The source of the web page is often a great place to find bugs, areas for further exploration and potential security flaws and leakage of information.
When I talk about the source I am referring to the source code for the page you are testing. The source code is what’s making the page work and as such contains snippets of information about how the application and page is put together.
There could be comments, usernames and passwords, hints referring to methods and implementations that could be useful from a security point of view. There could be rants and raves and loose comments about the company or the customers. There could be joke comments or comments alluding to partially implemented code.
There could be secret URLs and credentials in there too.
Image : The Page Source to The Social Tester website shown in Page Source Visualisation Firefox extension
When your site is open in your browser click “View” on your browser menu bar and then choose “View Source” (note: This is true for most browser but some may operate differently or call it something other than “View Source”)
The page source will open in a window. Simply reading through it may reveal some interesting areas to explore further.
Right clicking on the web page typically provides you with a context menu to view the page source too.
Andréas Prins article on Hidden Treasures – http://www.thetestingplanet.com/2010/12/hidden-treasures-for-everyone/
Firefox Extension to visualise page source – https://addons.mozilla.org/en-US/firefox/addon/view-source-chart/
If you want to talk Testing – catch me later this year at EuroSTAR conference.