Develop Securely with Zaplenium
Zaplenium simply means ZAP + Selenium and named after the integration of both to ensure application security while it's being developed. ZAP provide client API's that help to capture URL's by spidering and scanning over the pages those are interacted in user flows. With ZAPlenium the tests can be targeted to certain areas of application where selenium helps in navigating to those areas and target ZAP to spider over those and scan them. Also, Zaplenium will help defining the assertions those can come handy while we integrate this in CI/CD pipelines.
Participants will be able to define security sanity suite to their build pipelines. With code change the security can be tapped for any High, Medium and Low risks. Session will make use of open source technologies i.e. OWASP ZAP and Selenium to define tests with assertion.
Security Tool: OWASP ZAP
Functional Tool: Selenium Web driver
Outline/Structure of the Talk
Develop securely with ZAPlenium will discuss on the need for security tests at each code builds and not pushing towards the end of cycle. With amalgamating selenium and ZAP, the security tests can be more robust and made applicable to certain areas of the application. As ZAP client API's provide interface for selenium to define rules, assertions that can build the suite more powerful and effective.
Learning Outcome
Post the session, participants will be able to:
- Setup ZAP and selenium
- ZAP Client API's
- Writing simple tests with assertions
- Managing attack thresholds & Strengths
- Report analysis
Target Audience
Audience having prior experience with selenium and ZAP
Prerequisites for Attendees
Participants should have:
- Basic understanding of Selenium
- Knowledge of OWASP ZAP client
Links
schedule Submitted 3 years ago
People who liked this proposal, also liked:
-
keyboard_arrow_down
Diego Molina - The Holy Trinity of UI Testing
45 Mins
Talk
Intermediate
Sometimes it is hard to know what to test in a web application, and the first step before testing is defining what we want to test. This may sound trivial, but in reality this is often not done properly. We tend to oversee the obvious and we test without knowing what we want to accomplish.
What do we want to achieve? Validate user behaviour? Check if the page design is responsive on different devices? Or maybe to know that our web application looks like we expect.
When we know the purpose of our test, we can start planning, coding, executing and improving our tests. But most importantly, we will know what approach we can use to develop the test.
Functional, layout and visual testing are the three pillars of the UI testing trinity. We can use these approaches to develop focused tests, tests that are asserting a specific aspect of our web application.
But how can we identify what approach to use? When should we combine them? There is an information overflow that presents a huge variety of tools that can help us to test through any of these approaches. Sadly, this large amount of information is making us focus more on the tools instead of focusing on the testing strategy.
The intention of this talk is to break in pieces the process of identifying how to develop a focused test, and more importantly, to understand when it makes sense to combine functional testing with layout or visual testing, and what to consider before using layout or visual testing.
The talk will then go deeper through scenarios and code examples that show how to create layout and visual tests. It will also discuss scenarios where a functional test is not enough, or where a visual test is better than a layout test. This talk’s main goal is to offer a different perspective when testing a web application through the UI testing trinity.
If you are interested in how to integrate layout or visual testing to your current workflow, you should attend this talk!
Note: Thanks to the feedback I got after presenting this topic at SauceCon 2018, I have been able to make nice improvements to the content that will be helpful for the attendants.
-
keyboard_arrow_down
Rajdeep varma - Android Application Backdoor via Appium
45 Mins
Demonstration
Advanced
Application Backdoor via Appium
There's a shift towards open-source mobile test automation tools happening today among developers and QAs. Whether it be Appium, Calabash or anything else: all are good, with some major limitations.
While a chosen tool may work well when you first start using it, things can quickly get out of hand with changing business requirements. We started using Calabash at Badoo when there was no Appium. Given the capability of Appium to drive the whole device, we started automation of new apps with Appium. However, we realized a powerful feature was missing in Appium for Android! : The ability to call Application code from automation code like Calabash Backdoors.
As Appium UiAutomator server is based on instrumentation, we modified it such that we could instrument our app under test. This gave us the power to access context of Application under test and invoke public methods of Activity using reflection APIs. We use these methods to setup app state, seed DB OR even enable/disable some client-side A/B tests. This makes our application more testable and our tests more predictable.
This talk is going to be about how I achieved the above solution and benefits of backdoors.
There will be a small demo and code!
-
keyboard_arrow_down
Anton Angelov - Infinite Improbability Testing- Execute All Tests in Parallel
45 Mins
Talk
Intermediate
100000 tests executed under half an hour - sounds like a myth? Well, we made it, and I'm going to tell you a story how we got there. Through surveys, we discovered that many companies desire to utilize the benefits from parallel tests execution to optimize their software development process. However, they struggle with the process. Lack of available tooling, documentation, tests data arrangement/deletion, handling E2E tests specifics like browsers, emulators, etc. We were one of this companies. Because of that, we created an open-source tool for the job. Throughout the presentation, you will find statistics where, depending on the type of the tests, the tests execution can speed up from 4- 40 times which makes the run of the 100000 tests possible for 27 minutes.
It will be shown how to utilize the tool, its various features and where/when it is appropriate to use it. Also, you will find example solutions to most of the common challenges in executing tests in parallel. We believe that in the near future the parallel tests execution will be a necessity, much like unit tests or continuous integration now. This will be one of the pillars for the companies to improve their competitiveness and effectiveness.
-
keyboard_arrow_down
Gaurav Tiwari - Including voice command related tests to your automation Suite of Selenium/Appium test
45 Mins
Talk
Beginner
Almost every app (Web/Mobile/Desktop) is now being powered with voice search, voice typing or any other voice related action. Some great example are Alexa, Google Voice search. We also often have some voice related feature in our web/mobile app. But we usually manually test these scenario.
Now its time when we start adding these test as our automation sprint Definition of Done. During this talk, I will be going through some sample codes and frameworks and would be demonstrating how you can integrate these tests along with your existing Selenium/Appium test scripts.
I would also be discussing way forward to integrate Artificial Intelligence to your automation frameworks.
-
keyboard_arrow_down
Marcus Merrell / Diego Molina / Manoj Kumar - Selenium Grid
Marcus MerrellDirector of Technical ServicesSauce Labs, incDiego MolinaSr. Software EngineerSauce LabsManoj KumarContributorSelenium Projectschedule 3 years ago
480 Mins
Workshop
Advanced
Selenium Grid can be a bit daunting to get up and running. Starting it is quite easy, but using it effectively can require pulling in third-party tools. In this workshop we’ll cover how to run your grid effectively, using best practices culled from several large grid installations.
-
keyboard_arrow_down
Nalilnikanth Meesala / Srinivasan Sekar - New hope in Selenium Docker
Nalilnikanth MeesalaSr. Quality AnalystThoughtWorksSrinivasan SekarLead ConsultantThoughtWorksschedule 3 years ago
45 Mins
Demonstration
Advanced
Idea behind this talk is to describe how to create a short lived containers for each test and scale to large Selenium Cluster using Selenoid. What is standard Selenium architecture and why it is not suitable for big clusters, Also states issues in maintaining a large Docker Selenium Grid / Selenium Clusters. In this session we will also be talking about the challenges we faced in using official selenium docker images and how we scaled up regression execution time from 3:3 (3 hours to 3 mins). Followed by a demo of how Selenoid server solves the problem with docker. How it works, how to use inside big Selenium cluster, where else it could be used.
-
keyboard_arrow_down
Syam Sasi / Jerry Zhao - How to build a device lab in your office in 48 hours!
45 Mins
Talk
Intermediate
Continuous testing is an integral part of continuous delivery pipeline. When it comes to mobile application, the testing become increasingly complex.
As part of our internal quarter hackathon at Carousell, we developed an automation testing framework and device lab in 48 hours which has both parallel and distributed mode of running.
We will share about how you can set up a similar device lab in your organization and the best practices to be followed.
-
keyboard_arrow_down
Raj Thapa - 100% automated, customized and continuously integrated performance test with result analysis and reporting
45 Mins
Talk
Intermediate
While performance tests are common among web applications to test their speed, scalability and reliability, a systematic approach to conduct dynamic, automated and customizable automated tests along with fully automated results reporting and display can be regarded as a major challenge.
In this session, discussions on an approach to conduct about the aforementioned with zero manual intervention will be carried out. The result being a fully automated test strategy that can easily be outlined to Product owners and higher-level management.
The discussion will be focused on the overall process that initiates with the execution of performance tests using Continuous Integration Server whose results are extracted, logged and used for performance analysis, monitoring and baselining.
The results are reported in a custom dashboard comprising of features that compare every build with historical data, compare deviations and provide a concrete idea of standard performances regarding the response time of the server over a period. A separate aggregated high-level report is also sent automatically as an email to respective stakeholders.
-
keyboard_arrow_down
Nalilnikanth Meesala / Prasad Mudedla - Continuous Security with Selenium tests
Nalilnikanth MeesalaSr. Quality AnalystThoughtWorksPrasad MudedlaQuality ConsultantThoughtWorksschedule 3 years ago
45 Mins
Demonstration
Intermediate
We have come to a place where we run our selenium tests on pipelines every day.
Now are these tests confined to test only the functionality of the application?
No, we can use this tests to do much more. Let's test security with those same tests.Turn your selenium tests in to Security tests, get security testing in to your CI pipelines just by tweaking a bit of the selenium integration suite. Find and report security issues that exists which can be caught way before paying off for it.
In this Demo we will introduce a framework that will help your selenium tests turn into security tests and run on pipelines.
With ZAP API + selenium and CI pipelines, find security issues on the application see a red or green security pipeline. Not just that fetch the reports and take necessary actions on every build.
The talk covers different ways that ZAP tests the web application for security(automated with selenium tests). We will see what all of them can be integrated with selenium and can make most out the suite.
As an add we will see how your API can be tested for security using ZAP API :)
Tools used:
1. Selenium Web driver framework.
2. ZAP framework integrated with selenium framework.
3. GO (for CI/CD)
4. Maven for building and fetching reports. -
keyboard_arrow_down
Michael Palotas - Enterprise Automation with Selenium - and how it (mostly) has little to do with Selenium itself
45 Mins
Talk
Intermediate
An increasing number of enterprises are moving to Selenium for their GUI automation. The focus for most teams is the creation and authoring of automated tests. When automation projects become difficult to maintain or fail all together, people often point the finger to “Selenium”. From experience, Selenium is usually not the problem in getting an enterprise grade test automation solution off the ground.
When looking deeper, the absence of basic software development approaches / best practices and the lack of a solid approach to building / buying and managing the cross browser test execution infrastructure are the main reasons for failure.
This talk showcases:
- Practical examples of how test automation with Selenium is a software development and infrastructure project, which needs to be treated and staffed as such.
- The major pitfalls, which can prevent teams from building a scalable and reliable automation solution with the Selenium tool family.
- How to apply patterns and approaches in making test automation with Selenium a full success.
-
keyboard_arrow_down
Shashank Chaturvedi - Data Analytics in QA using PowerBI
45 Mins
Demonstration
Intermediate
In CI/CD world, we execute thousands of test cases, multiple times in a day. These tests generate tons of data, which can be extremely useful to generate insight on identifying recurring patterns of failures, hotspots, infra issues etc.
In this talk, I'll share how we can reduce the results analyzing time, but also how we can extract meaningful information from all the historic test runs and provide in-depth insights using PowerBI Visualization and Analytics.
Few Examples Below:
-
keyboard_arrow_down
Manjyot Singh - QAOPS - QA Testing in a DevOps World
45 Mins
Demonstration
Intermediate
QAOps is Continuous Testing Strategies when
frequent software delivery matters.
It is no surprise that automation and orchestration
make life very easy, be it a small organization or
a large-scale industry that houses hundreds of
servers. IT automation is essentially the ability to
orchestrate and integrate tools,
people, and processes through a certain workflow. I will be using Ansible and Docker to showcase the same and writing ansible tests on top of that.Ansible - Ansible is an IT automation tool which can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments. Ansible is actually designed to be a “fail-fast” and ordered system, therefore it makes it easy to embed testing directly in Ansible playbooks.
Docker - A docker container is a lightweight, stand-alone, executable package of a piece of software that includes everything needed to run it: code, runtime, system tools, system libraries, settings. Containers isolate software from its surroundings, for example differences between development and staging environments and help reduce conflicts between teams running different software on the same infrastructure.