WebAIM - Web Accessibility In Mind

E-mail List Archives

Thread: Tools for automated testing of password-protected sites?

for

Number of posts in this thread: 6 (In chronological order)

From: cb
Date: Thu, Mar 26 2015 11:04AM
Subject: Tools for automated testing of password-protected sites?
No previous message | Next message →

Hi all,

I'm doing some research on automated site accessibility testing.
Specifically, I'm looking for tools or services that work well with
password-protected sites. How are these things handled? Do you create
dummy accounts on test sites? How do you handle credentials if you
need to test live sites? How about if you're using third-party
authentication such as OAuth or Shibboleth? Do you have any
recommendations for specific tools?

Thanks

Caroline

From: Thomas McKeithan II
Date: Thu, Mar 26 2015 11:59AM
Subject: Re: Tools for automated testing of password-protected sites?
← Previous message | Next message →

Are you looking for an enterprise tool?

Deque's Worldspace tool might help or SSB Bart's AMP platform.

Respectfully,
Thomas Lee McKeithan II
QSSI
http://www.qssinc.com
508 SME, SSQA Solutions Center
10480 Little Patuxent Pkwy , Suite 350
Columbia , MD 21044
(301 )977-7884 x1058 (Work)
(202) 276-6437 (Cell)
 

This electronic mail (including any attachments) may contain information that is privileged, confidential, and/or otherwise protected from disclosure to anyone other than its intended recipient(s). Any dissemination or use of this electronic email or its contents (including any attachments) by persons other than the intended recipient(s) is strictly prohibited. If you have received this message in error, please notify the sender by reply email and delete the original message (including any attachments) in its entirety.


-----Original Message-----
From: WebAIM-Forum [mailto: = EMAIL ADDRESS REMOVED = ] On Behalf Of cb
Sent: Thursday, March 26, 2015 1:04 PM
To: WebAIM Discussion List
Subject: [WebAIM] Tools for automated testing of password-protected sites?

Hi all,

I'm doing some research on automated site accessibility testing.
Specifically, I'm looking for tools or services that work well with password-protected sites. How are these things handled? Do you create dummy accounts on test sites? How do you handle credentials if you need to test live sites? How about if you're using third-party authentication such as OAuth or Shibboleth? Do you have any recommendations for specific tools?

Thanks

Caroline

From: Srinivasu Chakravarthula
Date: Mon, Mar 30 2015 9:23AM
Subject: Re: Tools for automated testing of password-protected sites?
← Previous message | Next message →

+1 to Deque and SSB's tools.

Besides, you may want to try bookmarklet of HTML Code Sniffer
<http://squizlabs.github.io/HTML_CodeSniffer/>;.

That said, be sure to do a manual audit too.
Thanks,
Srini

On Thu, Mar 26, 2015 at 11:29 PM, Thomas McKeithan II < = EMAIL ADDRESS REMOVED =
> wrote:

> Are you looking for an enterprise tool?
>
> Deque's Worldspace tool might help or SSB Bart's AMP platform.
>
> Respectfully,
> Thomas Lee McKeithan II
> QSSI
> http://www.qssinc.com
> 508 SME, SSQA Solutions Center
> 10480 Little Patuxent Pkwy , Suite 350
> Columbia , MD 21044
> (301 )977-7884 x1058 (Work)
> (202) 276-6437 (Cell)
>
>
> This electronic mail (including any attachments) may contain information
> that is privileged, confidential, and/or otherwise protected from
> disclosure to anyone other than its intended recipient(s). Any
> dissemination or use of this electronic email or its contents (including
> any attachments) by persons other than the intended recipient(s) is
> strictly prohibited. If you have received this message in error, please
> notify the sender by reply email and delete the original message (including
> any attachments) in its entirety.
>
>
> -----Original Message-----
> From: WebAIM-Forum [mailto: = EMAIL ADDRESS REMOVED = ] On
> Behalf Of cb
> Sent: Thursday, March 26, 2015 1:04 PM
> To: WebAIM Discussion List
> Subject: [WebAIM] Tools for automated testing of password-protected sites?
>
> Hi all,
>
> I'm doing some research on automated site accessibility testing.
> Specifically, I'm looking for tools or services that work well with
> password-protected sites. How are these things handled? Do you create dummy
> accounts on test sites? How do you handle credentials if you need to test
> live sites? How about if you're using third-party authentication such as
> OAuth or Shibboleth? Do you have any recommendations for specific tools?
>
> Thanks
>
> Caroline
> > > messages to = EMAIL ADDRESS REMOVED =
> > > >



--
Regards,

Srinivasu Chakravarthula - Twitter: http://www.twitter.com/VasuTweets
Website: http://www.srinivasu.org | http://www.learnaccessibility.org

Let's create an inclusive web!

From: cb
Date: Tue, Mar 31 2015 11:11AM
Subject: Re: Tools for automated testing of password-protected sites?
← Previous message | Next message →

Thanks for the suggestions. I'm also looking to get feedback from
people who are using these - or any other - tools on
password-protected sites, especially ones that use third-party
authentication where you don't have control over user accounts. How
well does this work? What's the process like for setting it up? Is
there a tool that handles this aspect particularly well?

Thanks

Caroline

On Mon, Mar 30, 2015 at 8:23 AM, Srinivasu Chakravarthula
< = EMAIL ADDRESS REMOVED = > wrote:
> +1 to Deque and SSB's tools.
>
> Besides, you may want to try bookmarklet of HTML Code Sniffer
> <http://squizlabs.github.io/HTML_CodeSniffer/>;.
>
> That said, be sure to do a manual audit too.
> Thanks,
> Srini
>
> On Thu, Mar 26, 2015 at 11:29 PM, Thomas McKeithan II < = EMAIL ADDRESS REMOVED =
>> wrote:
>
>> Are you looking for an enterprise tool?
>>
>> Deque's Worldspace tool might help or SSB Bart's AMP platform.
>>
>> Respectfully,
>> Thomas Lee McKeithan II
>> QSSI
>> http://www.qssinc.com
>> 508 SME, SSQA Solutions Center
>> 10480 Little Patuxent Pkwy , Suite 350
>> Columbia , MD 21044
>> (301 )977-7884 x1058 (Work)
>> (202) 276-6437 (Cell)
>>
>>
>> This electronic mail (including any attachments) may contain information
>> that is privileged, confidential, and/or otherwise protected from
>> disclosure to anyone other than its intended recipient(s). Any
>> dissemination or use of this electronic email or its contents (including
>> any attachments) by persons other than the intended recipient(s) is
>> strictly prohibited. If you have received this message in error, please
>> notify the sender by reply email and delete the original message (including
>> any attachments) in its entirety.
>>
>>
>> -----Original Message-----
>> From: WebAIM-Forum [mailto: = EMAIL ADDRESS REMOVED = ] On
>> Behalf Of cb
>> Sent: Thursday, March 26, 2015 1:04 PM
>> To: WebAIM Discussion List
>> Subject: [WebAIM] Tools for automated testing of password-protected sites?
>>
>> Hi all,
>>
>> I'm doing some research on automated site accessibility testing.
>> Specifically, I'm looking for tools or services that work well with
>> password-protected sites. How are these things handled? Do you create dummy
>> accounts on test sites? How do you handle credentials if you need to test
>> live sites? How about if you're using third-party authentication such as
>> OAuth or Shibboleth? Do you have any recommendations for specific tools?
>>
>> Thanks
>>
>> Caroline
>> >> >> messages to = EMAIL ADDRESS REMOVED =
>> >> >> >>
>
>
>
> --
> Regards,
>
> Srinivasu Chakravarthula - Twitter: http://www.twitter.com/VasuTweets
> Website: http://www.srinivasu.org | http://www.learnaccessibility.org
>
> Let's create an inclusive web!
> > > >

From: Karl Groves
Date: Tue, Mar 31 2015 12:00PM
Subject: Re: Tools for automated testing of password-protected sites?
← Previous message | Next message →

Caroline,

Testing behind authentication is hit or miss for any tool. HTTP
authentication (also often referred to as Basic authentication or
realm authentication) is probably the easiest for a tool to use
because it uses standardized HTTP headers etc. to do it.

After that, all best are off, really. Many sites use cookies and/ or
session IDs to determine whether the user is authenticated or not.
There are two concerns in this scenario: First, the tool must be able
to pass through the necessary ID/PW combination to establish the
session and Second the tool must be able to save & persist the
cookie(s) and pass back the necessary requests that the server makes
for that detail.

In short, if testing behind authentication is important, you really
want to take the time to verify any vendor's claim that their tool can
do so on your system(s).

Karl



On Tue, Mar 31, 2015 at 12:11 PM, cb < = EMAIL ADDRESS REMOVED = > wrote:
> Thanks for the suggestions. I'm also looking to get feedback from
> people who are using these - or any other - tools on
> password-protected sites, especially ones that use third-party
> authentication where you don't have control over user accounts. How
> well does this work? What's the process like for setting it up? Is
> there a tool that handles this aspect particularly well?
>
> Thanks
>
> Caroline
>
> On Mon, Mar 30, 2015 at 8:23 AM, Srinivasu Chakravarthula
> < = EMAIL ADDRESS REMOVED = > wrote:
>> +1 to Deque and SSB's tools.
>>
>> Besides, you may want to try bookmarklet of HTML Code Sniffer
>> <http://squizlabs.github.io/HTML_CodeSniffer/>;.
>>
>> That said, be sure to do a manual audit too.
>> Thanks,
>> Srini
>>
>> On Thu, Mar 26, 2015 at 11:29 PM, Thomas McKeithan II < = EMAIL ADDRESS REMOVED =
>>> wrote:
>>
>>> Are you looking for an enterprise tool?
>>>
>>> Deque's Worldspace tool might help or SSB Bart's AMP platform.
>>>
>>> Respectfully,
>>> Thomas Lee McKeithan II
>>> QSSI
>>> http://www.qssinc.com
>>> 508 SME, SSQA Solutions Center
>>> 10480 Little Patuxent Pkwy , Suite 350
>>> Columbia , MD 21044
>>> (301 )977-7884 x1058 (Work)
>>> (202) 276-6437 (Cell)
>>>
>>>
>>> This electronic mail (including any attachments) may contain information
>>> that is privileged, confidential, and/or otherwise protected from
>>> disclosure to anyone other than its intended recipient(s). Any
>>> dissemination or use of this electronic email or its contents (including
>>> any attachments) by persons other than the intended recipient(s) is
>>> strictly prohibited. If you have received this message in error, please
>>> notify the sender by reply email and delete the original message (including
>>> any attachments) in its entirety.
>>>
>>>
>>> -----Original Message-----
>>> From: WebAIM-Forum [mailto: = EMAIL ADDRESS REMOVED = ] On
>>> Behalf Of cb
>>> Sent: Thursday, March 26, 2015 1:04 PM
>>> To: WebAIM Discussion List
>>> Subject: [WebAIM] Tools for automated testing of password-protected sites?
>>>
>>> Hi all,
>>>
>>> I'm doing some research on automated site accessibility testing.
>>> Specifically, I'm looking for tools or services that work well with
>>> password-protected sites. How are these things handled? Do you create dummy
>>> accounts on test sites? How do you handle credentials if you need to test
>>> live sites? How about if you're using third-party authentication such as
>>> OAuth or Shibboleth? Do you have any recommendations for specific tools?
>>>
>>> Thanks
>>>
>>> Caroline
>>> >>> >>> messages to = EMAIL ADDRESS REMOVED =
>>> >>> >>> >>>
>>
>>
>>
>> --
>> Regards,
>>
>> Srinivasu Chakravarthula - Twitter: http://www.twitter.com/VasuTweets
>> Website: http://www.srinivasu.org | http://www.learnaccessibility.org
>>
>> Let's create an inclusive web!
>> >> >> >> > > > > --

Karl Groves
www.karlgroves.com
@karlgroves
http://www.linkedin.com/in/karlgroves
Phone: +1 410.541.6829

Modern Web Toolsets and Accessibility
https://www.youtube.com/watch?v=_uq6Db47-Ks

www.tenon.io

From: Yamanishi, Evan
Date: Tue, Mar 31 2015 2:46PM
Subject: Re: Tools for automated testing of password-protectedsites?
← Previous message | No next message

It sounds like you're looking for more of a bot or web crawler, but it's worth mentioning that WebAIM's Wave extension (Chrome and Firefox) works on production sites or sites behind authentication. It still requires a user to log in and run the extension, but it's more automated than manually inspecting code to find WCAG failures.

Chrome: http://wave.webaim.org/extension/
Firefox: http://wave.webaim.org/toolbar/

Evan

-----Original Message-----
From: WebAIM-Forum [mailto: = EMAIL ADDRESS REMOVED = ] On Behalf Of Karl Groves
Sent: Tuesday, March 31, 2015 2:00 PM
To: WebAIM Discussion List
Subject: Re: [WebAIM] Tools for automated testing of password-protected sites?

Caroline,

Testing behind authentication is hit or miss for any tool. HTTP authentication (also often referred to as Basic authentication or realm authentication) is probably the easiest for a tool to use because it uses standardized HTTP headers etc. to do it.

After that, all best are off, really. Many sites use cookies and/ or session IDs to determine whether the user is authenticated or not.
There are two concerns in this scenario: First, the tool must be able to pass through the necessary ID/PW combination to establish the session and Second the tool must be able to save & persist the
cookie(s) and pass back the necessary requests that the server makes for that detail.

In short, if testing behind authentication is important, you really want to take the time to verify any vendor's claim that their tool can do so on your system(s).

Karl



On Tue, Mar 31, 2015 at 12:11 PM, cb < = EMAIL ADDRESS REMOVED = > wrote:
> Thanks for the suggestions. I'm also looking to get feedback from
> people who are using these - or any other - tools on
> password-protected sites, especially ones that use third-party
> authentication where you don't have control over user accounts. How
> well does this work? What's the process like for setting it up? Is
> there a tool that handles this aspect particularly well?
>
> Thanks
>
> Caroline
>
> On Mon, Mar 30, 2015 at 8:23 AM, Srinivasu Chakravarthula
> < = EMAIL ADDRESS REMOVED = > wrote:
>> +1 to Deque and SSB's tools.
>>
>> Besides, you may want to try bookmarklet of HTML Code Sniffer
>> <http://squizlabs.github.io/HTML_CodeSniffer/>;.
>>
>> That said, be sure to do a manual audit too.
>> Thanks,
>> Srini
>>
>> On Thu, Mar 26, 2015 at 11:29 PM, Thomas McKeithan II
>> < = EMAIL ADDRESS REMOVED =
>>> wrote:
>>
>>> Are you looking for an enterprise tool?
>>>
>>> Deque's Worldspace tool might help or SSB Bart's AMP platform.
>>>
>>> Respectfully,
>>> Thomas Lee McKeithan II
>>> QSSI
>>> http://www.qssinc.com
>>> 508 SME, SSQA Solutions Center
>>> 10480 Little Patuxent Pkwy , Suite 350 Columbia , MD 21044
>>> (301 )977-7884 x1058 (Work)
>>> (202) 276-6437 (Cell)
>>>
>>>
>>> This electronic mail (including any attachments) may contain information
>>> that is privileged, confidential, and/or otherwise protected from
>>> disclosure to anyone other than its intended recipient(s). Any
>>> dissemination or use of this electronic email or its contents (including
>>> any attachments) by persons other than the intended recipient(s) is
>>> strictly prohibited. If you have received this message in error, please
>>> notify the sender by reply email and delete the original message (including
>>> any attachments) in its entirety.
>>>
>>>
>>> -----Original Message-----
>>> From: WebAIM-Forum [mailto: = EMAIL ADDRESS REMOVED = ] On
>>> Behalf Of cb
>>> Sent: Thursday, March 26, 2015 1:04 PM
>>> To: WebAIM Discussion List
>>> Subject: [WebAIM] Tools for automated testing of password-protected sites?
>>>
>>> Hi all,
>>>
>>> I'm doing some research on automated site accessibility testing.
>>> Specifically, I'm looking for tools or services that work well with
>>> password-protected sites. How are these things handled? Do you create dummy
>>> accounts on test sites? How do you handle credentials if you need to test
>>> live sites? How about if you're using third-party authentication such as
>>> OAuth or Shibboleth? Do you have any recommendations for specific tools?
>>>
>>> Thanks
>>>
>>> Caroline
>>> >>> >>> messages to = EMAIL ADDRESS REMOVED =
>>> >>> >>> >>>
>>
>>
>>
>> --
>> Regards,
>>
>> Srinivasu Chakravarthula - Twitter: http://www.twitter.com/VasuTweets
>> Website: http://www.srinivasu.org | http://www.learnaccessibility.org
>>
>> Let's create an inclusive web!
>> >> >> >> > > > > --

Karl Groves
www.karlgroves.com
@karlgroves
http://www.linkedin.com/in/karlgroves
Phone: +1 410.541.6829

Modern Web Toolsets and Accessibility
https://www.youtube.com/watch?v=_uq6Db47-Ks

www.tenon.io