You are here

Tutorials

Android Application Security Testing

Sold out

As of September 2017, the Google Play store holds 3.3 million applications.  In May 2017 Google announced that there are over 2 billion monthly active Android devices. These devices are a gateway to our entire lives- our contacts, communications, entertainment and finances. Every application installed on a mobile device is placed into an ecosystem where all of this information is stored and constantly exchanged and accessed by the user and other parties. And just like every other piece of software written by humans, Android applications contain vulnerabilities. These vulnerabilities can be exploited by attackers, placing users and publishers of applications at risk.

What we will do:The workshop will be a combination of lectures, demos and hands on exercises, during which you will be given access to virtualized Android devices with pre- installed applications designed to showcase specific vulnerabilities.

  • We will conduct assessments on the applications, the devices and on
  • network traffic to discover the vulnerabilities present in the apps
  • We will assess the threats posed by the vulnerabilities
  • Since no security assessment is complete without writing a Proof-of-Concept attack, we will exploit every vulnerability that we find during our assess-ments

 

We will use the following techniques to conduct our assessments:

  • de-assembling applications into human readable dalvik opcodes(smali)
  • generating Java-like code from Android apk files
  • Reverse engineering application logic, modifying and re-compiling Android
  • applications
  • Modifying Android application logic during run-time
  • Analyzing, intercepting and modifying Android application network traffic

 

Key takeaways:

After completing the workshop you will have a basic understanding of how to conduct an Android application assessment. The outcome will be a healthy paranoia, which will make you think twice before installing any application from the Play Store in the future. At the very least, you will become conscious of permissions requested by Android applications and how dangerous they may be.

Prerequisites

This will be a technical, hands-on workshop, which means, that participants are required to bring their own laptop. Previous programming and command line experience may make your overall experience smoother, but all concepts, techniques and tools will be explained from A to Z. In conclusion- all you really need is a laptop and motivation!

Revealing Architectural Testability

Sold out

A question I often ask testers is 'can you draw me the architecture of the systems that you test?' The answer is often stares blankly. I believe this is a core competency for an effective tester and the answer should be (more often than not) 'of course I can!' Architecture is a social construct, it is one of the main artifacts a team will gather around to discuss technical direction and customer need. If a tester cannot contribute effectively to this process, then an opportunity may be missed to gather important context for a balanced approach to testing.

Architecture is changing rapidly too. Testers will often be faced with cloud replacing the on premise physical architectures, or even hybrids of both, creating a further dimension of risk. Add containerisation and infrastructure as code then the big picture becomes even more complex. However, where there is challenge there is also opportunity for testers to add further value and play a greater role as teams adjust to change.

This tutorial encourages testers to interrogate, evaluate and elucidate the architectures they test, with the end goal of providing analysis of risk and insight into how testability can help address those risks. 

Key takeaways:

  • Attendees can recognise and explain the load balancing, web, API, database and shared access networks architectural layers
  • Attendees can recognise and explain the impact of cloud architectures on testing and testability concerns
  • Attendees will be able to sketch an architecture from a set of technical documentation and anecdotal sources
  • Attendees can identify key risk points within an architecture and build a context sensitive approach to testing
  • Attendees can apply models of testability to identified risks to propose enhancememnts

Designing your Java and Selenium tests. And your testing framework too (with Maven)

During this tutorial I will show you how to create and customize an automation project (framework) from scratch, using Maven. Java based test design will be the main focus of the tutorial after the project was created: how to avoid repeating code, how to structure your test code, how/when/why to create utility classes and how to run tests. I will show you how to write browser unaware Selenium tests and how to easily switch the browser on which they run. You will learn how to write tests that are environment unaware and how to make them run across your environments. Also you will get an idea of how to easily create tests for translation purposes, when your code runs across localized pages. In addition, I will go over the most useful IntelliJ shortcuts, that will help you be more efficient when writing and structuring code. All of these will be done against real code and real examples.

Key takeaways:

  • How to create a new code project with Maven Understanding your pom.xml file
  • How to import dependencies with Maven
  • How to find what you need in the imported dependencies
  • How to create Maven profiles for running tests based on an xml file
  • Creating the browser instances and browser utilities
  • How to switch browsers in tests and how to write browser unaware tests
  • How to switch environments on which tests run and how to write environment unaware tests
  • How to create one test that can run across all the localized variations of a page
  • How to structure the project (where to place what), how to organize the project IntelliJ shortcuts for common tasks, like: extracting methods from repeating code, extracting variables and field, auto-arrange of the code lines, etc

Strategies for Automated Regression Testing

Sold out

Automated regression testing is everywhere, it’s popularity and uptake has rocketed in recent years and it’s showing little sign of slowing down. So in order to remain relevant, you need to know how to code, right? No. While knowing how to code is a great tool in your toolbelt, there is far more to automation than writing code.

Automation doesn’t have answers for:

  • what tests you should create
  • what data your tests require
  • what layer in your application you should write them at
  • what language or framework to use
  • if your testability is good enough
  • if it’s helping you solve your testing problems

It’s down to you to answer those questions and make those decisions. Answering those questions is significantly harder than writing the code. Yet our industry is pushing people straight into code and bypassing the theory. Whether you’re someone who is coding on a regular basis, work or lead a team who practise automating tests or are looking for a starting point to get into test automation, having a strategy for your regression testing is key to getting the most out of your automation.

In this class through discussions and framed exercises, we are going to try to answer the above questions. This one day class will analyse:

  • What actions make up an automated test
  • What makes an automated test valuable
  • How to design maintainable automated tests
  • How to determine the best way to run specific tests against a product

Attendees will have the opportunity to learn new techniques and thinking and ultimately leave with the skills to successfully create strategies for their teams that go beyond knowledge of code.

Key takeaways:

  • By the end of this workshop, attendees will be able to:
  • Describe the principles of Automation in Testing
  • Differentiate between human testing and an automated test, and teach it to others
  • Describe what makes an automated test valuable
  • Describe the anatomy of an automated test
  • Determine the best interface to create an automated test based on current understanding of an application
  • How to discover new libraries and frameworks to assists us with our automated checking
  • Implement automated checks at the API, JavaScript, UI and Visual interface

Starting With Performance (and Reliability) Testing

Sold out

Who wants to learn more about Performance Testing?

Perhaps you’ve been nominteered to establish a performance testing practice. Maybe you’ve experienced a performance problem and want to address this risk in the future. It could even be that you are ready to take your career ahead another step. However you’ve arrived here, let’s get you started on this journey with an understanding of a typical performance testing project methodology.

We will have some lecture, and some hands-on. You will run a live load test, and interpret the results.

Course Outline

  • Goals of Performance Testing: Reducing Risk, Scaling, Capacity Planning, and Providing Development Feedback
  • Roles of the Performance Tester
  • Designing Tests: Doing the best test(s) you have time, tools, facilities, and people to do
  • Scripting Tests: Test scripting details, Data Models
  • Modeling Workloads: Understanding Application and Session Flow
  • Problems in realism: Understanding transactions, workload concurrency and peaks
  • Scenarios (Simulation, Breakpoint/Stress, Benchmark, Soak, Exploratory)
  • Test Environments and Scaling Results
  • Monitoring and Instrumenting: granularity, understanding hard and soft resources
  • Running Tests and Validating results
  • Front-End Analysis
  • Interpreting results and Reporting

 

Tutorial Takeaways

  • Understanding the phases of a performance testing project
  • Knowing a bit about each of the phases of a typical performance testing project
  • Having a framework for further education and self-study
  • Run a performance test

Exploratory Testing

Sold out

This one day tutorial is for both testers and developers wanting to perform Exploratory Testing as part of their approach to software testing. It teaches exploratory testing and how to apply it in a systematic and deliberate way. Learn how it use it to add depth to your testing by focusing on risk and understanding business value.

This class is experiential and contains practical exercises to help gain a basic exploratory testing skills.

The workshop will focus on the following aspects of Exploratory Testing:

  • Heuristics in Exploratory Testing
  • Models in Exploratory Testing
  • Exploratory Testing Strategy
  • Oracles & bug finding
  • Reporting to others

You will learn:

  • How to find bugs important bugs rapidly
  • How to find bugs without test cases
  • How to describe your testing to other people without using test case metrics

This tutorial requires a laptop, please bring one.

 

Advanced Automation for Agile: UI, Web Services, and BDD

Sold out

As testing shifts left in an agile world, teams rely on the fast feedback of automated scenarios for continuous integration/deployment. Automation frameworks must be designed to be stable, robust, and flexible. The traditional way of automating UI scenarios in a silo doesn’t lend itself to agile practices.

In this hands-on tutorial, you will build an advanced automation framework capable of keeping up with the demands of agile development. This single framework will be capable of supporting the automation of UI and web services, as well as Behavior-Driven Development (BDD) and Test-Driven Development (TDD) initiatives.  

You will learn how to use:

  • Advanced concepts in designing your UI automation such as modeling data within your application and componentizing page objects
  • TDD with the context of automation development
  • BDD specs for test automation
  • Cucumber to write steps that execute BDD specs
  • Rest-Assured to employ web services to make your tests quicker and less brittle

 

 

Subscribe to Tutorials