Theme images by Storman. Powered by Blogger.

Software Testing

[best practices][feat1]

Recent

recentposts

Popular

Comments

recentcomments

Most Recent

Random Posts

randomposts

Facebook

page/http://facebook.com/letztest

Featured Posts

Monday, March 26, 2018

Now 'Kali Linux' can be run in your Windows 10 Machine - Yes you heard it right!

- No comments

how to install kali linux on windows

Penetration Testers and Security Specialists mushbe very familar with Kali Linux. It is one of the few hacking focused Linux distribution. So people with hardly any knowledge of Linux or anything related to computer security are now trying to use Kali as their main Linux distribution. Let me first give you all a very short introduction about Kali Linux!

What is Kali Linux?

Kali Linux is a “Penetration Testing and Ethical Hacking Linux Distribution”. Simply said, it’s a Linux distribution packed with security-related tools and targeted toward network and computer security experts. A Linux Distribution is nothing more than a bundle containing the Linux kernel, a set of core utilities and applications and some default settings. So, Kali Linux does not offer something unique in that sense most of the provided tools could be installed on any Linux distribution. 

Well but this was a disappointing factor to those who only use Windows as their OS. Here is the happy news for those guys! The wait is over :) 

Now you can download and install Kali Linux directly from the Microsoft App Store on Windows 10 just like any other application.

I know it sounds a little crazy, but it's true! Let me explain how. 

Kali Linux is the latest Linux distribution to be made available on the Windows App Store for one-click installation, joining the list of other popular distribution such as Ubuntu, OpenSUSE and SUSE Enterprise Linux.

This announcement is super exciting for penetration testers and security professionals who have limited toolsets due to enterprise compliance standards.

In Windows 10, Microsoft has provided a feature called "Windows Subsystem for Linux" (WSL) that allows users to run Linux applications directly on Windows.

For the past few weeks, we've been working with the Microsoft WSL team to get Kali Linux introduced into the Microsoft App Store as an official WSL distribution, and today we're happy to announce the availability of the 'Kali Linux' Windows application," Kali Linux said while announcing the news.

How to download and run Kali Linux on Windows 10 ?

Are you aware of the feature called WSL in windows ? If this is your first time using Windows Subsystem for Linux (WSL), you need to enable this optional Windows feature before getting the Kali Linux app.

Follow these simple steps to enable WSL:
  1. Navigate to Control Panel and go to "Apps and features"
  2. Select "Programs and Features" from the right panel
  3. Click the "Turn Windows features on or off" from the left menu
  4. Select the "Windows Subsystem for Linux" and save it
  5. Reboot your system


You can even do the same by opening PowerShell as Administrator and running the following command and restart your computer.
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
Now search for Kali Linux on Windows Store, download it with just a single click. Once you launch the application, it automatically completes Kali installation and will open the console window.

That's it! You can also check Kali Linux documentation for more information.

Kali Linux on Windows does not come with any hacking or penetration testing tools pre-installed, but you can easily install them later. Kindly note that your Antivirus application or Windows defender can trigger false-positive warning for hacking tools and exploits, but you need not worry about it. Add them to your safe list and start exploring it now!


Happy testing!

Thursday, March 22, 2018

How to choose the Best Programming language for Test Automation with Selenium

- No comments




Quite a few weeks, back, I got a question from one of my contacts in linkedin. 



So I just thought of writing this blog post to give an overview of the programming languages that every beginner should prefer while it comes to learn Selenium. Actually speaking, I would say the language doesn’t matter at all. 89% of the concepts you learn in one language can be applied to any other language. First select any language that you are comfirtable with, roll up your sleeves, and jump in. That's it :)

In Dima Kovalenko’s book Selenium Design Patterns and Best Practices, he discusses how the common Selenium command sendkeys translates in most of the other major Selenium Language bindings. Check out the example below:



This uniformity between the different Selenium language bindings applies to most of the commands in the Selenium API. So, it's really easy to transfer your knowledge of one programming language approach to another using Selenium without much effort. 

Well I can also give some tips as follows for selecting the language for test automation.

♦ The community for the specific programming language of your automation framework. ie. if you use selenium webdriver, Language support of JAVA is %68, JS %15, Python %11, %5 Ruby, %1 C# [Reference: Dave Haeffner’s SauceLabs Event Presentation].

♦ You should check which version is stable and get the updates first. For selenium, I think the JAVA bindings are getting updated at first.

♦ You should check the availability of the language support in StackOverflow.

♦ Visual Test Automation support.

♦ You should consider your competency of Programming Language which will be used in automation project.

♦ You should consider Test Runner frameworks and their capabilities such as JUnit, TestNG, NUnit, MBUnit, etc.

♦ You should consider how you can run your tests in parallel without any pain.

♦ You should consider your product/organisation programming language. In this way, you will get help from developers. If they write unit tests, that will be great! :slight_smile:

♦ Also consider the API Testing libraries of that programming language.

♦ Now-a-days BDD is a much used concept and hence the BDD support of that language should be considered.


♦ I personally feel that if you have never programmed before, it would be best to start by using a script-friendly language like Python or Ruby. Using a scripting language allows you to learn to write Selenium tests with the least amount of code in the shortest amount of time.


My final answer/recommendation:

So, to recap: What language should you use to learn Selenium?

The answer is that there is no such specific answer — but I really hope this article would help you narrow down, which language is right for your personal situation.


And may be you should consider many more items to select a programming language for test automation. If you have any feedback, please share with me in the comment section below.

Happy Testing!


 

Tuesday, September 26, 2017

How to integrate Jenkins and Gitlab

- No comments

Hey folks, hope you are doing good! It has been a while since I wrote a post here. So today let us discuss how to integrate Jenkins and Gitlab.

As you may know, Jenkins is a widely used Continuous Integration (CI) tool now-a-days and Gitlab is the leading integrated product for the entire software development lifecycle. Even though we have CI feature within the Gitlab, many prefer to use Jenkins along with Gitlab since it's more extendable with a lot more features and simple user interface.

Requirements for Gitlab – Jenkins Integration

  • Jenkins GitLab Plugin
    Build trigger that allows GitLab to trigger Jenkins builds when code is pushed or a merge request is created.
  • Jenkins Git Plugin
    This plugin allows use of Git as a build SCM, including repository browsers for several providers.
First, we must create a user that Jenkins will use to interact via the GitLab API. You should set this user as global admin or add as a member to related Group/Project. In order to report build status, developer permission required.

First open GitLab and go to Profile Settings

Then, click “Access Token” and create a Jenkins API Token.



 Then, save and copy this API Token. Let’s go on with Configure the Jenkins Server.

Configure the Jenkins Server

Go to Jenkins and install Jenkins GitLab Plugin and Jenkins Git Plugin.

Go to Manage Jenkins -> Configure System and scroll down to the ‘GitLab‘ section.

Write a custom connection name, enter the GitLab server URL in the ‘GitLab host URL‘ field and click Add -> Jenkins button.

Then, fill required fields as shown below with the Jenkins Access API Token which we created in GitLab before.


 Then, select this API Token credential and finally click “Test” and see the “Success” message.


Create and Configure a Jenkins Job

Create a new job on Jenkins and then click “Configure”.

Give a project name, Click “Discard old builds” checkbox and write “3” for “Max # of builds to keep“. It only keeps last 3 builds and saves disk space.

For “GitLab connection” field, select predefined connection which is done with GitLab plugin above.

For “Gitlab Repository Name” write “<group name>/<repository name>“. You can see this on GitLab projects page.




Then go to Credentials –> System –> “Add domain” and click “Add credentials” as shown below,

Then, add your GitLab username and password as shown below and click OK.

After that, select “Git” as Source Code Management system. Fill “Repository URL“, Select Credentials which is added above, set branch, select repository browser as gitlab, and write your project URL and GitLab version as shown below.


Build Triggers

For build trigger section you can do below settings for changes going in to GitLab.


And at last, we should add “Publish build status to GitLab commit” in the post build step to enable the feedback. It provides us notifications in GitLab.


 For WebHooks go to your Project in GitLab and click settings icon and click “WebHooks


Then add a WebHook. In the webhook you need to enter the build url and you may also need to generate a key in jenkins and paste it in the webhook. Finally  if you click the 'Test' button, you should see “HTTP 200” response if it's working.


When test executed, you should see below message.


We have done the all settings! If you push a commit to the GitLab repository, you will see the Jenkins job start running and when the job finishes, you will see the status next to the commit in GitLab.

Notes

  • You can also try using SSH Key Pairs. For that please check instructions here and you may also check this awesome article.

Friday, June 16, 2017

If you think you are too late to accomplish something in your life, just go through these.

- No comments
Recently I came-across a very interesting post in my LinkedIn feed and I couldn't stop myself to share that post in my blog as well.

I always had a thought in my mind,

Everyone have something to do in their life and if you find that something, then it will bring you everything.

This is something which I have phrased, so that I could always say this to me, mostly at the times when I am completely down. :)

Those born to become businessmen will do that at any age. These graphics by Anna Vital show us how important it is to always keep being yourself and work hard on your ideas, despite the stuff you're busy with now and the number of years estimating on figures in your passport.

Infographics of insppirational stories


How to start a startup

31 ways to be creative

how angry birds started

how airbnb started


how instagram started

how pinterest started

how to succeed in a startup






I am sure you are motivated enough! Now go and find that something which could bring everything in your life. :)

Feel free to drop your words below. :)

Tuesday, May 2, 2017

Learn API Test Automation using Postman in 15 minutes.

- No comments


Now-a-days we live in an exciting age of intelligence, where progress moves at the speed of imagination. We are connected to the entire world and to each another like never before. Have you imagined how we have made all these possible ?

API(Application Programming Interface) is the invisble hero here. Now let's try to know something about API’s and why/how API testing is gaining a vital role.

WHAT IS AN API?

API’s are used to connect or integrate two or more systems together ie. you can make data available for other systems to access via API or accept data from other systems. This is how different devices and applications talk to each other and share information.

Prominent companies like Google, Facebook, Twitter etc use API’s so that their application can communicate with third party programs. Do you know how a website works in a browser ? Usually API works similar to this way. A request is made from the client to the server and we get the response over the HTTP protocol. 

API Analogy

We can demonstrate API's using an interesting analogy. Letz consider a hotel where we can find mainly three components.

  1. a Customer
  2. a Waiter
  3. a Cook
API's are like waiters in a restaurant. The Waiter takes the request from the customers (which is the order for food)  and conveys it to the Cook (which is our server) and gets the food(response) from the cook to the customers. API’s do the exact same thing. API is the messenger that takes your request and tells the systems what to do and then returns the response back to you.

What is API Testing ?
 
API Testing is a type of software testing which involves testing the application programming interfaces (APIs) directly and as part of integration testing to determine if they meet expectations for functionality, performance, reliability and security. Since APIs normally lack a GUI, it's being performed at the business layer. During the API testing the data is exchanged from XML or JSON through HTTP requests and responses. Ideally these are technology independent and will work with any of the technologies and programming languages .

Postman is a Google Chrome app that helps you to create, save, send HTTP requests and test the response data.  It helps to automate the process of making API requests and testing API responses, allowing testers to establish a very efficient workflow. Most programmers and testers are familiar with Postman. However, many use it just to check the response for the services that they are working on. They are unaware of the powerful features that postman offers like: Collections, Tests and Pre-request scripts. In this article, I would like to give a quick overview of the test snippets provided by Postman.

Postman is very powerful with it's automation capabilities which makes it my favorite. Moreover, the learning curve for using it is very low and the app provides a very clean and intuitive user interface to test your server requests. These tests will validate every single time if the response is correct. JavaScript is the language used and it has also some inbuilt snippets, which allows any inexperienced tester to write an efficient test.

Frequently used snippets with practical examples:

Lets go through some of the frequently used snippets. To begin writing a test, first click on the ‘Tests’ tab under Postman ’Builder’ tab. You can select a snippet that is on the right panel.

This will generate a code template and you can modify it based on your context.
  • Snippet- ‘Status code is 200’
    tests[“Status code is 400”] = responseCode.code === 200;
This is the most basic snippet which checks if the response code is 200(The request has succeeded). You can use the snippet as is, with most positive scenarios. For scenarios as logging in with invalid credentials you can assign the response to 400(Bad request).

     tests[“Status code is 400”] = responseCode.code === 400;
  • Snippet- ‘Response time is less than 200ms’
tests[“Response time is less than 200ms”] = responseTime < 200;
This simple snippet checks if the response time was less than 200ms. You can modify it based on your context. For a scenario like uploading a large file you can edit this snippet as follows:

tests[“Response time is less than 1 minute”] = responseTime < 60000;
  • Snippet- ‘Response body: Contains string’
tests[“Body matches string”] = responseBody.has(“string_you_want_to_check“);
In case you are running a test that is attempting to log in with invalid credentials, assume that you will get a response like the one below. You can use this simple code to check for a string in the response.



 Response
 Test
 What the test does

{   “errorCode”: “TAR_ERR400_06”,
  “statusCode”: 400,
  “message”: “Invalid credentials.”
}



tests[“Body has the string invalid credentials”] =responseBody.has(“Invalid credentials. “);


This test snippet will check the response for the string “Invalid credentials.

  • Snippet- ‘Response body: JSON value check’
var jsonData = JSON.parse(responseBody); tests[“Your test name”] = jsonData.value === 100;
In case  you are trying to login with invalid credentials, the test below will check if the ‘errorCode’ in the response is correct.


 Response
 Test
 What the test does

{   “errorCode”: “TAR_ERR400_06”,
  “statusCode”: 400,
  “message”: “Invalid credentials.”
}


var data = JSON.parse(responseBody); tests[“errorcode “] = jsondata.errorCode === “TAR_ERR400_06”;


This test checks if the errorCode is: “TAR_ERR400_06”


Working with variables (Environment and global)

1. Environment Variables: Environments- give you the ability to customize requests using variables. This way you can easily switch between different servers without changing your requests.
  • To add an environment click on ‘No environment’ on the top right corner of the screen
  • Click on ‘Manage Environment’
  • Click on ‘Add’ and set the environment name as ‘Test’
  • You Can add variables as key value pairs
For example :  URL   https://productionserver.com

It is possible to create multiple environments and each could have a variable called ‘URL’-signifying the actual URL. For example, if we have 2 different environments called staging (url:https://stagingserver.com ) and production (url: https://productionserver.com), environment variables can be used in the form – {{variableName}}. The string {{variableName}} will be replaced with its corresponding value. Henceforth we can use the same request {{URL}}/userlogin and only switch the environment before running it.

After setting up the environments, you are just a click away from switching between environments.
  • Snippet- ‘Set an environment Variable’
    You can chain requests by extracting data from responses and assign them to an environment using test scripts. You can use the test snippet Set an environment Variable” to create an environment variable from your response data.
var jsonData = JSON.parse(responseBody); postman.setEnvironmentVariable(“variable_key”, “variable_value”);

 Response
 Test
 What the test does


{   “errorCode”: “TAR_ERR400_06”,
  “statusCode”: 400,
  “message”: “Invalid credentials.”
}



var jsonData = JSON.parse(responseBody); postman.setEnvironmentVariable(“Userid”, jsonData. userId);

This  parses the response body and assigns the value of ‘userId’ in the response data by creating an environment variable: ‘Userid’.

You can then pass the value ‘Userid’ in any of the next requests. An example below:

Assume 1172 is your user id in this request – https://productionserver.com/get/1172
You can use the environment variable as https://productionserver.com/get/{{UserId}}

Similarly you can use it in your request body as shown below:

{
“name”:”xyz”,
“userid”: “{{UserId}}”,
“label”: “Label2”
}

2.     Global Variables: Global variables provide a set of variables that are always in scope. You can have multiple environments, and only one can be activated at a time.  There is going to be one set of global variables that are always going to be available. You can use them in the same way as the environment variables- {{variableName}}.

Clear Global and Environment variables: You can always clear an environment variable or a global variable using the snippets below:

postman.clearGlobalVariable(“variable_key”);
postman.clearEnvironmentVariable(“variable_key”);

Tiny Validator for JSON Data

Tiny Validator helps you to validate the schema of your response. An example below:


 Response
 Test
 What the test does


{ “userId”: 123,
“fname”: “Prashant”,
“lname”: “Hegde”,
“username”: “admin@izent.com”,
“role”: “admin”,
“projects”: 0,
“phoneNo”: null,
}


var schema = { “items”: {
“type”: “string”
}
};
var data1 = [jsonData.fname,jsonData.lname];
console.log(tv4.error);
tests[“Valid Data1”] = tv4.validate(data1, schema);

Checks if the fname and lname are strings.
Similarly validates the  entire response schema.

Actually Postman is a really a time saver making it easier for developers to develop and test APIs. And when coming to testing of these API's it drastically reduces the pressure of regression testing from the QA team. API automated tests are far less time consuming than UI automated tests. The major advantage of API automation is that we can access the application without a user interface. This provides an early evaluation of its overall build strength before running GUI tests.

By integrating the API automated tests to the build server, the QA team can provide a quick feedback on the health of the application as soon as it is deployed. This is achievable with Newman, a command-line collection runner for Postman. It allows you to easily run a Postman collection directly from the command-line, and integrate it with your continuous integration server.

We shall discuss about Newman in the later topics. I hope this will give you a good start with the testing and automation of API's.

Well am not sure if you have reached here within 15 minutes as I said in the title but I hope this will  give you a good start with the understanding, testing and automation of API's.

Leave your comments/views below!