Sunday, 20 November 2016

Selenium Automation Framework

Selenium automation is one of the biggest favourite for automation testers. One of the key factor to deliver the automation work is to build the required framework which will reduce the time to maintain the automation scripts.

Lets find out what is Selenium automation framework in this post.

Selenium Automation Framework is setting standards to make the development, maintenance and operations simple. In other words any one who wants to run the scripts and analyse the results should not see any complexities in operations. All the complexities will be hidden in a logic and the libraries.

The first step is to find out about the application feasibility. This is very essential, remember Selenium works only with web applications and any windows based alerts will not be handled using webdriver. Autoit kind of tools are required to handle such alerts. So for any project to be successful the feasibility  study is must.

Next important step is to study the application flow. Straight forward steps and exceptional steps will be noted down and segregated. The requirement of test data for the steps are identified. Such data is more and follows the same steps each time then we will start thinking about data driven automation. Data driven steps are identified if certain type of data decides the flow and with all different sets of data the same steps are executed which results in different sets of outcome requires data driven framework.

We also need to decide how the reporting should be done. Most simple reports are biggest advantage of framework however they are most complex to build in many cases. The tools for reporting like TestNG and Junit are widely used. However if you have enough time and demand for some specific reports then HTML reports are very useful.

Now we know the framework for the project and reporting needs. We can start building library functions. These functions are as simple as opening client site, clicking on button and entering data in text field. The basic control should be targeted first.

Another important step is to create the driver and decide how do you want to call the scripts. All the library functions and client scripts should take values from property files only. This way we can make sure that the same function can be used for different operations.

Hope the above information gives basic idea of the selenium automatio framework. I will be waiting to hear from all of you.


Happy framework designing.

Saturday, 12 November 2016

Security Testing

This post is dedicated to the specialised branch of software testing - Software Security Testing.

Before we get into Software Security Testing which is always part of Non Functional Testing unit we will see what are the types of Software Threats -

1. Brute Force Attack

Brute Force Attack is a vital information guessing technique. In this process automated system generates many combinations of user password or pin (personal identification number) to get into the business machines with the intention of stealing the data. These attacks are crafted very carefully so that automated system should get the access to the business systems quickly.

2. Denial of Service

This type of attack is on the critical business systems like bank, payment gateways, booking sites or critical news boards. The intention of this attack is to stop users to access the application. The attack is usually  done by the automated system by creating virtual users in exponential process with the intention of blocking available bandwidth of server to deny access to any users who need information.

3. SQL Injections

SQL Injections are the SQL queries to read, modify or delete business critical information stored in the database  using presentation layer. These attacks are easy and can be planned quickly. However these attacks are most of the time risky attacks and easy to track down.

4. Trojan Attacks

Trojan attacks are most common and easy to find. In these attacks users are presented with some of the interesting tasks like disk back up, disk fragmentation or memory management and at the background  automated scripts are executed to steal information. These attacks are successful if the user follows instructions given on the websites without confirming with the security teams.


5. Fishing

These attacks are usually crafted by sending out emails to mass users. These emails are lottery, charity or some business proposals. Users fall for this type of invitations because the offer is very lucrative and directly comes to the email inbox. The email comes with some kind of URL to hit or buttons or images to click the confirmation so that users get trapped.


Now we understand the possible attacks and threats to the business so the first task is to create test strategy to find out, in our client's business such vulnerabilities are present and if present raise an issue to fix them before the business application starts handling the user information or business critical information.

Except the fishing attack all other types of attacks are tested using penetration tools. For fishing attack we usually inform the staff and add email scanners to scan the emails coming into the business network and going out of the business network.

Open source tools used for testing above attacks are Aircrack-ng, Automatic backholing, SQLMap, pfSense and Gophish respectively.

Enjoy Security Testing!

Saturday, 5 November 2016

Mobile Testing



Mobile testing or Mobile Application Testing is a complex and time consuming process. Due to the immense pressure of quicker delivery to the market, it is more critical to complete the task in less time. Let’s find out, what Mobile Application Testing is all about. 

Mobile application testing is a process where mobile application is tested for usability, functionality and consistent performance. Mobile testers use Mobile emulators to test the mobile applications. Mobile emulators help to test the application on different devices without having physical mobile phones present to test. Remember all mobile devices are on different platforms with different screen sizes.

Screenfly and CrossBrowserTesting are two easy to use screen emulators to test the mobile application. These emulators provide screens with different sizes and with different platforms like iOS and Android.

The mobile application testing can be manual or automated, however all new mobile applications usually tested manually and then through automation. The usability, application GUI, functionality are tested manually and automation is applied to performance and testing the mobile application on various devices. If the application is web application and accessible through a browser on the phone then the testing will be different. Testing mobile application which requires application installation on mobile device will be tested using multiple emulators and hence requires automation.
  
MonkeyTalk is one of the open source automation tool which is very handy to automate functional tests for iOS and Android applications. We can create data- driven tests using MonkeyTalk.

Monkey is an automation tool which runs on Android emulators and creates user events like clicks, touches or gestures.

So from the above description, we have identified that mobile application testing requires manual as well as automation testing. Due to the complex nature and many mobile devices available in the market, mobile application testing requires skills and detailed manual and automation plan.

Hope this information will help who wants to enter in mobile application testing.

Happy Mobile Testing!