Headless Browser Testing and Selenium

Today I’ve discovered the amazing world of browser testing.

I’ve been learning about tools lately in our final classes, such as Pit Testing. But using an already existing tool, a web browser, to automate tests, was a really cool discovery.

Over on Awesome Testing’s blog, they have many posts talking about Selenium, which made me finally look it up. On the home page of Selenium, they proudly proclaim, “Selenium automates browsers. That’s it!” They know how amazing just that is. By automating a web browser, the capabilities are nearly limitless. You can distribute scripts across many environments. Create bug reproductions scripts, and scripts to aid in automated exploratory testing.

By using versatile and common tools such as web browsers, including the most popular ones like Chrome and Firefox, one can test all manner of things. Browsers can read html, styling elements, javascript, and AJAX. They can gain incredible amounts of information and interact with web pages in ways that with just a small amount of automation can test almost everything about a web page and thus web sites. As browsers also have the ability to view certain files such .pdf files, this increases their ability to test.

The possibilities with Selenium are really wonderful to think about. But the post by Awesome testing today is talking specifically about headless browser testing.

What’s a headless browser? Simply a browser without a Graphic User Interface. So instead one uses a command line like interface or network interface. This is helpful for Continuous Integration in that a display might not always be available. Unix systems, for example, don’t have display outputs on by default. In which case, headless browsers allow us to test them instead of using combinations of other tools to do the same job.

By combining Selenium and a headless browser we can do headless browser testing on servers and web sites. It’s so simple, and also so interesting. This gave me a glimpse of the way professional testers combine multiple tools along with coding, most of the article is dedicated to showcasing java code for headless browser testing in Firefox, to create their own toolbox of software for making sure things work. It also showed a concrete example a testing method used in Continuous Integration, which was nice. I was also introduced to a very exciting new tool, Selenium. Having a new toy to play with is always exciting though.

Original post: http://www.awesome-testing.com/2017/09/firefox-selenium-browser-capabilities.html

From the blog CS@Worcester – Fu's Faulty Functions by fymeri and used with permission of the author. All other rights reserved by the author.

Thoughts on “Getting Started with AI for Testing”

In my last post, I wrote about an article that dove into the uses of AI in software testing.  Given the volume of search engine results that turned up when I started doing some research into the subject area, I thought it was worthwhile to write another piece about it.

The post I chose to write about this time is an introduction to AIST – Artificial Intelligence for Software Testing.  It is defined by Tariq King (the author of the post) as “an emerging field aimed at the development of AI systems to test software, methods to test AI systems, and ultimately designing software that is capable of self-testing and self-healing.”  Most intrigueing to me is the last part — self-healing software.

The organization hosting this blog (of which King is a founding member) is called AISTA, or the Artificial Intelligence for Software Testing Association.  Their mission is to pursue what they call the “Grand Dream” of testing: software that tests and updates itself with little need for human intervention.

King’s post is more of a survey than an in-depth piece.  He identifies three areas to explore when looking to get into AIST: artificial intelligence, software testing, and self-managing systems.  I know a little about the first two, but the third I haven’t touched on much.  Self-managing systems also appear to be the focus of AISTA.  King claims that there is “a general lack of research in the area of self-testable autonomic software”, but that recent technological developments appear to bring solutions closer practicality.

Ultimately, self-managing and self-healing systems are designed to adapt to their environment, modeled (originally by IBM) after the autonomatic nervous system in living creatures.  A self-healing system should be able to maintain homeostasis alongside self-optimization.  And that necessitates self-testing: before making changes to its own code, an autonomous system needs to ensure the change won’t do more harm than good.

So, what does a world of self-testing software mean for software testers?  It means that we may become more like teachers for software systems, moving them out of local pitfalls so that they can continue to grow.  Of course, these systems may be a long way off, and will need extensive human-driven testing and validation before they can start to test themselves.

The robots aren’t coming to take software testing jobs.  Yet.

From the blog CS@Worcester – orscsblog by orscsblog and used with permission of the author. All other rights reserved by the author.

Can Penetration Tests Actually Help Overcome the Cybersecurity Crisis

For my last blog of the semester i chose a blog on using penetration tests to strengthen cyber security, the article can be found here. In today’s time cyber attacks are becoming more and more common , and they can affect anyone from an individual to a large corporation. In the last few years alone we have seen a large number of corporations that have had to deal with large scale data leaks. Some of the ways that companies prepare for these attacks is by using vulnerability assessment, Penetration (or Pen) Testing, Security scanning, Risk Assessment, and Ethical Hacking in order to make there system more secure. In this article we are going to be focusing on Penetration Testing.

What is penetrations testing?well in this blog penetration testing is defined as follows:  a sanctioned triggered attack that is conducted on a computer system to assess security flaws, which can otherwise result in a data breach or intrusion within the system. Basically you implement a cyber security attack yourself in hopes of finding insecurity’s that might one day be exploited in a real cyber attack. This can be done both by manual testing or automated testing , and is also referred to as a white hat hack.

penetration testing can be broken down into a few different subcategories. First up we have targeted testing , which is done by the systems IT team and is witnessed by all in the system. Next up we have External testing which tests all the organizations servers that are external facing such as web servers , domain names, and firewalls. This type of testing is to see what kind of damage can be done to the system from the outside. The next type of penetration testing is internal testing , which tests what kind of damage can be done from inside the system with authorized access. The final type of testing is call blind testing and this is testing where the attacking team only has limited information to use for the attack , and this is supposed to simulate a real life attack where anything could happen.

“Gartner in its report mentions that by 2020, 40 percent of all managed security service (MSS) contracts will be bundled with other security services and broader IT outsourcing (ITO) projects, up from 20 percent today. ” As we can see the security field is growing greatly today as the threat of cyber attacks also increases. One way to combat this is with the use of penetration testing. Cyber security can be very expensive so it is important for a company to be able to use penetration tests to figure out where they should be putting there money.

In conclusion, i picked this article because it is a type of testing that i had not seen too much of through out the semester and so it peaked my interest. The thing i found the most interesting about the article is how similar this type of testing is to regular testing. Even though you are testing the security of a system , the testing is done much in the same way , by testing all the different boundaries of the system. Automation can help with this but manual testing is always needed to accompany it. For manual testing security ,many of the different testing options we have discussed would also work here like boundary value testing and edge testing. While viewing many different types of testing this semester, i noticed that they all share a lot of similarities, and they all seem to be made up of some combination of the types of testing we have learned this semester. I have build a solid testing foundation this semester which will allow me to continue learning in the field of testing as i move forward.

 

From the blog CS@Worcester – Dhimitris CS Blog by dnatsis and used with permission of the author. All other rights reserved by the author.

My final 343 Post: Abstraction

For the last couple of weeks, I’ve revisited a couple of the most important concepts of Object Oriented Programming, Polymorphism and Encapsulation. This is my final post for my CS-343 blog entries, and I have decided to continue in this trend. Today’s topic is Abstraction. This week I’ve gone to a favorite resource of mine, geeksforgeeks. Their article on Abstraction covers almost every question that comes up with Abstraction.

I feel it is best to first specify what an abstract class is, and how to make use of one. In Java, an abstract class is defined with the abstract keyword. An abstract class cannot be directly instantiated because of the abstract methods inside the class. An abstract method, is a method that does not have an implementation but must be present in all children classes. This is done via overriding the method(s) in the children classes. Only one method has to be abstract, meaning that there may be other methods that have complete implementations that are reused in their entirety by children classes. Similar to how we implement an interface, we extend abstract classes.

Like my other blog posts, I feel that the best way to learn a concept, is through examples. More importantly, the examples need to be practical, and ones we can relate to. For abstraction, the article on geeksforgeeks uses the classic Shape example that we’re all familiar with.

Our abstract class is the Shape, with three methods and one variable, or attribute. Each Shape has a color, getColor method and two abstract methods, area and toString. A Shape fits exactly into what an abstract class should have, and shows exactly what we can know, based on the object simply being a Shape. A Shape has to have a color, but the formulas for finding the area are different depending on the type of Shape, and the same goes with the toString method.

The children classes presented in the example are the Circle and the Rectangle. The UML from the original article even shows the extends declarator for the children classes. It’s important to note that the abstract methods are not rewritten in each of the children classes. This is because we have to implement them, and thus, they are carried over when we apply the extends declarator. The only new pieces of information in the UML are the attributes we can use for our abstract methods, radius for Circle, and length and width for Rectangle. As seen in the code blocks below the UML, these are used to calculate the area and then the toString.

Abstraction is one of the most important tools that any object oriented developer must have in their toolbox of concepts. This is used in almost every full scale application and often numerous times throughout. A lack of understanding of abstraction will lead to failure to excel in the software engineering world.

Original post here:

http://www.geeksforgeeks.org/abstraction-in-java-2/

 

From the blog CS@Worcester – Learning Software Development by Stephen Burke and used with permission of the author. All other rights reserved by the author.

Evaluating Software Testing Strategies

https://www.mitre.org/publications/systems-engineering-guide/se-lifecycle-building-blocks/test-and-evaluation

From the blog CS@Worcester – Caleb's Computer Science Blog by calebscomputerscienceblog and used with permission of the author. All other rights reserved by the author.

Software Testing With Security in Mind

For this weeks blog post I wanted to take a look at the security aspect of software testing.  I feel that we have discussed many aspects of software testing in our CS 443 class but one of the aspects we haven’t really gone over is how to determine whether code we write is secure.  Many of us, at some point in our carriers, will probably write software that will be used in a web/ desktop environment. By testing such code for vulnerabilities before it is released we can save ourselves and the companies we work for from falling victim to data breaches and stolen information. I found this article titled, How to Test Application Security – Web and Desktop Application Security Testing Techniques, and it discusses the issues I have just introduced.

The author of the article defines security as meaning “that authorized access is granted to protected data and unauthorized access is restricted.”  They then go on to distinguish between desktop and web-based software and the different security needs for both. Essentially, they suggest that both types of software require similar security measures to protect sensitive data, however, most web based software will require a little extra security measures since this type of software is accessible to anyone on the internet.

In the Article the author brings up a number of interesting points regarding testing how secure a piece of software is but I would like to focus on three of their main points as I feel they are really important. The three points I’d like to focus on are data protection, brut-force attacks, and SQL injections/ XSS.  To test for data protection in your software, the author suggests, you should ensure all passwords in your DB are being encrypted when they are transmitted. Also, if your software is web based, you should be using the HTTPS protocol rather than HTTP and you should test certificate validity on the server side. When it comes to testing whether your software is vulnerable to brut force attacks, the author says you should have some kind include “some mechanism of account suspension” into your software.  Finally, in order to test for SQL injections and XSS attacks we must treat any part of the code that accepts user input as a vulnerability.  The author advises that make sure there is a maximum length of characters for valid input as well as a checking mechanism for basic SQL injection techniques.

From the blog CS@Worcester – Caleb's Computer Science Blog by calebscomputerscienceblog and used with permission of the author. All other rights reserved by the author.

WebStorm Shortcuts

Before I started using WebStorm for my TypeScript project, I mainly used Microsoft Visual Studio or Eclipse. Sometimes you really take for granted being able to quickly perform certain actions using shortcuts for a specific IDE. While I could have continued to use Visual Studio for TypeScript, I figured it would be best to work with WebStorm given that my professor was using it. If I ran into a Visual Studio specific problem, he wouldn’t be able to help me, so to save any potential headache I decided against using it.

Of course, it’s not like WebStorm doesn’t have its own shortcuts. In fact, I found myself instinctively using shortcuts from Visual Studio that also ended up working in WebStorm, such as the comment shortcut (Ctrl+/). Knowing these shortcuts will likely save me time in the future, so I set out to find a list of useful WebStorm shortcuts.

10 WebStorm Shortcuts You Need to Know

In the JetBrains blog 10 WebStorm Shortcuts You Need to Know, Ekaterina Prigara shares a list of the essential shortcuts that everyone should try:

  • Search everywhere: Shift+Shift
  • Navigate to declaration: Ctrl+B or Ctrl+Click
  • Code completion with replace: Tab
  • Show intention actions: Alt+Enter
  • Extend selection: Ctrl+W
  • Run: Alt+Shift+F10
  • Expand Live template: Tab
  • Multiple cursors: Alt+Click
  • New Scratch file: Ctrl+Alt+Shift+Insert
  • Refactor: Alt+Control+Shift+T

Under each command she provided an explanation of the shortcut as well as a very useful visual of the command in action. She also provides a useful resource containing a list of all the WebStorm shortcuts for OS X, Windows, and Linux located here.

I hadn’t known about the majority of these commands. The “Code completion with replace” command is particularly useful because I recall auto-completing code while trying to replace a variable and ending up with both the new and original variables. “Multiple cursors” is one of the more interesting commands in my opinion. Being able to type the same code in multiple places at once, while pretty situational, would have been able to save me a lot of time, particularly on the HTML of some of my components. Also, Scratch files are a great idea that I had no idea even existed. Being able to create code samples or make notes directly in the IDE without affecting the rest of the project is a godsend. Not only that, but the Scratch files are saved in WebStorm if I need them later.

These commands, as well as the commands found on WebStorm’s key map reference card, are probably going to save me a lot of valuable time in the future, so it’s important to learn them as early as possible when using a new IDE.

Source: https://blog.jetbrains.com/webstorm/2015/06/10-webstorm-shortcuts-you-need-to-know/

From the blog CS@Worcester – Andy Pham by apham1 and used with permission of the author. All other rights reserved by the author.

WebStorm Shortcuts

Before I started using WebStorm for my TypeScript project, I mainly used Microsoft Visual Studio or Eclipse. Sometimes you really take for granted being able to quickly perform certain actions using shortcuts for a specific IDE. While I could have continued to use Visual Studio for TypeScript, I figured it would be best to work with WebStorm given that my professor was using it. If I ran into a Visual Studio specific problem, he wouldn’t be able to help me, so to save any potential headache I decided against using it.

Of course, it’s not like WebStorm doesn’t have its own shortcuts. In fact, I found myself instinctively using shortcuts from Visual Studio that also ended up working in WebStorm, such as the comment shortcut (Ctrl+/). Knowing these shortcuts will likely save me time in the future, so I set out to find a list of useful WebStorm shortcuts.

10 WebStorm Shortcuts You Need to Know

In the JetBrains blog 10 WebStorm Shortcuts You Need to Know, Ekaterina Prigara shares a list of the essential shortcuts that everyone should try:

  • Search everywhere: Shift+Shift
  • Navigate to declaration: Ctrl+B or Ctrl+Click
  • Code completion with replace: Tab
  • Show intention actions: Alt+Enter
  • Extend selection: Ctrl+W
  • Run: Alt+Shift+F10
  • Expand Live template: Tab
  • Multiple cursors: Alt+Click
  • New Scratch file: Ctrl+Alt+Shift+Insert
  • Refactor: Alt+Control+Shift+T

Under each command she provided an explanation of the shortcut as well as a very useful visual of the command in action. She also provides a useful resource containing a list of all the WebStorm shortcuts for OS X, Windows, and Linux located here.

I hadn’t known about the majority of these commands. The “Code completion with replace” command is particularly useful because I recall auto-completing code while trying to replace a variable and ending up with both the new and original variables. “Multiple cursors” is one of the more interesting commands in my opinion. Being able to type the same code in multiple places at once, while pretty situational, would have been able to save me a lot of time, particularly on the HTML of some of my components. Also, Scratch files are a great idea that I had no idea even existed. Being able to create code samples or make notes directly in the IDE without affecting the rest of the project is a godsend. Not only that, but the Scratch files are saved in WebStorm if I need them later.

These commands, as well as the commands found on WebStorm’s key map reference card, are probably going to save me a lot of valuable time in the future, so it’s important to learn them as early as possible when using a new IDE.

Source: https://blog.jetbrains.com/webstorm/2015/06/10-webstorm-shortcuts-you-need-to-know/

From the blog CS@Worcester – Andy Pham by apham1 and used with permission of the author. All other rights reserved by the author.

Understanding Inversion of Control

So for this week I have decided to read “Inversion of Control- An Introduction with Examples in .NET” from the joelabrahamsson website. The reason I chose this article is because with the subject of automatic testing, Inversion of Control and Dependency Injection is what I do not get mostly. It is usually a topic that I do not hear that much, so I believe this will help in understanding on the purpose of using both principles.

This article basically by the title goes over Inversion of Control from the definition to the ways of using it. So Inversion of Control is essentially a way to the invert the flow of control in comparison to procedural programming. It means that every module can focus on what is it designed for and ensures clarity with little complications. The benefits in using Inversion of Control is that when changing the interface of a particular class uses in runtime, that class can no longer be dependent on another class and the code can be decoupled. This means that the class is provided the ability to swap dependency implementations in different environments and allows a component be tested through mocking of dependencies. When having to apply Inversion of Control and getting the instance, there are two ways to get it without having to know about any concrete implementations. These ways are Dependency Injection and Service Locator. Dependency Injection injects an instance by using construction injection or property injection while Service Locator injects an instance based on the configurations of the concrete class. Dependency Injection is mostly used than that of Service Locator, but Service Locator can be used when there are situations Dependency Injection seems impractical.

Based on the content of this article, I would say that it was a good overview about the ideas of Inversion of Control. The author was able to give a few examples of using it and have the UML diagrams to back up with the codes provided. What I did before to understand Inversion of Control was to envision real life scenarios to compare without and with it. The concept is that without it, there is limited options for a software consumer. But by implementing Inversion of Control, there are more options over the software. With that in mind, it made envisioning scenarios easier than it seems.

What I learned from this article is that Inversion of Control shall not be used in all cases because of program flow. The idea is that while it is a useful way to design methods when writing a library that will be reused, it is only critical if there are many cross-cutting concerns. For future practice, I shall try to use Inversion of Control when it is necessary to change a small part of code. This is because it is a practical way of reducing code duplication and it is strong for coding against interfaces instead of implementations.

 

Link to the article: http://joelabrahamsson.com/inversion-of-control-an-introduction-with-examples-in-net/

 

From the blog CS@Worcester – Onwards to becoming an expert developer by dtran365 and used with permission of the author. All other rights reserved by the author.

Design Patterns

https://www.tutorialspoint.com/design_pattern/design_pattern_overview.htm

 

This week, for my final blog, I’ve continued the recent trend of developing the fundamentals of software engineering.  To have any hope to be a decent programmer I need a good foundation of knowledge so I can adapt and learn easily in my career.  This week, I took the time to make sure I understood the different types of design patterns.  I.e. creational, behavioral, and structural.  I chose the source above because it gave me exactly what I wanted.  A concise definition of what the types were.  The website also goes in depth about the GoF patterns as well in other articles so it’s a good resource overall.

Before explaining what the types are, we’re given a summary of what patterns are, the GoF design principles, and why we use design patterns.  In this part of the article, only one thing stuck out to me.  My opinions of patterns shifted somewhat.  These patterns are documented so that newer developers can learn design in a much easier, faster way.  There’s no need to reinvent the wheel, I should learn from my predecessors’ work.  The patterns exist to solve common problems in object oriented design so it’s best I know what problems they solve, or at least, where to look for a solution.

That’s why understanding the pattern types is essential. And, although it’s an admission of ignorance, I can say that I understand the types better now.  Or rather, what they achieve.  Creational hides creation logic while giving more flexibility for deciding what objects are needed.  Structural helps organize class hierarchy and relationships.  And, lastly, the only type I’ve active experience with, behavioral.  It concerns itself with the communication between objects of a program.  Not new to me but it’s a better articulation than my previous understanding.

From this source, I know I’ll be a more complete, competent developer.  It’s immediately applicable both as a student and an employee.  With this knowledge I’ve got an insight into what the individual design patterns achieve. As a student, which all developers are, it’s vital to my research and growth.  Knowing their nature also helps with designing since I now know I have a resource for solving Object orientated problems.  Whether I’m working in a team or on a solo project, there’ll be times I need to think for myself and solve problems.

This is an extremely basic topic and my past few post have been near the same level.  But I think it’s imperative that I understand core concepts and basics completely.  I wont always know how to do something, but knowing what to do is the first step to getting past obstacles.

From the blog CS@Worcester – W.I.P. (Something catchy) by aguillardcsblog and used with permission of the author. All other rights reserved by the author.