E-mail List Archives

Re: Tools for automated testing of password-protectedsites?

for

From: Yamanishi, Evan
Date: Mar 31, 2015 2:46PM


It sounds like you're looking for more of a bot or web crawler, but it's worth mentioning that WebAIM's Wave extension (Chrome and Firefox) works on production sites or sites behind authentication. It still requires a user to log in and run the extension, but it's more automated than manually inspecting code to find WCAG failures.

Chrome: http://wave.webaim.org/extension/
Firefox: http://wave.webaim.org/toolbar/

Evan

-----Original Message-----
From: WebAIM-Forum [mailto: <EMAIL REMOVED> ] On Behalf Of Karl Groves
Sent: Tuesday, March 31, 2015 2:00 PM
To: WebAIM Discussion List
Subject: Re: [WebAIM] Tools for automated testing of password-protected sites?

Caroline,

Testing behind authentication is hit or miss for any tool. HTTP authentication (also often referred to as Basic authentication or realm authentication) is probably the easiest for a tool to use because it uses standardized HTTP headers etc. to do it.

After that, all best are off, really. Many sites use cookies and/ or session IDs to determine whether the user is authenticated or not.
There are two concerns in this scenario: First, the tool must be able to pass through the necessary ID/PW combination to establish the session and Second the tool must be able to save & persist the
cookie(s) and pass back the necessary requests that the server makes for that detail.

In short, if testing behind authentication is important, you really want to take the time to verify any vendor's claim that their tool can do so on your system(s).

Karl



On Tue, Mar 31, 2015 at 12:11 PM, cb < <EMAIL REMOVED> > wrote:
> Thanks for the suggestions. I'm also looking to get feedback from
> people who are using these - or any other - tools on
> password-protected sites, especially ones that use third-party
> authentication where you don't have control over user accounts. How
> well does this work? What's the process like for setting it up? Is
> there a tool that handles this aspect particularly well?
>
> Thanks
>
> Caroline
>
> On Mon, Mar 30, 2015 at 8:23 AM, Srinivasu Chakravarthula
> < <EMAIL REMOVED> > wrote:
>> +1 to Deque and SSB's tools.
>>
>> Besides, you may want to try bookmarklet of HTML Code Sniffer
>> <http://squizlabs.github.io/HTML_CodeSniffer/>;.
>>
>> That said, be sure to do a manual audit too.
>> Thanks,
>> Srini
>>
>> On Thu, Mar 26, 2015 at 11:29 PM, Thomas McKeithan II
>> < <EMAIL REMOVED>
>>> wrote:
>>
>>> Are you looking for an enterprise tool?
>>>
>>> Deque's Worldspace tool might help or SSB Bart's AMP platform.
>>>
>>> Respectfully,
>>> Thomas Lee McKeithan II
>>> QSSI
>>> http://www.qssinc.com
>>> 508 SME, SSQA Solutions Center
>>> 10480 Little Patuxent Pkwy , Suite 350 Columbia , MD 21044
>>> (301 )977-7884 x1058 (Work)
>>> (202) 276-6437 (Cell)
>>>
>>>
>>> This electronic mail (including any attachments) may contain information
>>> that is privileged, confidential, and/or otherwise protected from
>>> disclosure to anyone other than its intended recipient(s). Any
>>> dissemination or use of this electronic email or its contents (including
>>> any attachments) by persons other than the intended recipient(s) is
>>> strictly prohibited. If you have received this message in error, please
>>> notify the sender by reply email and delete the original message (including
>>> any attachments) in its entirety.
>>>
>>>
>>> -----Original Message-----
>>> From: WebAIM-Forum [mailto: <EMAIL REMOVED> ] On
>>> Behalf Of cb
>>> Sent: Thursday, March 26, 2015 1:04 PM
>>> To: WebAIM Discussion List
>>> Subject: [WebAIM] Tools for automated testing of password-protected sites?
>>>
>>> Hi all,
>>>
>>> I'm doing some research on automated site accessibility testing.
>>> Specifically, I'm looking for tools or services that work well with
>>> password-protected sites. How are these things handled? Do you create dummy
>>> accounts on test sites? How do you handle credentials if you need to test
>>> live sites? How about if you're using third-party authentication such as
>>> OAuth or Shibboleth? Do you have any recommendations for specific tools?
>>>
>>> Thanks
>>>
>>> Caroline
>>> >>> >>> messages to <EMAIL REMOVED>
>>> >>> >>> >>>
>>
>>
>>
>> --
>> Regards,
>>
>> Srinivasu Chakravarthula - Twitter: http://www.twitter.com/VasuTweets
>> Website: http://www.srinivasu.org | http://www.learnaccessibility.org
>>
>> Let's create an inclusive web!
>> >> >> >> > > > > --

Karl Groves
www.karlgroves.com
@karlgroves
http://www.linkedin.com/in/karlgroves
Phone: +1 410.541.6829

Modern Web Toolsets and Accessibility
https://www.youtube.com/watch?v=_uq6Db47-Ks

www.tenon.io