GREY BOX TESTING Web Apps

1
GREY BOX TESTINGWeb Apps Networking

• Session 4
• Boris Grinberg
• boris3_at_gmail.com

2
Session 4 (4 Hours)

• Here are some things that well cover
• Automated Test Process
• Install, configure and run fiddler as proxy
  server
• Learn how to use some of the Fiddler Menu items,
  Create and load Archive and more
• Discuss some aspects of the Web Testing Processes
• Lab Exercise Polish Job Interview Skills

3
Do more with Less

• A test program that incorporates automated
  testing will involve a development effort of
  strategy, goal planning, test requirements
  definition, analysis, design, development,
  execution, and evaluation.
• Because organizations are required to do more
  with less, automated testing can save time and
  money.

4
Automated Test Process

• Automated testing is important to all testing
  because you can reuse code and scripts and allow
  testers to standardize the testing process.
• In the Web environment, automated testing is
  performed across many platforms, multiple layers
  of supporting applications, interfaces,
  databases, and different applications that can
  serve as a front or back end to the application.

5
Automated Test Coverage

• Coverage can include
• Functional requirement testing
• Server performance testing
• User interface testing
• Unit testing
• Integration testing

• Program code coverage
• System load performance testing
• Boundary testing
• Security testing
• Memory leak testing
• Firewall testing
• Program module complexity analysis

• Automation has made these types of testing more
  efficient and provided more accurate results.

6
Introducing Fiddler

• HTTP/HTTPS Debugger
• Runs as a proxy server on the local machine or on
  a remote server
• Written in C (.NET Framework v2.0)
• Freely available from
• http//www.fiddler2.com

7
Debugging Production Code Fiddler

• Fiddler is a Web Debugging Proxy which logs all
  HTTP(S) traffic between your computer and the
  Internet. Fiddler allows you to inspect all
  HTTP(S) traffic, set breakpoints, and "fiddle"
  with incoming or outgoing data. Fiddler includes
  a powerful event-based scripting subsystem, and
  can be extended using any .NET language.
• Fiddler is freeware and can debug traffic from
  virtually any application, including Internet
  Explorer, Mozilla Firefox, Opera, and thousands
  more.

8
What does Fiddler do?

• Request and response modification

9
What does Fiddler do?

• Debugging non-Windows clients

PC
Mac
Fiddler
Internet
Linux
PocketPC
10
What does Fiddler do?

• HTTP/HTTPS traffic monitoring analysis

11
Installing Fiddler

• Download Fiddler25setup.exe file
• Start installation
• process

12
Installing Fiddler

• Visual steps below

13
Installing Fiddler

• Visual steps below

14
Installing Fiddler Installation was successful

15
How does Fiddler work?

• When Fiddler starts, it attaches to WinINET as
  the system default proxy
• Non-WinINET applications can be pointed to
  Fiddler by setting their proxy to 127.0.0.18888

16
Fiddler Menu File

• Start Fiddler using the Fiddler icon in your
  START Programs menu
• Open File menu
• Uncheck Capture Traffic
• Monitor Web Sessions try few URLs
• Check Capture Traffic try few URLs again

17
Lab Exercise Creating Archive

• Go to Portnov.com
• Select the session with error 404 save it in
  the archive as Portnov_404.saz
• Close Fiddler Application

18
Lab Exercise Loading Archive

• Start Fiddler
• Go to File?Load Archive
• Select the saved session Portnov_404.saz
• Tell me how this case could be used in the QA
  world?

19
Fiddler Menu Edit

• Open Edit menu
• Select and Remove any Session
• Select and Copy one Session
• Open Notepad and Paste selected data
• Mark two sessions with Orange
• Remove all unselected sessions

20
Lab Exercise Menu File and Menu Edit

• Go to CNN.com
• Menu Edit Mark two sessions with Red
• Menu File (Save All Sessions as all.saz)
• Menu Edit Remove all sessions
• Menu File Restore removed sessions
• Tell me how this case could be used in the QA
  world?

21
How to configure Firefox to use Fiddler

• Start Fiddler
• Open Firefox, use few URLs
• Go to Tools?Options and click on the Settings
  button
• Select manual proxy configuration
• Apply the following settings 127.0.0.18888 for
  all protocols
• Try few URLs again
• QUESTIONS?

22
Debagging connection problems

1. Check if problem exist with one or all browsers
2. Check Network Settings
3. Compare Network Settings on Fiddler and Browser
4. Fix the problem
5. QUESTIONS?

23
Study case Buggy Server

• Fiddler has an ability to detect many protocol
  violations.
• An example of the HTTP Protocol Violation.
• Reference Materials
• Header Field Definitions
• Key References
• RFC2616 - Hypertext Transfer Protocol

24
Web Session with Violation

• Select and double click on the session with HTTP
  Protocol violation

25
LAB Exercise Catching Web Session with Violation

• Open IE and make sure that the Fiddler is
  capturing all traffic
• Check sub-menu Capture Traffic
• Go to gazeta.ru and youll get a HTTP Protocol
  Violation notification window
• During next 10 minutes try to find more websites
  with similar errors

26
Fiddler Menus Rules Tools View and Help

• Lab Exercise
• Trying self thought process
• Use Help File, Internet, common sense
• I expecting results in 10 minutes!

27
Draft HomeWork
Example

• Select Web Application
• Use the set of questions provided by me and feel
  in the empty matrix with your answers
• Bring your Matrix with results on our next session

28
Web Testing Processes Overview

• The purpose of the Web testing process
• Objectives
• Business Requirements
• Testing Phases

29
Web Testing Processes

• The purpose of the Web testing process is to
  provide a clear and concise description of what
  needs to be done.
• Objectives
• The objective of testing is to ensure that the
  Web application is ready for operation.
• Business Requirements
• Business requirements are a collection of
  requests and lists from people who have an
  interest in the project.

30
Business Requirements

• Before beginning the testing project, the tester
  should have a set of business requirements that
  will help in understanding the functionality of
  the Web application
• A well-written set of business requirements will
  outline the goals and objectives for the business
  and serve as the foundation for your test plan.

31
Testing Phases

• As the business requirements (BR) are established
  and defined, they will become the first phase of
  your testing process.
• Understanding their magnitude will help you
  determine how to proceed with the Web test,
  determine the number of test cycles, type of test
  tools, test the data used, and set up the test
  environment.

32
Testing Checklist

• A good way to track the testing process is to
  create a checklist to make sure that you are
  following and completing the test process.
• Document Testing Checklist is an example of a
  testing checklist. You can find it in the Student
  Materials folder.
• Each item in the checklist (or checkpoint) should
  be a part of the test process and depends on the
  test life cycle, specification, management,
  commitment, and communication.

33
Variety of One, very common on the Interview,
Question

• Why do you think that you will be a good fit for
  us?
• What value youll bring to the company?
• What makes you different form other candidates?
• Why should we choose you from all competing
  candidates?

34
Tester Qualifications

• A good tester should have a combination of the
  following skills
• Communication. The ability to convey to the
  developers, testers, and users the intent of
  testing and the roles and responsibilities of all
  parties.
• Technical expertise. The ability to understand
  the Web site and how it works.
• Diplomacy. The ability to work well with others
  and come up with the best solution for the team.
• Accuracy. The ability to produce error-free
  results.
• Persistence. The ability to test and retest until
  an adequate result is achieved.

35
Tester Qualifications Persistence

• Of these qualities, persistence is the most
  important.
• A tester should have the ability to continuously
  test and retest without becoming bored or losing
  focus.
• Being able to endure this process allows the
  tester to assure accurate results, and the end
  result is happy customers.

36
LAB ExerciseJob Interview/Missing skills

• Class Discussion
• What should I do on the interview if I dont have
  some of the required skills?

37
Job Interview Missing skills

• Class Discussion
• Advice 1
• Never show a sad face
• Advice 2
• Never lie and be honest
• Advice 3
• Dont get lost
• Advice 4
• Dont take a big pause

38
Job Interview Missing skills

• Class Discussion
• Advice 1
• Never show a sad face
• Advice 2
• Never lie and be honest
• Advice 3
• Dont get lost
• Advice 4
• Dont take a big pause

39
Job Interview Missing skills

• Class Discussion
• Advice 1
• Never show a sad face
• Advice 2
• Never lie and be honest
• Advice 3
• Dont get lost
• Advice 4
• Dont take a big pause

40
Job Interview Missing skills

• Class Discussion
• Advice 1
• Never show a sad face
• Advice 2
• Never lie and be honest
• Advice 3
• Dont get lost
• Advice 4
• Dont take a big pause

41
LAB Exercise Class Discussion

• Class Discussion
• What should I do on the interview if I dont have
  some of required skills?
• Offer your other outstanding skills
• Assure in your ability to quickly learn new
  technology, gain new skills (use some examples
  from the past)
• Demonstrate your whatever it takes attitude.

42
Object-Oriented Programming Concepts

• If you've never used an object-oriented
  programming language before, you'll need to learn
  a few basic concepts before you can begin test
  any code.
• This lesson will introduce you to objects,
  classes, inheritance, interfaces, and packages.
• Each discussion focuses on how these concepts
  relate to the real world.

43
What Is an Object?

• Objects are key to understanding object-oriented
  technology. Look around right now and you'll find
  many examples of real-world objects your dog,
  your desk, your television set, your bicycle.
• Real-world objects share two characteristics
  They all have state and behavior. Dogs have state
  (name, color, breed, hungry) and behavior
  (barking, fetching, wagging tail).

44
What Is an Object?

• Bicycles also have state (current gear, current
  pedal cadence, current speed) and behavior
  (changing gear, changing pedal cadence, applying
  brakes).
• Identifying the state and behavior for real-world
  objects is a great way to begin thinking in terms
  of object-oriented programming.

45
Lab Exercise Introduction

• Take a minute right now to observe the real-world
  objects that are in your immediate area. For each
  object that you see, ask yourself two questions
• "What possible states can this object be in?"
• and
• "What possible behavior can this object
  perform?".

46
Lab Exercise Real-world objects

• Write down your observations. As you do, you'll
  notice that real-world objects vary in
  complexity your desktop lamp may have only two
  possible states (on and off) and two possible
  behaviors (turn on, turn off), but your desktop
  radio might have additional states (on, off,
  current volume, current station) and behavior
  (turn on, turn off, increase volume, decrease
  volume, seek, scan, and tune). These real-world
  observations all translate into the world of
  object-oriented programming.

47
A software object

• Software objects are conceptually similar to
  real-world objects they too consist of state and
  related behavior. An object stores its state in
  fields (variables in some programming languages)
  and exposes its behavior through methods
  (functions in some programming languages).

48
A fundamental principle of OOP

• Methods operate on an object's internal state and
  serve as the primary mechanism for
  object-to-object communication.
• Hiding internal state and requiring all
  interaction to be performed through an object's
  methods is known as data encapsulation a
  fundamental principle of object-oriented
  programming.

49
A bicycle modeled as a software object.

• By attributing state (current speed, current
  pedal cadence, and current gear) and providing
  methods for changing that state, the object
  remains in control of how the outside world is
  allowed to use it.
• For example, if the bicycle only has 6 gears, a
  method to change gears could reject any value
  that is less than 1 or greater than 6.

50
Interviews Boriss Advice 4

• Prepare and Ask questions which will
• demonstrate your knowledge
• (Waterfall, Agile or V-Model)

Address this question to the right interviewer!
51
Q A Session

• ? ? ? ? ?
• ? ? ? ? ?
• ? ? ? ? ?
• ? ? ? ? ?
• ? ? ? ? ?