You are here

Suur Traforuum

Partner track: Why It Is Important to Fix Non-Specification Bugs?

Most of the time we spend on testing is making sure that the software product is working as specified in the requirement documentation. The tester bases his testing using the documentation and together with experience and common sense. Sometimes we can log bugs which are conflicting with our common-sense interpretation of how things should work. This type of issues leads to skewed or outright wrong first impressions. How important is your first impression really?

This speech can accent on what problems manual tester face during their work (those testers who do not see the code itself).  How do we react, if we see something that is not normal based on our understanding or point of view.

If we will think that human being has the code inside (written by mother nature). Code that explains how should the heart beat or how blood is cycling through your body. Tester does not see this code, he sees only the result of code execution.  And the result  is your appearance and your fully working body. Here we come to the place, where tester sees how do you look like, your outfit, your hair condition, your face etc.

Let’s take an example. Your hair shampoo has in the instructions,  that you need to wash your hair every two days. And you do it. The “loop condition” cycle as described in the manual, but your hair looks slightly dirty every day. Tester will see this and judge your hair condition. Tester will think, that you can wash your head more often just because you have a different type of hair. Should we blame the tester for that judgement that it was based on his common sense, but not the manual itself, or should we ensure that non-specification issues should be logged and treated the same way as issues logged based on technical documentation?

Partner track: Breaking the Myths About Testing Casino Games

When people think of computer games, most imagine an evening at home sitting on a couch holding a controller making polygons fight or shoot on their behalf on the TV screen, or maybe they imagine sitting on their computer playing an MMO with their friends, laughing over voice comms. Coincidentally there are far more different computer games than just triple a titles and an ever growing avalanche of indie creations. Casino games are one such type. I think I don’t have to explain how irate you can get when you find an issue when you gleefully spend your time with your game of choice and sometimes you have to spend your time solving an issue that somehow got in the way of your “me“time.

When people think of computer games, most of them who are not in the industry or are as far removed from game development as they can be, have no idea how the games are being tested. When I was taking my first steps in Quality Assurance, I was one of those people. Being privvy to spending my time playing computer games of all shapes and sizes I was under the impression that game testing is nothing more than a room full of people replaying the game over and over, over and over, until they iron out all the quirks and inaccuracies. Naturally this is not the case, but after about 12 years of being involved in different types of software testing and a plethora of interviews for my current job, I see that there are still people think, that testing games is literally just sitting around doing playtests all day.

I would like to aim this talk towards newcomers to the industry or people who want to switch  their current jobs to game development to show that testing games be it regular video games or casino games, is a just as important and serious as testing communication software or banking software. To show that it involves all principles and methodologies of testing that can be applied everything else, but that it’s also a fun and engaging activity with its own perks.

Partner track: Avoiding Local Maximum via New Design and User Testing

There are only so many changes that designers can make to breathe new life into a product. At some point, they'll inevitably hit the Local Maximum or a point at which they have achieved the limit of the current design. The solution? Start over with a new design?

In this practical talk we'll share real-life before and after new design user tests, the importance of including UX from the early stages of development, how to balance end-user and business needs and more.

Android Application Security Testing

Sold out

As of September 2017, the Google Play store holds 3.3 million applications.  In May 2017 Google announced that there are over 2 billion monthly active Android devices. These devices are a gateway to our entire lives- our contacts, communications, entertainment and finances. Every application installed on a mobile device is placed into an ecosystem where all of this information is stored and constantly exchanged and accessed by the user and other parties. And just like every other piece of software written by humans, Android applications contain vulnerabilities. These vulnerabilities can be exploited by attackers, placing users and publishers of applications at risk.

What we will do:The workshop will be a combination of lectures, demos and hands on exercises, during which you will be given access to virtualized Android devices with pre- installed applications designed to showcase specific vulnerabilities.

  • We will conduct assessments on the applications, the devices and on
  • network traffic to discover the vulnerabilities present in the apps
  • We will assess the threats posed by the vulnerabilities
  • Since no security assessment is complete without writing a Proof-of-Concept attack, we will exploit every vulnerability that we find during our assessments

 

We will use the following techniques to conduct our assessments:

  • De-assembling applications into human readable dalvik opcodes (smali)
  • Generating Java-like code from Android apk files
  • Reverse engineering application logic, modifying and re-compiling Android applications
  • Modifying Android application logic during run-time
  • Analyzing, intercepting and modifying Android application network traffic

 

Takeaways:

After completing the workshop you will have a basic understanding of how to conduct an Android application assessment. The outcome will be a healthy paranoia, which will make you think twice before installing any application from the Play Store in the future. At the very least, you will become conscious of permissions requested by Android applications and how dangerous they may be.

Prerequisites:

This will be a technical, hands-on tutorial, which means, that participants are required to bring their own laptop. Previous programming and command line experience may make your overall experience smoother, but all concepts, techniques and tools will be explained from A to Z. In conclusion - all you really need is a laptop and motivation!

Subscribe to Suur Traforuum