[Me]:- Guruji, if I have to do testing on other technologies like Active X or XML, what questions can I formulate?
[Guruji]:- You can ask yourself these questions
2) Do the ActiveX controls allow code to be executed? Do they read or write files? Could they be made to?
3) Do the ActiveX controls create or delete any persisted data?
4) Do the ActiveX controls touch any system files or registry settings? (for example, reading or modifying)?
5) Are any other objects created?
6) Does the object ShellExecute?
7) Does the control expose any personal information? (Think about file names, user login name, paths, and so on.)
8) Are all of your ActiveX controls signed?
9) Are all of your ActiveX controls virus checked?
10) Are Java applets implemented?
11) Is CGI used? If not, can it be disabled on the server?
12) Are XML requests being sent?
13) Can a malformed XML query come from the client?
14) What happens if an XML request is sent to the server without the closing tag </…>? Does the server hang waiting for the end of the request?