We have come to a place where we run our selenium tests on pipelines every day.
Now are these tests confined to test only the functionality of the application?
No, we can use this tests to do much more. Let's test security with those same tests.

Turn your selenium tests in to Security tests, get security testing in to your CI pipelines just by tweaking a bit of the selenium integration suite. Find and report security issues that exists which can be caught way before paying off for it.
In this Demo we will introduce a framework that will help your selenium tests turn into security tests and run on pipelines.
With ZAP API + selenium and CI pipelines, find security issues on the application see a red or green security pipeline. Not just that fetch the reports and take necessary actions on every build.
The talk covers different ways that ZAP tests the web application for security(automated with selenium tests). We will see what all of them can be integrated with selenium and can make most out the suite.
As an add we will see how your API can be tested for security using ZAP API :)

Tools used:
1. Selenium Web driver framework.
2. ZAP framework integrated with selenium framework.
3. GO (for CI/CD)
4. Maven for building and fetching reports.

 
 

Outline/Structure of the Demonstration

  1. What and why of security.
  2. Basic Selenium Framework.
  3. What is ZAP?
  4. What is ZAP API and How does it work?
  5. Integration of Security framework with Selenium Tests.
  6. Different ways of tweaking the security tests.
  7. Continuous Security - Setting up security testing Pipeline
  8. Running pipelines and looking into reports.
  9. Test application APIs for security in the same framework.

Learning Outcome

Will get to learn:

  • Integrating the security testing with selenium tests.
  • Ways of testing security (automated way)
  • Setting up security pipelines.
  • Setting up security levels with an understanding of reports.

Target Audience

Who ever wants to make most out of their selenium suite can attend this session, QA, Developers, Dev-Sec Ops

Prerequisites for Attendees

knowledge on selenium.
Well ideally we are happy to have participants with knowledge on security and ZAP. How ever having a little knowledge on security will be a add on to this.

enthusiasm to learn and implement is what we are looking for :)

schedule Submitted 1 year ago

Public Feedback

comment Suggest improvements to the Speaker
  • ManojKumar
    By ManojKumar  ~  1 year ago
    reply Reply

    Hi guys,
    Do you have any project setup or this integration open-sourced? or planning to do after the talk?
    Are you using the ZAP API from Zaproxy ?

    • NaliniKanth M
      By NaliniKanth M  ~  1 year ago
      reply Reply

      Hey,

      Thanks for reaching out to us. 
      Yes we have a code repo, we are still working on it to make it easily usable by anyone who wants to try that out. Once these things are done we will make it out(open source) for everyone. 

      Yes, we are using ZAP API from Zaproxy. 

       

  • Liked Srinivasan Sekar
    keyboard_arrow_down

    Srinivasan Sekar / Sai Krishna - Advanced Appium

    Srinivasan Sekar
    Srinivasan Sekar
    Lead Consultant
    Thoughtworks
    Sai Krishna
    Sai Krishna
    Lead Consultant
    Thoughtworks
    schedule 1 year ago
    Sold Out!
    480 Mins
    Workshop
    Intermediate

    At this workshop, you'll learn about advanced concepts in Appium. We will learn how to write a single script for Android, iOS and mobile web apps. Once our tests are established, we will work on framework design and report. We will also have a detailed look at how can we automate various mobile gestures using TouchActions and mobile endpoints in Appium and running distributed tests in parallel on various emulators and simulators.

  • Liked Srinivasan Sekar
    keyboard_arrow_down

    Srinivasan Sekar / Sai Krishna - Code Once Test Anywhere: On Demand Private Appium Device Cloud using ATD

    45 Mins
    Case Study
    Beginner

    Mobile Test Automation is increasingly becoming very important. Almost all web applications are responsive these days and it's very important to test how the application works across devices. The same is true with the native application as well. At the same time, the number of devices and the custom OS versions on devices are also vast. This means that it's harder for a tester to manually run the automated tests over a list of devices to get device coverage and quicker results over every feature development.

    We came up with a solution of executing tests in distributed or parallel fashion across remote devices from anywhere in the network using Appium Test Distribution. Same framework is officially used by Appium members for Beta testing of Appium.

    USP of ATD over other Market Solutions:

    • Device Cloud:
      • Setup Devices anywhere within a network, ATD executes remotely without Grid
      • Never worry about device location in network.
    • Plug and Play:
      • Connect your android/iOS devices or Emulators/Simulators and just execute tests.
    • Multiple TestRunner:
      • TestNG and Cucumber
    • Parallel Test Execution:
      • Runs across all connected iOS, Android real devices and Simulators/Emulators
    • Test Coverage:
      • Parallel(Run entire suite across all devices, which gives device coverage)
      • Distribute(Run tests across devices to get faster feedback).
    • Device Management:
      • Manage devices remotely using Device Manager.
    • Reporting:
      • Covers detailed crashes logs from Android and iOS.
      • Appium Servers logs
      • Screenshots on Failures and On Demand Video logs
      • Reporting Trends for multiple builds
    • Manual Access to Remote Devices - OpenSTF support

    Who loves/uses ATD?

    ThoughtWorks, CeX, Jio, TravelStart, M800, Reward Gateway and lot more.

  • Liked Ivan Krutov
    keyboard_arrow_down

    Ivan Krutov - Reliable. Scalable. Lightning fast. Running 1 000 000 Android tests with Selenoid.

    Ivan Krutov
    Ivan Krutov
    Developer
    Aerokube
    schedule 1 year ago
    Sold Out!
    45 Mins
    Talk
    Intermediate

    Mobile platforms nowadays give more than a half of the worldwide Internet traffic. Being the most widespread platform, Android is slightly more difficult to work with from test automation perspective than traditional desktop browser automation. Last autumn in Berlin I have shown Selenoid - an open-source Selenium protocol implementation that dramatically simplifies working with Selenium for desktop browsers. In this talk I would like to demostrate how it is possible to have the same experience on Android platform for mobile application and mobile web testing.

  • Liked Rajdeep
    keyboard_arrow_down

    Rajdeep - Android Application Backdoor via Appium

    Rajdeep
    Rajdeep
    Sr. Test Automation Engineer
    Badoo
    schedule 1 year ago
    Sold Out!
    45 Mins
    Demonstration
    Advanced

    Application Backdoor via Appium

    There's a shift towards open-source mobile test automation tools happening today among developers and QAs. Whether it be Appium, Calabash or anything else: all are good, with some major limitations.

    While a chosen tool may work well when you first start using it, things can quickly get out of hand with changing business requirements. We started using Calabash at Badoo when there was no Appium. Given the capability of Appium to drive the whole device, we started automation of new apps with Appium. However, we realized a powerful feature was missing in Appium for Android! : The ability to call Application code from automation code like Calabash Backdoors.

    As Appium UiAutomator server is based on instrumentation, we modified it such that we could instrument our app under test. This gave us the power to access context of Application under test and invoke public methods of Activity using reflection APIs. We use these methods to setup app state, seed DB OR even enable/disable some client-side A/B tests. This makes our application more testable and our tests more predictable.

    This talk is going to be about how I achieved the above solution and benefits of backdoors.

    There will be a small demo and code!

  • Liked Anton Angelov
    keyboard_arrow_down

    Anton Angelov - Infinite Improbability Testing- Execute All Tests in Parallel

    Anton Angelov
    Anton Angelov
    CTO
    Automate The Planet
    schedule 1 year ago
    Sold Out!
    45 Mins
    Talk
    Intermediate

    100000 tests executed under half an hour - sounds like a myth? Well, we made it, and I'm going to tell you a story how we got there. Through surveys, we discovered that many companies desire to utilize the benefits from parallel tests execution to optimize their software development process. However, they struggle with the process. Lack of available tooling, documentation, tests data arrangement/deletion, handling E2E tests specifics like browsers, emulators, etc. We were one of this companies. Because of that, we created an open-source tool for the job. Throughout the presentation, you will find statistics where, depending on the type of the tests, the tests execution can speed up from 4- 40 times which makes the run of the 100000 tests possible for 27 minutes.

    It will be shown how to utilize the tool, its various features and where/when it is appropriate to use it. Also, you will find example solutions to most of the common challenges in executing tests in parallel. We believe that in the near future the parallel tests execution will be a necessity, much like unit tests or continuous integration now. This will be one of the pillars for the companies to improve their competitiveness and effectiveness.

  • Liked Gaurav Tiwari
    keyboard_arrow_down

    Gaurav Tiwari - Including voice command related tests to your automation Suite of Selenium/Appium test

    45 Mins
    Talk
    Beginner

    Almost every app (Web/Mobile/Desktop) is now being powered with voice search, voice typing or any other voice related action. Some great example are Alexa, Google Voice search. We also often have some voice related feature in our web/mobile app. But we usually manually test these scenario.

    Now its time when we start adding these test as our automation sprint Definition of Done. During this talk, I will be going through some sample codes and frameworks and would be demonstrating how you can integrate these tests along with your existing Selenium/Appium test scripts.

    I would also be discussing way forward to integrate Artificial Intelligence to your automation frameworks.

  • Liked Gil Tayar
    keyboard_arrow_down

    Gil Tayar - Not Only Cars: “AI, Please Test My App”

    Gil Tayar
    Gil Tayar
    Sr. Architect
    Applitools
    schedule 1 year ago
    Sold Out!
    45 Mins
    Talk
    Beginner

    Autonomous cars were a Scifi dream not 10 years ago. A computer driving a car? No way. But it did happen, and is happening. And if scientists do it for a complicated task such as driving, can they do it for automated regression testing? In this talk we explore what is being done in the field today, but also speculate about the future: we introduce the 6 levels of autonomous testing (that correspond to the 5 levels of autonomous driving), and try and figure out what kind of help current AI techniques can bring to automated testing.

  • Liked Shweta Sharma
    keyboard_arrow_down

    Shweta Sharma - Welcome to the world of Automated Visual regression testing

    45 Mins
    Talk
    Beginner

    I want the site to be tested on Firefox, Chrome, Safari and yes, even IE 11. To add, the site should be responsive and should support mobile and tablet resolutions too. How often do you see this being listed in a Test plan? Almost, all the websites need to supported on multiple browsers and devices, right? Just imagine the manual effort required here. To add, the site is multi-linguistic. Wow, that just doubled all your manual efforts! How about if we automated the visual regression tests too, just the way functional regression tests are? Sounds great, isn't it?

    Once you agree with the above paragraph, allow me to explain the concept of automated Visual regression testing, how the visual tools work in general, the concepts around it and the benefits of using them, along with the challenges faced during actual implementation of the tests. There are a couple of tools available in the market, using which you can directly get started with automating your visual tests too.

    Even if you have a large QA team, identifying CSS issues on multiple browsers and devices with every build can become a tedious job, erroneous since once cannot capture small pixel differences or even similar color related issues. Therefore, automating them is soon going to be a must have in every Test Plan.

  • Liked NaliniKanth M
    keyboard_arrow_down

    NaliniKanth M / Srinivasan Sekar - New hope in Selenium Docker

    45 Mins
    Demonstration
    Advanced

    Idea behind this talk is to describe how to create a short lived containers for each test and scale to large Selenium Cluster using Selenoid. What is standard Selenium architecture and why it is not suitable for big clusters, Also states issues in maintaining a large Docker Selenium Grid / Selenium Clusters. In this session we will also be talking about the challenges we faced in using official selenium docker images and how we scaled up regression execution time from 3:3 (3 hours to 3 mins). Followed by a demo of how Selenoid server solves the problem with docker. How it works, how to use inside big Selenium cluster, where else it could be used.

  • Liked Kushan Amarasiri
    keyboard_arrow_down

    Kushan Amarasiri - Unleash the Power of Selenide ~ Developing an End to End Automation Framework with Selenide

    480 Mins
    Workshop
    Beginner

    Selenide is a wrapper automation tool which uses Selenium WebDriver. It has many advantages compared to traditional WebDriver. Selenide supports AngularJS web solutions and it has also helped to reduce the most of the commands that we use for Traditional Selenium Automation tool. Selenide has been used widely in the industry and its free and open source test automation tools used widely among test automation professionals. In this workshop session I would be disseminating my knowledge to the audience about the Selenide Tool, Integrating Behavior Driven Development, Integrating Interactive Reporting Dashboard, Integrating Configurability and Promoting Reusability via Page Object Model. This session would be a highly interactive session where the audience will be given hands on practice on how to create a test automation framework using Selenide. This workshop will be done by Taking a practical and realistic test automation scenario.

  • Liked Raj Thapa
    keyboard_arrow_down

    Raj Thapa - 100% automated, customized and continuously integrated performance test with result analysis and reporting

    45 Mins
    Talk
    Intermediate

    While performance tests are common among web applications to test their speed, scalability and reliability, a systematic approach to conduct dynamic, automated and customizable automated tests along with fully automated results reporting and display can be regarded as a major challenge.

    In this session, discussions on an approach to conduct about the aforementioned with zero manual intervention will be carried out. The result being a fully automated test strategy that can easily be outlined to Product owners and higher-level management.

    The discussion will be focused on the overall process that initiates with the execution of performance tests using Continuous Integration Server whose results are extracted, logged and used for performance analysis, monitoring and baselining.

    The results are reported in a custom dashboard comprising of features that compare every build with historical data, compare deviations and provide a concrete idea of standard performances regarding the response time of the server over a period. A separate aggregated high-level report is also sent automatically as an email to respective stakeholders.

  • Liked Biswajit Pattanayak
    keyboard_arrow_down

    Biswajit Pattanayak - Integrate Automated Responsiveness tests to your selenium test suite

    45 Mins
    Demonstration
    Intermediate

    With the exponential increase of smart devices, businesses are bound to make their websites more responsive for the best user experience on all devices that can lead to increased sale and conversion. Moreover responsiveness is a major factor in Google's search ranking system. This inherently implies that the tester has to validate the application on different device dimension which is tiresome and error-prone if done manually. Here Galen Framework, an open source automated layout testing technique built on top of selenium, comes to the rescue of the testers.

    In this workshop, we will learn how Galen empowers the QA, how to write layout tests using Galen Specs, use Galen Java API and ultimately run them on a CI server by integrating the Galen tests with selenium tests.

    We will also learn few best practices such as - sharing a common locator repository between Galen and Selenium tests for better maintenance and writing Galen tests in plain english so that UX Designers, Business Analysts & Developers too can contribute to the tests.

  • Haritha Hari
    Haritha Hari
    Sr. Quality Analyst
    Thoughtworks
    schedule 1 year ago
    Sold Out!
    45 Mins
    Demonstration
    Intermediate

    Docker can be used to containerize Selenium tests and can be made to run against applications in another container. These tests can be further run on Selenium grid without the need of physical machines or VMs using Docker Selenium. Multiple and different versions of browsers, headless mode etc can be run inside containers and can be used to run tests in parallel. All these can be achieved with minimal changes to the existing Selenium tests.

  • Liked Shivaling Sannalli
    keyboard_arrow_down

    Shivaling Sannalli - Unify service and UI layer Automation - BDD way

    90 Mins
    Workshop
    Intermediate

    Software delivery is switching towards business driven development. This needs capturing requirements as presented by clients and translating these requirements into development tasks and tests.

    Clients want visibility on the quality of the requirements that are captured. Quality in the delivery of the project measured using the test pyramid — heavy unit tests, more integration and service layer tests, and fewer UI tests. Test pyramid is the ideal quality structure for Agile projects.

    In this presentation/session we will focus on how we can combine both service layer tests and UI layer tests in a BDD(Behavior Driven Development) way of Automation. That will bring test coverage visibility to business. Clients themselves can run this suite without having to understand technicalities of the implementation. Test scenarios will exactly be the requirements captured by business as behaviors.

    To accomplish BDD way of automation for both service layer automation and UI layer we will use following tools/libraries:

    BDD Tool: Gauge or Cucumber (both are open source)

    Service layer Automation : Unirest for JAVA

    UI layer Automation : Selenium WebDriver for JAVA

  • Liked Siddharth Kulkarni
    keyboard_arrow_down

    Siddharth Kulkarni - Dr Culture Shock - Or How I stopped worrying and embraced Org Culture

    45 Mins
    Talk
    Intermediate

    The org culture mantra is usually considered a silicon valley mumbo jumbo. Although many companies and teams rant about culture, very few in my opinion take it seriously. In this talk I would like to discuss the importance of Org culture and how it makes or breaks businesses and teams. I will lay out some key pointers that will help the influencers in the audience make decisions about their org or team culture. The talk will be in the context of culture in tech companies.

  • Liked Ruchika Rawat
    keyboard_arrow_down

    Ruchika Rawat - Lean Test Approach - in Agile

    Ruchika Rawat
    Ruchika Rawat
    Quality Analyst
    Thoughtworks
    schedule 1 year ago
    Sold Out!
    20 Mins
    Case Study
    Beginner

    Talk Description Automation provides an immense amount of value in preventing regressions and helping to deliver quality software. As an organization’s automation grows and grows, it requires continuous maintenance so that tests remain fast, reliable, and valuable. If not scaled efficiently, an organization’s automation suite will turn into a messy, uncontrollable beast. Having a lean test suite will help to combat this. In this session will present methods to keep automated test suites lean and mean, so they always provide quick and accurate feedback to the software delivery team. Using a few examples, she will discuss a wide range of ideas including evaluating a test's value, parallelizing tests, and producing consistent results. Session attendees will walk away with strategies and practices to scale their test automation over time in a highly efficient and maintainable way.

  • Liked Shashank Chaturvedi
    keyboard_arrow_down

    Shashank Chaturvedi - Data Analytics in QA using PowerBI

    45 Mins
    Demonstration
    Intermediate

    In CI/CD world, we execute thousands of test cases, multiple times in a day. These tests generate tons of data, which can be extremely useful to generate insight on identifying recurring patterns of failures, hotspots, infra issues etc.

    In this talk, I'll share how we can reduce the results analyzing time, but also how we can extract meaningful information from all the historic test runs and provide in-depth insights using PowerBI Visualization and Analytics.

    Few Examples Below:

    Delta Analysis

    Error Analysis

  • Liked Dharmender Kumar
    keyboard_arrow_down

    Dharmender Kumar - Develop Securely with Zaplenium

    Dharmender Kumar
    Dharmender Kumar
    Architect
    JDA
    schedule 1 year ago
    Sold Out!
    45 Mins
    Talk
    Intermediate

    Zaplenium simply means ZAP + Selenium and named after the integration of both to ensure application security while it's being developed. ZAP provide client API's that help to capture URL's by spidering and scanning over the pages those are interacted in user flows. With ZAPlenium the tests can be targeted to certain areas of application where selenium helps in navigating to those areas and target ZAP to spider over those and scan them. Also, Zaplenium will help defining the assertions those can come handy while we integrate this in CI/CD pipelines.

    Participants will be able to define security sanity suite to their build pipelines. With code change the security can be tapped for any High, Medium and Low risks. Session will make use of open source technologies i.e. OWASP ZAP and Selenium to define tests with assertion.

    Security Tool: OWASP ZAP

    Functional Tool: Selenium Web driver

  • Liked Mohammed Ammar
    keyboard_arrow_down

    Mohammed Ammar - Towards a more inclusive web using pa11y for accessiblity testing

    Mohammed Ammar
    Mohammed Ammar
    Quality Engineer
    Equal Experts
    schedule 1 year ago
    Sold Out!
    45 Mins
    Talk
    Intermediate

    We have seen the growth of web in all walks of life. Government's are pushing towards digitization all over the globe. Big organizations are finding innovative ways of reaching their audience. Services are moving to the Web and even faster to smart phones.

    In such a fast changing world, how many of the organizations, people or developers for that matter think about accessibility for all regardless of disability?

    Quoting Tim Berners-Lee, W3C Director and inventor of the World Wide Web,

    The power of the Web is in its universality.
    Access by everyone regardless of disability is an essential aspect.

    In this talk I will speak about what developers and organizations can do using pa11y to create high quality websites and web tools, that do not exclude people from using their products and services. How pa11y helps in improving the design of websites and accessible to people with a diverse range of hearing, movement, sight, and cognitive ability.

    Pa11y offers a variety of tools which can be used by developers and testers alike for testing the accessibility of their web applications. I will be demonstrating how to get started with pa11y, the nitty gritty of integration with acceptance tests and things to take care of in a CI/CD delivery model.

  • Liked Hitesh Sharma
    keyboard_arrow_down

    Hitesh Sharma - Visual testing for Mobile Native App

    Hitesh Sharma
    Hitesh Sharma
    Quality Analyst
    Thoughtworks
    schedule 1 year ago
    Sold Out!
    45 Mins
    Talk
    Intermediate

    While automated functional tests using appium acts as safety net, there is something missing. Often, we find issues like:

    “Sign-In button has shifted a bit and user have to scroll down to see it”

    “We asked to change background color of screen-X, it got changed for Screen-Y screen as well”

    “Why has fonts of this link become so tiny?”

    For mobile apps, look and feel of an application is extremely important. With long running projects, any minor refactoring can change your app’s looks. functional testing tools like Appium can not help us in this case.

    Most of the clients are not wanting to use any cloud based solutions, reason been cost and security concerns.

    Solution was to build a in-house tool which is Nakal

    github.com/saikrishna321/nakal_java