripting: https://wpl.codeplex.com/. Try it in the project for additional security.