You are here

Omega

How to Build a Robust API Checking Framework

Note: There are prerequisites for attending this workshop. Please see the prerequisites section.

The rise of new architecture styles such as SaaS and microservices leads to an increase in popularity of API testing. With this, automating the API testing is a natural next step. Yet, how to manage this properly so that the benefits outweigh your general equivalent WebDriver solution in terms of ease and stability? Join this workshop to learn how to put together the basics of an API checking framework that is robust, easy to read, and eliminates the brittleness in your checks. The workshop covers making GET, POST and more advanced HTTP requests, setting custom request headers, easily building payloads and parsing responses, and tying all this together in scenario-based checks.

Key takeaways: 

Participants will learn:

  • How to build a framework that can execute a series of HTTP requests that can be asserted on
  • How to use DRY techniques when structuring the framework to build a framework that is robust and easy to maintain
  • How to execute complex scenarios that require multiple HTTP requests and sharing data across requests

 

Prerequisites:

There will be a voting done in the beginning of the session which will determine which language will be used in this workshop - Java or Javascript. Participants need to be prepared for both outcomes. So participants are required to bring a laptop with following setup done:

  • Java 8 / Maven
  • NodeJS

Selenium Tests, the Object Oriented Way

Note: There are prerequisites for attending this workshop. Please see the prerequisites section.

When you are writing Selenium tests to check for elements on your page, by taking the classic approach (checking for each element’s properties at a time), you might get to a large number of assert steps, one per each property you are checking. This increases the lines of code your tests have, make the tests difficult to maintain and tricky to read.

Wouldn’t it be nice if the actual checking part of the test would be small, perhaps one line of code? With the approach I am going to present, you can do just that. Hence your tests will be small and clean. All you will need to do is model the pages/modules/items by using an Object Oriented approach within your actual tests.

A workshop on Selenium and Java.

Key takeaways: 

  • Representing the modules or pages to test as Java objects;
  • Generating the expected and actual results for your tests based on these objects;
  • Comparing the actual objects with the expected ones will lead to a very short number of assertions in your tests.

 

Prerequisites:

Participants are required to bring a laptop with appropriate software setup - please see instructions from here.

Fractal Test Planning – Building Strategies in Context

We know that testing depends on context. We need to apply context also in our testing strategy, depending on where we are in the process – Are we in the beginning of the project, or towards the end? Are we testing for user experience, or functionality? Do we need automation at all, or maybe we’ve got so much automation, we’re already thinking on how to test our app on production servers?

The way we’re thinking strategically about tests is at the heart of this workshop. We’ll talk how to plan testing in different scales – from a “release”, to a feature, from stories to a micro-drop. We’ll discuss testing MVPs, the risks in the specific level, and testing in production. When our context changes, so does testing.

In the workshop, we’ll do planning exercises at the appropriate scale for the different stages, and discuss the differences and nuances we’re interested in. The discussion is collaborative and everyone brings their own experience – the best way to learn.

In the end, you’ll learn on how to choose the right resolution for testing, and pick the right strategy, level of reporting and focus in order to make the most of our already limited testing time.

Key takeaways: 

  • Making a test plan is about ROI, making use of limited time and resources
  • We should plan testing efforts in the context of where we are in the development process
  • The information we need to give based on our testing and its resolution also relies on where we are

De-Mystifying Mobile Application Testing - a Hands on Approach

Note: There are prerequisites for attending this workshop. Please see the prerequisites section.

As mobile devices, tools, operating systems, and web technologies rapidly evolve, testers must quickly adapt their thinking in this changing domain. Testers often struggle to find important vulnerabilities and bugs in mobile applications due to lack of guidance, experience, and the right resources. During my career in the mobile testing field, I've come across numerous bugs related to mobile native applications. Looking at these bugs, I started categorizing them, and have since come up with a mind map. This mind map helps to do a quick tour of your mobile application and find vulnerabilities as quickly as possible (https://goo.gl/JtJU7w). This could be used for doing smoke testing, acceptance testing or even production testing after your application is live on the different App stores. This session will give attendees hands-on experience by using these mobile testing approaches in real applications to get quick feedback.The different topics covered and format of the workshop would be as follows (There will be hands-on exercises in different sections of this workshop)

  • Basics of the mobile ecosystem 
  • Will quickly cover what are web, native and hybrid apps with live examples
  • Testing Approaches to get quick feedback on the mobile application 
  • Will cover the following testing approaches with exercises and screenshots of real life defects
  • Interrupt testing
  • Wi/Fi 4g switching
  • Testing end user scenarios
  • How to use logs and what kind of information we can get in both iOS/Android
  • Looking for Consistency
  • What are different types of keypads in mobile applications and how to identify these differences
  • How to do performance testing in iOS/Android
  • Why are User Reviews important and what kind of issues can be uncovered
  • Installation Testing
  • Battery Life/Storage
  • Will touch upon the following topics 
  • Mobile security
  • How to make apps smarter
  • Automation tools available for free
  • Will cover Appium framework on a high level
  • Show a demo of an app automated using Appium and how it works
  • De-mystifying Internet of Things
  • Cool things coming up in mobile and how it can impact our testing

Questions will be handled throughout the session in an interactive manner.

Pre-requisites for the workshop

  • Need to have one mobile device (iOS/Android)
  • Need to install Xcode if using mac 
  • Need to install Android Studio, IntelliJ or Eclipse for non-mac
  • Install SDK Platform Tools from this link - https://goo.gl/o24Mnb

 

NOTE: If you face problems, in any of the above setup steps, do not worry, as attendees will be in groups and can sit with people who have the above pre-requisites.

Testing for XSS

Sold out

The concept of XSS has been around for a few decades now. To this day, it is one of the most often occurring security vulnerabilities found on websites. Have you ever wondered why?

For one, the umbrella term XSS does not actually describe the issue. An "On-Site HTML injection" is usually still referred to as "Cross-Site Scripting". Never mind the fact that there is no "Cross-Site" or "Scripting" element to the actual vulnerability.

XSS can be found in a number of different technologies: HTML, JavaScript, CSS, or insert-your-plain-text-syntax-here. A developer easily obtains the mindset of "I know my HTML and I know my JavaScript". But do they really? They never think that, in fact, they only know the pieces of the language that they have used themselves. In other words, you usually don't know about the other pieces of a language that you have never used so far. 

HTML and JavaScript do not seem particularly complicated by themselves. The complexity usually arrives when they are used in combination for the development of a website. Add on top of that the behaviours of different browsers and any other "unforeseen surprises" that tend to appear when a human component is added to the mix.

XSS attacks come in different flavours: Reflected, Stored, DOM. It is often talked about as "Self-XSS" or in other words- attacking yourself. Developers tend to rely on the in-built defenses of browsers. This is why the consequences can be under-estimated. 

During this one day tutorial we will learn how to test for XSS vulnerabilities step-by-step and case-by-case. We will also learn to assess the validity of the implementation (even if there is no apparent vulnerability). All this will be achieved by preparing and launching Proof-of-Concept attacks against a test environment.

Subscribe to Omega