location_city Bengaluru schedule Jun 25th 10:30 - 11:15 AM IST place ESquire Hall 1 people 1 Interested

With increasing cyber threats & online attacks, an unavoidable situation for continuous security testing has emerged. Making sure all vulnerabilities are unleashed regularly is highly significant.

The paper hence proposes a solution where automated security testing could be achieved in conjunction with functional testing carried out using selenium API.

It introduces a framework that caters to automated security testing along with functional which could provide an integrated testing elucidation.

The paper, takes in these two premises to offer a solution where functional automation testers can now take on security testing. I propose a framework where automated security testing could be achieved in conjunction with functional testing using existing selenium API scripts.

The framework covers the top vulnerabilities and provides intuitive results that help a non-security tester interpret and act on the output. At the very core of this framework is the open source tool, OWASP ZAP, which is easy to use and integrates well with Selenium automation frameworks.

I bring in hands on project experience having implemented this framework for clients, who have been able to get the value of functional and security testing using the same set of scripts – it is this experience I would like to share with the SeleniumConf2016 audience, to help groom functional testers into security testing, with minimal cost and time, also enabling security testing to be performed every time functional automation is taken up.

 
 

Outline/Structure of the Demonstration

With increasing cyber threats & online attacks, continuous security testing has become inevitable and making sure all vulnerabilities are unleashed regularly, is highly significant.

The paper, hence proposes a solution where automated security testing could be achieved in conjunction with functional testing carried out using selenium API.

It introduces a framework that caters to automated security testing along with functional which could provide an integrated testing elucidation.

Followings are the main key points of this presentation :

  1. Need For Automated Security Testing
  2. Spectrum of Available Tools
  3. Core Tool Of Our Security Testing Framework
  4. Framework Architecture
  5. Framework Coverage
  6. Demo
  7. Analysis and Reporting
  8. Take Aways

Learning Outcome

  1. Make security testing a habit
  2. Leverage  existing functional test scripts - run security tests in parallel
  3. Sync with DevOps. Integrate with CI tools
  4. Open invite to all teams to try this tool

Target Audience

Software Professionals, Software Testers, QA Leads, Automation experts,

Video


schedule Submitted 7 years ago

  • Bret Pettichord
    keyboard_arrow_down

    Bret Pettichord - Checking as a Service

    Bret Pettichord
    Bret Pettichord
    Software Architect
    HomeAway
    schedule 7 years ago
    Sold Out!
    45 Mins
    Keynote
    Beginner

    This talk suggests a reframe in how we understand the business value of automated testing. One shift is to see automation as "checking" rather than "testing". Another is the shift from software delivery to service delivery, including fully embracing DevOps. The resulting approach could be called Checking as a Service or CheckOps, and forces us to rethink traditional automation priorities. In this talk, Bret will explain how change in approach has affected teams he's worked with and how you can use it to improve your ability to deliver valued services.

  • Simon Stewart
    keyboard_arrow_down

    Simon Stewart - Fix a Bug, Become a Committer

    Simon Stewart
    Simon Stewart
    Project Lead
    The Selenium Project
    schedule 7 years ago
    Sold Out!
    480 Mins
    Workshop
    Beginner

    Have you ever wondered how Selenium works under the covers? Do you get frustrated with locators not locating, pages not loading, or browsers behaving inconsistently from one run to the next? Selenium is an attempt to unify thousands of disparate elements across a wide spectrum of challenges into a single, common interface that works seamlessly with all the major browsers - and yet only a handful of volunteers work to maintain this gigantic effort. If you would like to enhance your own Selenium experience while contributing back to the software that has defined so many of our careers, come to this workshop. In it we'll dissect the different elements of Selenium, dive into its internals, learn how it was built and how to make changes to it, and even write a unit test you can contribute on the same day!

  • Irfan Ahmad
    keyboard_arrow_down

    Irfan Ahmad - Testing as a Container : Using Docker with selenium and friends to ship fast

    Irfan Ahmad
    Irfan Ahmad
    Engineering Manager
    upGrad
    schedule 7 years ago
    Sold Out!
    45 Mins
    Demonstration
    Intermediate

    We see two upcoming trends in the world of software delivery.

    1.Docker is becoming a standard for managing infrastructure using containers.

    2.Testing code and its infrastructure starts to grow at scale with more complexity, dependencies and technology diversity.

    A container is an entire portable runtime environment: an application, plus all its dependencies, libraries and other binaries, and configuration files needed to run it, bundled into one package. By containerizing the application platform and its dependencies ,all differences in OS distributions and underlying infrastructure are abstracted away which makes it easy to share and execute anywhere.

    At this talk we will learn how to leverage the container technology to solve the challenges of growing testing infrastructure and continuous delivery with key focus on below items.

    • Basics of the containers technology and specifically it’s application on the test automation. 
    • How Docker can reduce the time of test execution, ease the setup of clean test environments and drastically reduce the differences between the development, acceptance and production environments leading to the higher quality of the released software.
    • Examples to containerize entire testing stack together consisting of major automation tools (selenium, appium, phantomjs), performance tools (jmeter,gatling) with cucumber. 
    • Integrating and managing testing container with other application containers to achieve easily manageable continuous delivery pipeline.
    • Best practices and patterns for docker success.

     

     

  • Roy Nuriel
    keyboard_arrow_down

    Roy Nuriel / Sreevatsa S - From Pyramids to hourglass - New approach and best practices for digital apps testing

    45 Mins
    Talk
    Executive

    One of the first things that you learn when you enter the quality assurance space is the famous triangle braked down to Unit test at the lower, on top of it Acceptance Tests based on API (in some places this layer is integration tests but the idea is the same) and at the top of the Pyramid we have the User Interface (UI) Tests. This Pyramid, in the last two decades was the main principle on how to approach testing activities (mainly automation).

    In the last couple of year we are all taking part in the digital transformation that is taking place all over. Mobile Native applications as well as web applications take part in almost any activity that we are doing during the day, business are building their strategy on this channel and shifting resources and budgets to deliver applications maintained and expend their market share.

    So what changed?

    The users are no longer static, they are interacting with those apps while they are on the train on their way to the office, while waiting for a flight at the airport or drinking coffee while waiting for their next meeting – those “interactions” are done most of the time while they are on the go working with mobile device. In addition the application take advantage of the sensors that those devices provide in order to provide better user experience. The environment where our end users use our application has significant impact on the functionality and performance of our application which at the end of the day we call quality.

    During the last year we developed a new approach for digital application testing – The “Hourglass” – This new approach expend the known Pyramid and update it to the digital era – The client side is richer and contains many components that impact the quality of application. It redefine the definition of coverage. At the top of the pyramid we add 2 additional triangles (the gives the hourglass shape) – The first one is devices – what devices should we test, how we should approach the changes that happens in the devise market. The second is the environment, the places that our end users will use and interact with the application. We leverage the automation investment and get the real digital coverage which will help to reach high quality applications.   

     

  • Ori Bendet
    keyboard_arrow_down

    Ori Bendet - Tales from the Dark Side: The Growth, Implementation and Influence of Selenium inside Hewlett Packard Enterprise

    45 Mins
    Talk
    Intermediate

    I know what you’re thinking: the creators of WinRunner, QTP/UFT are now embracing Selenium?

    Ten years after Selenium came into existence as an open source alternative to Mercury Interactive, the perception and relationship between QTP and Selenium has morphed from competition to collaboration with complementary test automation frameworks.

    Join Ori Bendet, HPE Inbound Product Manager for Functional Testing to discuss how HPE’s R&D uses Selenium and other open source tools. Understand the new roles and responsibilities of dev/test @HPE and how they fit into current team structure. Discover their lessons learned about how Selenium and open source has contributed to the success and maturity of HPE's own quality assurance and testing tools across the entire portfolio.

  • Sargis Sargsyan
    keyboard_arrow_down

    Sargis Sargsyan - Better Page Object Handling with Loadable Component Pattern

    45 Mins
    Talk
    Advanced

    One of the painful problems in Selenium automated testing is determining whether a HTML page has been loaded. This is especially the case when web application uses a JS  heavy framework such as the popular AngularJS.

    During this talk we will discuss how to handle Selenium Page Object pattern better with Loadable Component.

    The Loadable Component helps test case developers make sure that the page or a component of the page is loaded successfully. I will share my experience about the concept of the Loadable Component and Page Object patterns.

     

     

  • Ankita Gupta
    keyboard_arrow_down

    Ankita Gupta / Jatin Makhija - Web Push Notification Automation Mystery Solved!

    45 Mins
    Demonstration
    Intermediate

    Push Notifications are the latest way of sending updates to our users. More and more Organisations are implementing Web Push Notifications along with emails and other notification systems.

    So the Big Question that arises is "How do we automate them?"

    We have come up with a library in various languages which can be integrated with your Automation suite and provide you everything you need about the notification triggered.

    You can easily then trigger and verify the push notification sent and ship out the product without worries :)

  • Vinay Babu
    keyboard_arrow_down

    Vinay Babu - Web Scrapping with Selenium and Data Analysis using IPython Notebook

    20 Mins
    Talk
    Intermediate

    Data Analysis is one of the upcoming field and as many of the data scientists says that the most of time they spend for analysis is on Data cleaning, So, In this short session we will see how one can pull the data from the web using Selenium Webdriver and will use this data further for the Data Analysis, The entire exercise will be executed on a IPython Notebook, which is a tool used to execute & save your code and perform data analysis using python data analysis libraries, it also provides a platform to massage the data and visualize it in the form of graphs and tables.

    This entire exercise would be helpful for anyone who wants to understand how data can be pulled with the help of Selenium Webdriver from a website and organized using python libraries for the data analysis. During this session we would be using an open source data for analysis and see how we can draw conclusions using this data.

  • Michal Vanek
    keyboard_arrow_down

    Michal Vanek / Filip Braun - Breaking down the barriers: Testing desktop apps with Selenium

    45 Mins
    Talk
    Intermediate

    Selenium was born for web-application testing. But have you ever thought it could be a great tool for testing Windows desktop apps too?

    Today, more and more desktop apps use a web-like approach to implement their UI. The methods vary from basic HTMLayout environment to complex designs in CEF (Chromium Embedded Framework). However traditional GUI automation tools seem to be a step behind or ignoring the trend completely. This situation calls for finding new ways of testing.

    In our talk we shall introduce to you a new way of utilizing Selenium for automated testing of desktop applications. No matter whether the HTML UI content is completely offline or loaded and updated dynamically, Selenium is able to access and navigate it just like in a web page. We’ll also show you how to build a small framework around it and plug it into your Continuous Integration process. All of this will be demonstrated using a real-life instance of Avast Antivirus for Windows.

     

  • Adam Carmi
    Adam Carmi
    Co-Founder and VP R&D
    Applitools
    schedule 7 years ago
    Sold Out!
    45 Mins
    Talk
    Beginner

    Automated visual testing is a major emerging trend in the dev / test community. In this talk you will learn what visual testing is and why it should be automated. We will take a deep dive into some of the technological challenges involved with visual test automation and show how modern tools address them. We will review available Selenium-based open-source and commercial visual testing tools, demo cutting edge technologies that enable running cross browser and cross device visual tests at large scale, and show how visual test automation fits in the development / deployment lifecycle.

    If you don’t know what visual testing is, if you think that Sikuli is a visual test automation tool, if you are already automating your visual tests and want to learn more on what else is out there, if you are on your way to implement Continuous Deployment or just interested in seeing how cool image processing algorithms can be, this talk is for you!

  • Dan Cuellar
    Dan Cuellar
    Founder
    Appium
    schedule 7 years ago
    Sold Out!
    45 Mins
    Talk
    Advanced

    Over the last few years, Appium has become the choice automation tool for mobile application UI testing. Most people are familiar with the basics of Appium, but did you know that you Appium can identify elements using image recognition? Did you know you it's also possible to automate Windows phone and Desktop apps with Appium? Have you ever seen Appium run the same test on multiple operating systems, or seen an Appium test run using several devices at once?

    The talk will cover advanced Appium topics such as these along with best practices to ensure you get the most out of Appium.

  • Luke Inman-Semerau
    keyboard_arrow_down

    Luke Inman-Semerau - Grid Workshop

    480 Mins
    Workshop
    Advanced

    Selenium Grid can be a bit daunting to get up and running. Starting it is quite easy, but using it effectively requires pulling in third party tools. In this workshop we’ll cover how you would realistically run your grid, using modern tooling to run a grid with docker containers or in a cloud service like AWS or theoretically your own VM provisioning environment.

     

  • Parashuram
    keyboard_arrow_down

    Parashuram - Reusing Selenium tests for catching Performance Regressions

    90 Mins
    Demonstration
    Beginner

    Almost all the tests we write today are geared towards verifying the functional correctness of products. Selenium gives us a great way to ensure that our web applications and browser behave correctly and our tests usually do an excellent job running through the happy path.

    Most successful websites or hybrid mobile applications are not just functionally correct, but also have a very smooth performance and user experience. Performance, for many, is now a feature. In this talk, we will look at ways to re-use our selenium test cases to also catch any performance regressions. We will measure key performance indicators like frame rates and memory usage as the selenium scripts navigate and perform actions on the website. We will look at logging all these metrics into a dashboard, and integrating this with a continuous integration system like Jenkis or Team City. Finally, we will also look at how such a system can catch any code change that is responsible for making the website slower than a threshold we set.

     

    We will look at how we could use existing testing frameworks like Protractor or Jest to add performance metrics. We will extend our test matrix to cover desktop browsers, browsers on popular mobile platforms and even hybrid apps like Apache Cordova, Ionic or Phonegap.

     

     

    If Performance is a feature, let us test it like we test features !!

     

  • Christina Thalayasingam
    keyboard_arrow_down

    Christina Thalayasingam - Distributed Testing and Test Reporting

    45 Mins
    Demonstration
    Advanced

    As we are moving into the agile world, continuous integration has a major role to play.

    So how do we cater for a complete test on every sprint or every release? We can use Selenium for Test Automation. When we use a continuous integration approach it would be helpful to use Selenium Grid. It allows you to run your tests on different machines against different browsers in parallel. Essentially, Selenium-Grid supports distributed test execution. 

    This helps you to run your automated tests on various different machines, operating systems and browsers at the same time. This saves time and would help  to run your testing in a nightly build.

    Extent Reports will go hand in hand with Selenium Grid as it will help you retrieve all test results including Test Evidences into a comprehendible report.

    This talk would have a quick guide on how to use Selenium. With details on how to create html reports (with latest plug-in) which would give understanding test execution results for both technical and non technical people. The highlight of the talk would be on Selenium Grid which permits to run Selenium test cases on various operating systems and browsers from a specific hub. This would cover quick demonstrations on main browsers used in the industry such as Firefox, Chrome and Internet explorer. This would help for continuous integration.

  • 45 Mins
    Talk
    Beginner

    This talk showcases how you can develop a framework in Java with all kinds of features like WebTesting with Selenium, Service Layer testing with SoapUI and Load Testing with JMeter - all packaged as a single testing solution. Above all, make use of open source libraries and get details HTML reports as well as Summary reports. This solution allows you to seamlessly integrate all your testing requirements under a single framework.

     

  • Alexander Bayandin
    keyboard_arrow_down

    Alexander Bayandin - Mobile Web Test Automation: to the Desktop!

    45 Mins
    Talk
    Advanced

    How does it usually look when people do Mobile Web Test Automation? They write a couple of tests, run them on some desktop browser and only after that try to run on emulators/simulators and the final step is adapting and fixing the tests for browsers on real devices.

    By happy chance we developed our tests for Mobile Web on real devices. But some time ago we decided to run on Desktop as well.

    Why? What benefits did we get? How do we have both Appium and Selenium tests in one repository? And what challenges did we face? About this and many other things I will tell in my talk.

  • Vikram V Ingleshwar
    keyboard_arrow_down

    Vikram V Ingleshwar - How to be a assistant cook from waiter - my experiences with software testing and automation

    Vikram V Ingleshwar
    Vikram V Ingleshwar
    SDET
    Microsoft GmbH
    schedule 7 years ago
    Sold Out!
    45 Mins
    Talk
    Intermediate

    In this talk I would like to share good practices of BDD , Cucumber Tool and its usage with Selenium with Serenity framework , Appium and API Testing.

    I will be sharing how I had implemented BDD culture in team , which was following Agile ( fast waterfall ) , how it has helped business.

    There are many who know Selenium and are experts in it. But with BDD and Cucumber , it can be used much more efficiently.

     

    The main benefits of this methodology will be reducing bugs , re-work , tech debt , bad customer reviews , cost and increases overall productiveness and happiness across orgnisation

     

    With all these , QA can be assistant cook along with main cook ( who is developer and/or product ) and elevate from traditional waiter role , where some code is thrown at him to deliver to somebody who pays for it.

  • Dharmesh Vaya
    keyboard_arrow_down

    Dharmesh Vaya - Practical tutorial in Test Framework development

    480 Mins
    Workshop
    Intermediate

    Advanced users in Selenium are given the challenging task of developing a framework from scratch. However, its best to understand the core requirements of how the framework is going to be utilized in order to develop the framework with minimal efforts. This tutorial teaches development of core-building blocks that can be implemented for any Selenium based framework with maximum flexibility and minimum efforts.

  • Sweta Shahi
    keyboard_arrow_down

    Sweta Shahi - Visual Regression Testing - How Selenium can help?

    Sweta Shahi
    Sweta Shahi
    Group Lead
    Srijan Technologies
    schedule 7 years ago
    Sold Out!
    20 Mins
    Demonstration
    Beginner

    In today's software world, web applications need to go though constant change to maintain highest standards of quality of service. With continuous changes, one of the biggest challenges in the testing fraternity is to reduce the effort in regression testing. Often UI testing is cited as an area where automated tools have a limitation.

    In this session, will try to cover how using a simple program and using tools like ImageMagick, we can automate visual regression of the site in no time. Also, this means after every change (front-end or feature) if causes any unexpected behavior can be brought to notice immediately. A set of benchmark images of the stable version will be compared against those from the build's latest version and help reduce the extra effort testers spend in testing the UI on different browsers.

     

help