Monday

Jbehave or Cucmber?


These two tools have always  been in a race and  also have an equal fan following. When people ask me which tool would you choose, the answer is "it depends on a lot of other factors and not just technology"!

For the testing geeks who would want to read the exact JVM comparisons between JBehave and Cucmber this is the best possible source out there:

http://mkolisnyk.blogspot.com.au/2013/03/jbehave-vs-cucumber-jvm-comparison.html?_sm_au_=iHV4sjrwrSTjZnJt

Happy BDD testing!

Friday

Security Testing + Test Automation using Selenium and ZAP



Problem:  How to reuse the Functional Test Automation Scripts to do Vulnerability Assessment/Security Testing for your web applications?


A good friend of mine who is a security tester introduced me to this concept and tool called ZAP from  OWASP – https://www.owasp.org/index.php/Main_Page The Open Web Application Security.

The OWASP Zed Attack Proxy (ZAP)https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.


If you are an automation engineer it's as easy as this diagram illustrates:
  1. Download ZAP and install.
  2. It generally runs on port 8080. Change your browsers proxy settings to localhost and 8080
  3. You can also use tools like foxyproxy to do the same
  4. Test a web app and see if ZAP is able to see your navigations on the History tab.




5. Create a new firefox profile and make sure the proxy settings are working on the profile
6. Launch the browser with the profile
ProfilesIni pf = new ProfilesIni();
FirefoxProfile profile = pf.getProfile("default");
driver = new FirefoxDriver(profile);
driver.manage().timeouts().implicitlyWait(60, TimeUnit.SECONDS);
driver.navigate().to(testData);
driver.manage().window().maximize();
((JavascriptExecutor) driver).executeScript("window.focus()");
7. Run your tests with ZAP working in the background
8. Finally here is your security report in JSON format:
Access all of the alerts via the ZAP API in JSON and XML format. If you enable the API (via the options) you can then access a URL like:
http://zap/JSON/core/view/alerts/?baseurl=http%3A%2F%2Fwww.example.com%2F&start=&count= to get all of the alerts reported on www.example.com
9. Use a http://codebeautify.org/jsonviewer to view all the alerts that you need.

Link for some code:

Happy Security Testing!

Update:   Zap has moved from SVN to github: https://github.com/zaproxy/zaproxy

Wednesday

Website's underlying technology for automation - II



I remember writing this post way back in 2011 where I mentioned tools that can help us find the websites underlying technology. Things have changed since then , but most players are still sniffing :)

A comment in that post:
Some nice tools for querying site details (no doubt there are many more):

•BuiltWith
•DomainTools
•NetCraft
•W3Techs
Firefox addons:

•Wappalyzer - CMS, frameworks/libraries, e-commerce, message boards etc.
•Domain Details - IP, country and webserver details
•Library Detector - Javascript libraries in use
Bookmarklets:

•WTFramework - shows Javascript framework in use

What we use now:
Happy Sniffing!

Test Automation Framework Structure

Here is a generic structure of a test automation tool like Selenium/Protractor/Capybara


Tuesday

Stay Updated - Test Automation and Software testing



Problem: Recently I was trying to look at all my favourite blogs and posts. I realized with my busy schedule I end up deleting most of the feeds that I receive by email.

Solution:
As usual my automation brain to the rescue; I decided to use yahoo pipes which would do some kind of automation and merge all the feeds into one customized output!

Here is the link to the yahoo pipe:

Problem
The second problem was simple now that I had the results , I wanted an email that gave me updates real-time.

Solution:
Use a service such as RSSFWD or Blogtrottr to deliver it to your email!!


Happy staying updated on all that happens in the Testing world!

Note: You are free to clone the yahoo pipe and customize it the way you want it..