Articles Tagged 'security'

Articles
Hosting Questions - SpiraTest, SpiraPlan, SpiraTeam & KronoDesk

You already know the advantages of us hosting your application in our cloud:

  • Focus on managing your projects not hardware
  • Flexible pricing and contracts by # users
  • Backups and all maintenance handled by our staff
  • Globally accessible using just a web browser
  • Get up and running in minutes with no installations
  • Choice of hosting locations (USA, EU, Canada, India, Singapore, Australia)               

However you may have questions about our hosting service. This article provides important information about our cloud hosting services, including security, privacy and reliability information.

Hardening SSL on IIS 6 - IIS 7

If you are running a web application (such as SpiraTest, SpiraPlan, SpiraTeam or KronoDesk) on an IIS web server using Secure Sockets Layer (SSL), you will want to harden the environment by removing the older versions of SSL and TLS that are no longer considered secure.

These steps apply to:

  • Windows Server 2003 R1 & R2
  • Windows Server 2008 R1 & R2

Usually Windows Server 2012 and later are already configured to be secure.

What to do When Rapise Doesn't Display the Web Page DOM?

Sometimes when testing certain web applications instead of the browser DOM tree appearing you will see strange results such as "Node0" appearing. This is caused by the application using nested frames with potentially different security origins. This article describes some of the common issues and describes the solution.

When recording with Chrome, Rapise does not record actions within frames
When creating web tests with Chrome, objects within cross-frames are not recognized by the Rapise Web Spy and recorder. This article gives a solution.
Certain Hyperlinks won't click during playback with Internet Explorer (IE)

Sometimes when you record a test script using IE and then play it back, some of the clicks on hyperlinks will not playback correctly. Rapise will list them as Passed, but the click won't actually be performed.

Remove IIS Server version HTTP Response Header

By default, the IIS web server used by Spira and KronoDesk will include an HTTP Header that discloses the name and version of the web server being used. It is often recommended by security experts that this header be hidden to make it more difficult for potential hackers to know what platform is being used by the application. This article explains how you can hide this header.

Defaulting Your System to use TLS 1.2 for .NET Applications

As you move your web applications (such as SpiraTest, SpiraTeam, SpiraPlan, or KronoDesk) to newer encryption protocols such as Transport Layer Security (TLS) 1.2, you will need to make sure the client applications are configured to use the latest version of TLS. Specifically applications using Microsoft .NET may not use the latest version by default.

Can we limit access to our Spira or KronoDesk Instance to Specific IP Addresses?

For additional security, customers may want to limit who can access their cloud instances of SpiraTest, SpiraTeam, SpiraPlan, or KronoDesk to specific networks and IP addresses. This article describes why you would want to do this and how we support this.

Enable TLS 1.2 in Internet Explorer 8, 9 or 10

If you have disabled TLS 1.0 and 1.1 encryption protocols on your IIS web server, you may run into issues accessing the web interface of Spira or KronoDesk from older versions of Windows and/or IE.

Issues using the KronoDesk and Spira Screenshot Java Applet

SpiraTest, SpiraPlan and SpiraTeam versions older than v4.1 and KronoDesk versions lower than v1.1.0.7 use a screenshot capture utility written using the Java development platform. This lets the web browser capture a screenshot and attach it to items in the system without having to first save the item. This article describes some issues using this applet and outlines the replacement plan we have implemented to use HTML5 instead of Java going forward.