How to get started Devops learning and approaches

For Devops Engineer in initial level here are the things in order for you (priority high to low), open source tools awareness and QA roles in devops process.

techsouljours.blogspot.com-Devops-qa-roles and tools

Be Ready with Centos/Ubuntu commonly used commands set. You never know when you need what with these commands.

Learn What is CI/CD and What tools are used in CI and tools used in CD (just tool names).

Learn what is Git and Basic commands. (Because Git is most commonly used version control tool for your application source code management ). Sign up in github.com Build software better, together and learn how to push your code into it.

Coming to most common CI tools : Jenkins is most preferred and open-source. Try to install it on your own. (YouTube is your best friend here).

Once you are ready with github and jenkins. Create a simple jenkins build by Integrating jenkins with github.

Docker is another high on demand Devops tool. It's container based technology. Understand this as deep as possible.

Learn Kubernetes.

Learn Ansible/Chef (configuration management tools). Try to learn these 2 tools. (atleast 1 is preferred)

Jfrog artifactory. (artifacts/binaries management tools)

At last Learn any one of cloud technologies like AWS or Azure (what are they and how they works - learning at least 1 technology is preferred with certification at the end).

AWS provides infrastructure as a service, where you can learn installing all the above tools installation using various AWS services.

Popular Devops tools

API Security Testing - How to prevent from Hacking and vulnerabilities

Web API Security testing with it's API Fuzzer that can do Information Gathering, analyze Security Headers, identify API specific vulnerabilities which ensures, that system and applications in an organization, are free from any loopholes that may cause a big loss

Types of API and their Uses

REST and SOAP API use predominantly use HTTP as their protocol
Arguments are sent as part of the URL, as HTTP Header or in the request body
Message payload is predominantly JSON for REST and XML for SOAP

Why Hack an API ?

Provoke error messages or response that give us system details

- Database names

- File Paths

- Component versions

Find Security holes that give us access to system resources
Put the API in an unavailable or unstable state (DOS)

How do I prepare for Selenium automation testing interviews?

Important topics and interview preparation for automation test engineer. Here are the list of contents explained with all useful links and updates.

Now if we assume you are ready to go and get with this career move.

Time is not a constraint, it purely depends on person’s ability to grasp

software automation engineer interview preparation

Selenium-automation-interview-preparation

Firstly, you need to learn any programming and scripting language like JAVA, Python, Ruby,etc.
Get familiar with basic concepts like OOPS concepts, various Data Types and Variables, Operators, Decision Making, Arrays, Loops, Classes and Objects, Class Constructors, String Classes, etc.
Now coming to selenium webdriver part start with Set Up/Configure Selenium WebDriver
Get acquainted with various WebDriver Commands

Below are the topics which you need to be clear to be a Professional Selenium Tester;

Core Java
Selenium WebDriver
HTML traversal & DOM concepts
CSS Selectors & XPATH
JavaScript for Selenium Webdriver
TestNG concepts for test organization, prioritization & batch execution
Github concepts for source code management
Jenkins for CD/CI
Basic understanding of different frameworks - keyword driven, data driven, hybrid, POM
Basic understanding of the workings of their current framework - folder structure, object repositories, reusable functions, test data flow, reporting libraries etc.

Appium Installation full setup on Mac for real device iOS automation (GUI & Command line tools)

Here I have displayed the procedure for the complete installation of Appium in mac for real device iOS automation. I have given the steps for Command line tool installation and GUI installation of appium in mac.

Command Line Tool Installation of Appium in MAC

Step 1 : Install java JDK:

-- > Download Link here : http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

Step 2 : Install Android Studio:

--> Download Link here: https://developer.android.com/studio/index.html

Scroll till last and find the software as below:

android-studio-ide-173.4819257-mac.dmg

Step 3 : Install Home brew

--> In Terminal install brew:

ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Step 4 : Install Node.js

--> install node.js:

download installer: https://nodejs.org/en/download/ and run

Step 5 : Install npm

--> In Terminal install npm:

brew update
brew install node
npm install -g npm

Detox: Gray Box End to End Testing Framework for Mobile Apps

Appium

We used Appium for 2 years in general and for 8 months with React Native, and found that we invested an unreasonable portion of our time writing tests and petting the system than actually writing features.

We found that End to End testing is really hard:

Tests are flaky, we got different results on different machines, frequent failures in CI, which the only solution for was addition of sleeps, which slowed the tests down.

Tests were already slow since Apple UIAutomation tool is limited to performing one action per second, and there’s a hack which removes this cap Instruments without delays (which is already unmaintained), so after each release of a new Xcode we would have to wait for patch before upgrading.

Detox Gray box, not black box

Detox does Gray box, not Black box,

A Black Box Testing

to allows the test framework to monitor the app from the inside and actually synchronize with it.

Gray box essentially uses a piece of code that is planted in the app, it can help us see what’s going on inside.

Unlike Black box, Gray box runs in the same process, has access to memory, and can monitor the execution process. Being able to read internal memory gives it the ability to detect what’s happening inside the process: if there are network requests in flight, when the main thread is idle, other threads are idle, Animations have ended, the react native bridge is idle. It can execute on main thread, to make sure that when it performs actions nothing in the UI hierarchy changes in the meantime.

MOBILE SECURITY FRAMEWORK(MOBSF) installation in Ubuntu/Linux Mint

Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile Applications and supports both binaries (APK, IPA & APPX ) and zipped source code.

MobSF can also perform Web API Security testing with it's API Fuzzer that can do Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session and API Rate Limiting.

To Install & Configure MOBSF: System Requirements:

Ubuntu 14.04
Ram >= 4GB
HDD >= 50GB
Python 2.7
Oracle JDK 1.7 or higher

INSTALL ORACLE VITUALBOX

wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add –

Install VirtualBox:

$sudo apt-get update

$sudo apt-get install vitualbox-5.0

Download latest release of MobSF:

https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/releases

Download MobSF VM 0.2 ova file:

https://goo.gl/h7CCxx

Now Copy file MobSF you download:

---> for Windows path: C:\MobSF
----> for Linux path: /home/[username]/MobSF

Install MobSF Python by using pip.

For Ubuntu:
$sudo apt-get -y install python-pip

For Windows:
Download file: https://bootstrap.pypa.io/get-pip.py

Run command:

python get-pip.py

INSTALL MOBSF

Windows: C:\Python27\Scripts\pip.exe install -r requirments.txt

Ubuntu: pip install -r requirements.txt

Install complete!

REST API Interview Questions And Answers For Software Testers

The common information about REST API for Interview section.

api testing, www.techsouljours.blogspot.com

API testing interview questions and answers

1) Explain what is REST and RESTFUL?

REST:

REST represents REpresentational State Transfer; it is a relatively new aspect of writing web API. In REST architecture, a REST Server provides access to resources and REST client accesses and presents those resources. Here each resource is identified by URIs or global IDs. REST uses different ways to represent a resource like text, JSON, and XML. XML and JSON are the most popular representations of resources these days.

RESTFUL Web Service

Mostly, there are two kinds of Web Services which are quite popular.

1. SOAP (Simple Object Access Protocol) which is an XML-based way to expose web services.

2. Web services developed using REST style are known as RESTful web services. These web services use HTTP methods to implement the concept of REST architecture. A RESTful web service usually defines a URI, Uniform Resource Identifier a service, provides resource representation such as JSON and set of HTTP Methods.

2) Explain the architectural style for creating web API?

The architectural style for creating web api are

HTTP for client server communication
XML/JSON as formatting language
Simple URI as the address for the services
Stateless communication

3) Mention what are the HTTP methods supported by REST?

HTTP methods supported by REST are:

GET: It requests a resource at the request URL. It should not contain a request body as it will be discarded. Maybe it can be cached locally or on the server.
POST: It submits information to the service for processing; it should typically return the modified or new resource
PUT: At the request URL it update the resource
DELETE: At the request URL it removes the resource
OPTIONS: It indicates which techniques are supported
HEAD: About the request URL it returns meta information

What is latest technology/trends in Software testing?

Feature of Software testing, In the next few years , testing will set some new trends that will amaze the world.

Here we go with some of the latest trends in testing domain.

Source

The Future belongs to Open Source Tools: The next decade (may be more!) will see a lot of Open source tools in action as more and more organizations will adopt them for proper implementation of Agile, DevOps, and Test Automation. Support communities for the open source tools can only become more and more involved and active.
Quality @ High speed is the new mantra: Everyone wants the best products in the fastest possible time. This is making organizations focus on providing the best user experience along with the fastest time to market. The speed is only going to increase (and the quality better) with the latest technologies and tools at the disposal of teams.
Software Development Engineers in Test (SDETs) will be in huge demand: SDETs have been existing among us since almost a decade, but their role was very different from traditional testing roles. That said, by early 2020, almost all testers will need to wear an SDET hat to be successful in the field of Test Automation, that is going to become mainstream.

OWASP ZAP Tool : Security testing tool with implementation and reports

Introduction on the OWASP ZAP Tool

OWASP ZAP :

The OWASP Foundation came online on December 1st 2001 it was established as a not-for-profit charitable organization in the United States on April 21, 2004 to ensure the ongoing availability and support for our work at OWASP.

Why to go for the OWASP ZAP ?

1. Open source Tool

2. Governed by rough consensus & running code

3. Abide by a code of ethics (see ethics)

4. Not-for-profit

5. Not driven by commercial interests

6. Risk based approach

7. Ideal for the Beginers

8. For Automating the Security Test

9. Cross Platforms

10. Easy to Install

11. Internationalized

12. Compatible with Other tools

OWASP ZAP TOP 10 Features :

1. Injection

2. Broken Authentication and Session Management

3. Cross-site Scripting (XSS)

4. Broken Access Control

5. Security Misconfiguration

6. Sensitive Data Exposure

7. Insufficient Attack Protection

8. Cross Site Request Forgery (CSRF)

9. Using Component with known Vulnerabilities

10. Underprotected API’s

Explanation of the Above Features in Details :-

1. Injection

Any source of data can be an injection vector

Often found in SQL,XPATH or NoSQL queries

It occurs when application sends untrusted data to the interpreter

For example, Attacker can execute malicious SQL statements that control a web application's database server.

How to prevent?

What is Macaca Inspector?

This is a slick web based inspector created by the Macaca team, that is from the mighty Alibaba Inc. Macaca basically provides a full suites of open source solutions based on Selenium Web Driver, for both Web and mobile. This inspector is just one of the tools.

The tool has the ability to pull Xpath values for Android or IOS.

How to Install Macaca Inspector?

These instructions are under the assumption you have Appium installed locally already with nodeJS, and Android and ANT path is set globally.

NPM command will only work if the NodeJS is installed on the system.

First you have to instal the nodeJS

1) On windows, Open up CMD and run “npm install macaca-cli -g“

Once the installation is complete, you will see the Successful message.

Install Appium in Linux Mint

Here I have displayed the installation procedure of Appium in Linux Mint

SUMMARY OF TOOLS REQUIRED BY APPIUM

Java SDK 1.7 The openjdk-7-jdk package must be installed. Do not confuse it with openjdk-7-jre, which contains just the Java runtime environment.
Apache Ant Java version of GNU make for building Java applications
Apache Maven Java dependency management and build system
RVM Ruby Version Manager
gem Ruby package manager
bundler Ruby dependency manager
Node.js JavaScript runtime
npm Node.js package manager
grunt JavaScript task runner

These tools can be installed by following the next steps.

1. INSTALL JAVA

$ sudo apt-get install openjdk-7-jdk

Sometimes Vim may not execute bashrc - in such cases, $ gedit .bashrc works where worked for me

$ vim .bashrc

export JAVA_HOME="/usr/lib/jvm/java-7-openjdk-amd64"

export PATH="$PATH:$JAVA_HOME"

$ source .bashrc

Run the following command to check whether Java is accessible:

$ java -version

You should get the following output in your terminal:

java version "1.7.0_95"

OpenJDK Runtime Environment (IcedTea 2.6.4) (7u95-2.6.4-0ubuntu0.14.04.1)

OpenJDK 64-Bit Server VM (build 24.95-b01, mixed mode)

2. INSTALL APACHE ANT

Move to the workspace folder that we created in step 0 and download the latest version of Apache Ant (which is 1.9.6 at the time of writing):

$ wget http://www.eu.apache.org/dist//ant/binaries/apache-ant-1.9.6-bin.tar.gz

When that’s done, just uncompress the file and delete the original .tar.gz folder since we won’t need it anymore.

$ tar -xvzf apache-ant-1.9.6-bin.tar.gz

$ rm apache-ant-1.9.6-bin.tar.gz

Now you will have a folder named apache-ant-1.9.6 in your workspace folder.
Use that folder to create the ANT_HOME in your .bashrc file:

$vim .bashrc

export ANT_HOME="$HOME/workspace/apache-ant-1.9.6"
export PATH="$PATH:$ANT_HOME/bin" # Add ant to PATH

$source .bashrc

From the ANT_HOME directory, run the following:

$ ant -f fetch.xml -Ddest=system

This will get the library dependencies of most of the Ant tasks that require them. If you don’t do this, many of the dependent Ant tasks will not be available.

Role of OSI Layer when we open a webpage

Our sessions are role of OSI layer when we open a webpage in a real world

When you are trying to open a web page on your PC this is what typically happens (I am just putting the basic concepts together for understanding, most of the steps below are much more elaborate, complicated and involves more devices, protocols & lot of other details than shown below)

OSI Layer pictorial representation when web launches in the browser

Role of OSI Layer when we open a website

Keep in mind that although the OSI model is what we study, we don't use OSI in real work networks. We use the TCP/IP Network Model. The OSI model is still taught due to it's usefulness in separating concepts into modules (layers). The OSI model is translated to the TCP/IP model.

Understanding of OSI Layer Model

User Launches a site in the browser, You typically type an web address (Uniform resource locator) in a Web browser. Web browser uses something called Hypertext Transfer Protocol which is an Application layer protocol.

OSI Layer Data, Protocols and activities

OSI Layer Datas, Protocols and Activities

Behind the scene the web browser get the IP address of the URL you typed (say http://www.spansid.blogspot.com) using a process can Domain Name System which is also an Application layer protocol.

Role of OSI layer when open a webpage in Seven Layer

Lighthouse

Lighthouse is an open-source, automated tool for improving the quality of web pages. You can run it against any web page, public or requiring authentication. It has audits for performance, accessibility, progressive web apps, and more.

You can run Lighthouse in Chrome DevTools, from the command line, or as a Node module. You give Lighthouse a URL to audit, it runs a series of audits against the page, and then it generates a report on how well the page did.

Here I have done Lighthouse Page Performance testing for "techsouljours.blogspot.com"

How we go for the Steps:

Steps 1. Launch the site of any URL to test and if want to check for particular page or link, kindly redirect to it.

Automation Tool for web performance with Google LightHouse

Google LightHouse Web Performace Test

2. From Keyboard press Function key F12 and go to Audit Tab.

Google automation console chrome tool for web performance report

Google LightHouse Web Performance tool - Audit

3. We could see perform an audit to test the particular page, click and proceed.

After waiting for 50 - 60 seconds

Chrome console audit for web performance for any site with html report

Google LightHouse web performance chrome console testing website with report

We could see the performance report

Device Not Found in ADB and here is the solution to connect device in system

HOW TO CONNECT DEVICE IN SYSTEM WHEN ITS NOT SHOWING IN ADB

When device will not show in ADB, Follow the steps below:

1. First make sure your device is connected in system with USB.
2. Now go to My Computer and RIGHT click and select the MANAGE.
3. Now click on Device Manager and check if your device is not installed it will be showing Question (?) Mark there under Portable Devices

ADB Device not found in windows

4. Right click on it and select the Update Driver software

ADB device not found issue resolving by updating driver software

5. Now Select Browse My computer for driver software

Update driver software for adb device not found

6. Now select the Let me Pick from a list of device on my computer

ADB device not found, solution to update driver software

7. Select the first options and keep selecting Next

ADB device found by updating driver software

8. At last select the close option as its update and now you can see the device connect and

- check in command prompt mentioning adb devices

- this command will show you all the devices connected in your system.

Hope this information will be useful to you all... :)

Post author by Test Engineer Ruchi Singh

Automation testing for mobile application via terminal to find crash (Monkey testing)

Monkey testing is a technique used in software testing to test the application or product by providing random data and observing if the system or application crashes

In Monkey testing the tester or sometimes developer also is considered like a monkey assuming that if a monkey uses the computer then he will enter some random data without any knowledge or understanding.
Here the tests done are very random and it may not be correct.
Because of such random testing the testers may not be able to recreate the issues or bugs.

Advantages of Monkey testing:

Monkey testing is a very good approach to find out some new bugs which may not be possible from the stated scenarios.
Monkey testing can also be a good way to perform stress testing and load testing since the scenarios tested are generally random and ad-hoc.
It is very easy to execute because it just requires some random data to run against some random tests.
Execution of test cases and setting up of environments expenses are very less in monkey testing.
By using tools the process of Monkey testing can be automated.
Monkey testing can be performed for desktop applications, web applications as well as mobile applications.

Wanna find more crash in the mobile application android (apk) or iOS (ipa), Here we go

Make sure your device is connected in system and Login in the App before running it.

Command you need to give in command prompt:

C:\Users\user>adb shell monkey -p com.acb.acbsmart -v 10000

-p stands for package name (com.acb.acbsmart)
-v stands for number of times you want to run (eg. you can give what ever you want like: 10000,15000, 12000,etc), it will run till that many iterations.

Monkey testing via terminal to find crash in the mobile application

Note: Before running this Monkey testing check with developer as this will Hang Server (mainly when we perform so many iteration) or best you can do is Turn off the Internet and then RUN.