DOCSLIB.ORG

Extending Htmlunit for Test Automatisation of Web Applications Using AJAX

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Extending Htmlunit for Test Automatisation of Web Applications Using AJAX Die approbierte Originalversion dieser Diplom-/Masterarbeit ist an der Hauptbibliothek der Technischen Universität Wien aufgestellt (http://www.ub.tuwien.ac.at). The approved original version of this diploma or master thesis is available at the main library of the Vienna University of Technology (http://www.ub.tuwien.ac.at/englweb/). Extending HtmlUnit for Test Automatisation of Web Applications using AJAX DIPLOMARBEIT zur Erlangung des akademischen Grades Diplom-Ingenieur im Rahmen des Studiums Software Engineering & Internet Computing eingereicht von Andreas Langer Matrikelnummer 0125651 an der Fakultät für Informatik der Technischen Universität Wien Betreuung: Betreuer/Betreuerin: Univ.-Prof. Dipl.-Ing. Dr. techn. Thomas Grechenig Mitwirkung: Dipl.-Ing. Mario Bernhart Wien, 20.04.2009 _______________________ ______________________ (Unterschrift Verfasser/in) (Unterschrift Betreuer/in) Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43/(0)1/58801-0 http://www.tuwien.ac.atH DIPLOMA THESIS Extending HtmlUnit for Test Automatisation of Web Applications using AJAX Submitted for the academic degree of Diplomingenieur (Dipl.-Ing) carried out at the Institute of Computer Aided Automation Research Group for Industrial Software Vienna University of Technology under the guidance of Univ.-Prof. Dipl.-Ing. Dr. techn. Thomas Grechenig and Dipl.-Ing. Mario Bernhart by Andreas Langer Freyenthurmgasse 18/1/6 1140 Wien Vienna, April 20, 2009 Eidesstattliche Erklärung Ich erkläre an Eides statt, dass ich die vorliegende Arbeit selbständig und ohne fremde Hilfe verfasst, andere als die angegebenen Quellen nicht benützt und die den benutz- ten Quellen wörtlich oder inhaltlich entnommenen Stellen als solche kenntlich ge- macht habe. Wien, am ---------------------------------------------- Name Acknowledgements This work has been carried out at the research group for Industrial Software (www.inso.tuwien.ac.at), an informal group hosted by the Institute of Automation at the faculty of Informatics at the Vienna University of Technology. I would like to express my sincere gratitude and appreciation to all those who made this diploma thesis possible. Special thanks are due to my advisors Mario Bernhart and Professor Thomas Grechenig and to the developers of HtmlUnit Daniel Gredler, Stan Silvert and Marc Guillemot. I am deeply indepted to my parents for supporting and motivating me throughout the years of studying and stimulating my interest in technical science. I thank my sisters, friends and colleagues who made the course of my studies a marvellous time to re- member. Abstract Software testing is a part of the software development process. It is a challenging task and testing Web-based applications may be even more difficult, due to the peculiarities of such applications. New technologies in internet applications require adaptations of most test frameworks. A very popular technology which is widely used from many well known internet services is called AJAX. AJAX stands for “Asynchronous JavaScript and XML” and is a combination of many known technologies, which allow asynchro- nous data communication between server and client. In contrast to the standard syn- chronous data communication, which means loading an entire web page after each re- quest, AJAX allows dynamic refreshes of the web page and data exchange of parts of the page. Thus testing of such internet applications is different from testing of “normal” applications because there can be interactions with the server without the need to load a new page. Communication is done in the background and the current page stays the same except of minor changes. This paper gives an overview of the basic principles of automated software tests, espe- cially automated testing of web based applications. Furthermore it shows the influence of AJAX concerning web development and testing of web applications. The main issue of this paper is to extend HtmlUnit for test automation of web applications using AJAX. Based on the used concepts it is possible to extend further test frameworks. HtmlUnit is a test framework for internet applications. It simulates a web browser and provides many functions to check the content of a web page. HtmlUnit doesn’t have a graphical user interface but it is written in the programming language Java. Test cases are written using JUnit tests but like many other test frameworks HtmlUnit has some problems testing AJAX enabled internet applications. keywords: test automation, AJAX, HtmlUnit, web testing Kurzfassung Software Testen ist ein fixer Bestandteil im Software Entwicklungsprozess. Automati- sierte Tests können den Aufwand für das Testen der Software erheblich erleichtern. Speziell im Bereich der Internet Applikationen gibt es eine Reihe weiterer Aspekte die beim Testen beachtet werden müssen. Neue Technologien im Internet verlangen eine Anpassung bei vielen Testumgebungen. Die bekannteste Technologie die zurzeit sehr populär ist und von vielen Internet Diensten verwendet wird heißt AJAX. AJAX steht für „Asynchrounous JavaScript and XML“ und ist eine Kombination vieler bekannter Techniken, die zusammen asynchrone Kommunikation zwischen Client und Server er- laubt. Im Gegensatz zum konventionellen Ansatz, dass immer eine vollständige Seite geladen werden muss, ermöglicht AJAX den Datenaustausch von Teilen einer Webseite oder das dynamische Nachladen von Inhalten. Dadurch verändert sich das Testen von Internet Applikationen erheblich, da eine Interaktion mit dem Server nicht automatisch das Laden einer neuen Seite bedeutet sondern im Hintergrund abläuft und die aktuelle Seite, bis auf parzielle Veränderungen, dieselbe bleibt. Diese Arbeit gibt eine Übersicht über das Automatisierte Testen von Software, im spe- ziellen von Internet basierten Programmen. Des Weiteren werden der Einfluss von AJAX und die damit verbundenen Veränderungen analysiert. Der Kernpunkt dieser Arbeit ist das Erweitern von HtmlUnit, um damit auch Internet Applikationen, die AJAX verwenden, testen zu können. Aufbauend auf diesem Konzept ist es möglich, auch andere, ähnlich gebaute Test Werkzeuge zu erweitern. HtmlUnit ist eine Testumgebung für Internet Applikationen. Es simuliert einen Browser und stellt viele Funktionen zum Überprüfen von Internet Seiten zur Verfügung. HtmlU- nit hat keine Grafische Oberfläche sondern ist komplett in der Programmiersprache Java geschrieben. JUnit Tests bieten umfangreiche Möglichkeiten zum Testen von Applika- tionen, aber HtmlUnit hat, wie viele andere Testumgebungen, Probleme bei Internet Applikationen, die AJAX verwenden. Stichwörter: Testautomatisierung, AJAX, HtmlUnit, Testen von Internet Applikatio- nen I Contents Contents .............................................................................................................. I List of Figures ....................................................................................................IV List of Tables ......................................................................................................V 1 Introduction ................................................................................................. 1 1.1 Problem Description ............................................................................. 1 1.2 Motivation ............................................................................................ 1 1.3 Goals and Objectives ........................................................................... 1 1.4 Organization of this Thesis .................................................................. 1 2 Foundations ................................................................................................ 3 2.1 Software Test Automation .................................................................... 3 2.1.1 Objectives and non-objectives of automated software tests ............. 3 2.1.2 The promise of test automation: ....................................................... 4 2.1.3 Automated Comparison .................................................................... 5 2.1.4 Comparing different types of outcome .............................................. 7 2.1.5 Comparison filters ............................................................................ 9 2.1.6 Sensitive tests versus robust tests ................................................... 9 2.1.7 Scripting techniques ....................................................................... 10 2.1.8 Test maintenance ........................................................................... 15 2.1.9 Metrics ............................................................................................ 17 2.2 State of the Technology ..................................................................... 19 2.2.1 Automated web testing ................................................................... 19 2.2.2 AJAX (Asynchronous JavaScript and XML) ................................... 26 2.3 Selected Open Source Testing Frameworks ..................................... 33 2.3.1 HtmlUnit ......................................................................................... 33 2.3.2 JSFUnit .......................................................................................... 41 3 Requirements for the Framework Extension ............................................. 43 3.1 Criteria for a satisfying controller ....................................................... 43 3.2 Proposals for solution ........................................................................ 43 3.2.1 NicelyResynchronizingAjaxController
Load more

Recommended publications
  • SHOW TEASE: It's Time for Security Now!. Steve Gibson Is Here. We're Going to Talk About the Strange Case of the Estonian ID Cards
    Security Now! Transcript of Episode #642 Page 1 of 30 Transcript of Episode #642 BGP Description: This week we examine how Estonia handled the Infineon crypto bug; two additional consequences of the pressure to maliciously mine cryptocurrency; zero-day exploits in the popular vBulletin forum system; Mozilla in the doghouse over "Mr. Robot"; Win10's insecure password manager mistake; when legacy protocol come back to bite us; how to bulk-steal any Chrome user's entire stored password vault; and we finally know where and why the uber-potent Mirai botnet was created, and by whom. We also have a bit of errata and some fun miscellany. Then we're going to take a look at BGP, another creaky yet crucial - and vulnerable - protocol that glues the global Internet together. High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-642.mp3 Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-642-lq.mp3 SHOW TEASE: It's time for Security Now!. Steve Gibson is here. We're going to talk about the strange case of the Estonian ID cards. A weird bug or actually flaw introduced into Microsoft's Windows 10. We're still not sure exactly who got it and why. We'll also talk about the case of the Firefox plugin promoting "Mr. Robot," and a whole lot more, all coming up next on Security Now!. Leo Laporte: This is Security Now! with Steve Gibson, Episode 642, recorded Tuesday, December 19th, 2017: BGP. It's time for Security Now!, the show where we cover your security online with this guy right here, the Explainer in Chief, Steve Gibson.
    [Show full text]
  • Computing Fundamentals and Office Productivity Tools It111
    COMPUTING FUNDAMENTALS AND OFFICE PRODUCTIVITY TOOLS IT111 REFERENCENCES: LOCAL AREA NETWORK BY DAVID STAMPER, 2001, HANDS ON NETWORKING FUNDAMENTALS 2ND EDITION MICHAEL PALMER 2013 NETWORKING FUNDAMENTALS Network Structure WHAT IS NETWORK Network • An openwork fabric; netting • A system of interlacing lines, tracks, or channels • Any interconnected system; for example, a television-broadcasting network • A system in which a number of independent computers are linked together to share data and peripherals, such as hard disks and printers Networking • involves connecting computers for the purpose of sharing information and resources STAND ALONE ENVIRONMENT (WORKSTATION) users needed either to print out documents or copy document files to a disk for others to edit or use them. If others made changes to the document, there was no easy way to merge the changes. This was, and still is, known as "working in a stand-alone environment." STAND ALONE ENVIRONMENT (WORKSTATION) Copying files onto floppy disks and giving them to others to copy onto their computers was sometimes referred to as the "sneakernet." GOALS OF COMPUTER NETWORKS • increase efficiency and reduce costs Goals achieved through: • Sharing information (or data) • Sharing hardware and software • Centralizing administration and support More specifically, computers that are part of a network can share: • Documents (memos, spreadsheets, invoices, and so on). • E-mail messages. • Word-processing software. • Project-tracking software. • Illustrations, photographs, videos, and audio files. • Live audio and video broadcasts. • Printers. • Fax machines. • Modems. • CD-ROM drives and other removable drives, such as Zip and Jaz drives. • Hard drives. GOALS OF COMPUTER NETWORK Sharing Information (or Data) • reduces the need for paper communication • increase efficiency • make nearly any type of data available simultaneously to every user who needs it.
    [Show full text]
  • Chrome Devtools Protocol (CDP)
    e e c r i è t t s s u i n J i a M l e d Headless Chr me Automation with THE CRRRI PACKAGE Romain Lesur Deputy Head of the Statistical Service Retrouvez-nous sur justice.gouv.fr Web browser A web browser is like a shadow puppet theater Suyash Dwivedi CC BY-SA 4.0 via Wikimedia Commons Ministère crrri package — Headless Automation with p. 2 de la Justice Behind the scenes The puppet masters Mr.Niwat Tantayanusorn, Ph.D. CC BY-SA 4.0 via Wikimedia Commons Ministère crrri package — Headless Automation with p. 3 de la Justice What is a headless browser? Turn off the light: no visual interface Be the stage director… in the dark! Kent Wang from London, United Kingdom CC BY-SA 2.0 via Wikimedia Commons Ministère crrri package — Headless Automation with p. 4 de la Justice Some use cases Responsible web scraping (with JavaScript generated content) Webpages screenshots PDF generation Testing websites (or Shiny apps) Ministère crrri package — Headless Automation with p. 5 de la Justice Related packages {RSelenium} client for Selenium WebDriver, requires a Selenium server Headless browser is an old (Java). topic {webshot}, {webdriver} relies on the abandoned PhantomJS library. {hrbrmstr/htmlunit} uses the HtmlUnit Java library. {hrbrmstr/splashr} uses the Splash python library. {hrbrmstr/decapitated} uses headless Chrome command-line instructions or the Node.js gepetto module (built-on top of the puppeteer Node.js module) Ministère crrri package — Headless Automation with p. 6 de la Justice Headless Chr me Basic tasks can be executed using command-line
    [Show full text]
  • Test Driven Development and Refactoring
    Test Driven Development and Refactoring CSC 440/540: Software Engineering Slide #1 Topics 1. Bugs 2. Software Testing 3. Test Driven Development 4. Refactoring 5. Automating Acceptance Tests CSC 440/540: Software Engineering Slide #2 Bugs CSC 440/540: Software Engineering Slide #3 Ariane 5 Flight 501 Bug Ariane 5 spacecraft self-destructed June 4, 1996 Due to overflow in conversion from a floating point to a signed integer. Spacecraft cost $1billion to build. CSC 440/540: Software Engineering Slide #4 Software Testing Software testing is the process of evaluating software to find defects and assess its quality. Inputs System Outputs = Expected Outputs? CSC 440/540: Software Engineering Slide #5 Test Granularity 1. Unit Tests Test specific section of code, typically a single function. 2. Component Tests Test interface of component with other components. 3. System Tests End-to-end test of working system. Also known as Acceptance Tests. CSC 440/540: Software Engineering Slide #6 Regression Testing Regression testing focuses on finding defects after a major code change has occurred. Regressions are defects such as Reappearance of a bug that was previous fixed. Features that no longer work correctly. CSC 440/540: Software Engineering Slide #7 How to find test inputs Random inputs Also known as fuzz testing. Boundary values Test boundary conditions: smallest input, biggest, etc. Errors are likely to occur around boundaries. Equivalence classes Divide input space into classes that should be handled in the same way by system. CSC 440/540: Software Engineering Slide #8 How to determine if test is ok? CSC 440/540: Software Engineering Slide #9 Test Driven Development CSC 440/540: Software Engineering Slide #10 Advantages of writing tests first Units tests are actually written.
    [Show full text]
  • Silkperformer® 2010 R2 Release Notes Borland Software Corporation 4 Hutton Centre Dr., Suite 900 Santa Ana, CA 92707
    SilkPerformer® 2010 R2 Release Notes Borland Software Corporation 4 Hutton Centre Dr., Suite 900 Santa Ana, CA 92707 Copyright 2009-2010 Micro Focus (IP) Limited. All Rights Reserved. SilkPerformer contains derivative works of Borland Software Corporation, Copyright 1992-2010 Borland Software Corporation (a Micro Focus company). MICRO FOCUS and the Micro Focus logo, among others, are trademarks or registered trademarks of Micro Focus (IP) Limited or its subsidiaries or affiliated companies in the United States, United Kingdom and other countries. BORLAND, the Borland logo and SilkPerformer are trademarks or registered trademarks of Borland Software Corporation or its subsidiaries or affiliated companies in the United States, United Kingdom and other countries. All other marks are the property of their respective owners. ii Contents SilkPerformer Release Notes ..............................................................................4 What's New in SilkPerformer 2010 R2 ...............................................................5 Browser-Driven Load Testing Enhancements .......................................................................5 Enhanced Support for Large-Scale Load Testing .................................................................6 Support for Testing BlazeDS Server Applications .................................................................7 Support for Custom Terminal Emulation Screen Sizes .........................................................7 Graceful Disconnect for Citrix Sessions ................................................................................7
    [Show full text]
  • Selenium Python Bindings Release 2
    Selenium Python Bindings Release 2 Baiju Muthukadan Sep 03, 2021 Contents 1 Installation 3 1.1 Introduction...............................................3 1.2 Installing Python bindings for Selenium.................................3 1.3 Instructions for Windows users.....................................3 1.4 Installing from Git sources........................................4 1.5 Drivers..................................................4 1.6 Downloading Selenium server......................................4 2 Getting Started 7 2.1 Simple Usage...............................................7 2.2 Example Explained............................................7 2.3 Using Selenium to write tests......................................8 2.4 Walkthrough of the example.......................................9 2.5 Using Selenium with remote WebDriver................................. 10 3 Navigating 13 3.1 Interacting with the page......................................... 13 3.2 Filling in forms.............................................. 14 3.3 Drag and drop.............................................. 15 3.4 Moving between windows and frames.................................. 15 3.5 Popup dialogs.............................................. 16 3.6 Navigation: history and location..................................... 16 3.7 Cookies.................................................. 16 4 Locating Elements 17 4.1 Locating by Id.............................................. 18 4.2 Locating by Name............................................ 18 4.3
    [Show full text]
  • Instrumentation De Navigateurs Pour L'analyse De Code Javascript
    Under the DOM : Instrumentation de navigateurs pour l’analyse de code JavaScript Erwan Abgrall1,2 et Sylvain Gombault2 [email protected] [email protected] 1 DGA-MI 2 IMT Atlantique - SRCD Résumé. Les attaquants font, de plus en plus, usage de langages dy- namiques pour initier leurs attaques. Dans le cadre d’attaques de type « point d’eau » où un lien vers un site web piégé est envoyé à une victime, ou lorsqu’une application web est compromise pour y héberger un « ex- ploit kit », les attaquants emploient souvent du code JavaScript fortement obfusqué. De tels codes sont rendus adhérents au navigateur par diverses techniques d’anti-analyse afin d’en bloquer l’exécution au sein des ho- neyclients. Cet article s’attachera à expliquer l’origine de ces techniques, et comment transformer un navigateur web « du commerce » en outil d’analyse JavaScript capable de déjouer certaines de ces techniques et ainsi de faciliter notre travail. 1 Introduction Cet article a pour objectif d’introduire le lecteur au monde de la désobfucation JavaScript, et de proposer une nouvelle approche à cette problématique dans le cadre de l’analyse de sites malveillants, plus com- munément appelés « exploit kits ». Il va de soi que la compréhension des mécanismes de base du langage JavaScript est un pré-requis. Le lecteur souhaitant se familiariser avec celui-ci pourra lire l’excellent Eloquent- JavaScript 3. Bien entendu l’analyse de codes malveillants quels qu’ils soient doit se faire dans un environnement correspondant aux risques in- duits 4 5. Enfin, pour vous faire la main, un ensemble de sites malveillants potentiellement utiles aux travaux de recherches est proposé en ligne 6.
    [Show full text]
  • Download Selenium 2.53.0 Jars Zip File Download Selenium 2.53.0 Jars Zip File
    download selenium 2.53.0 jars zip file Download selenium 2.53.0 jars zip file. Completing the CAPTCHA proves you are a human and gives you temporary access to the web property. What can I do to prevent this in the future? If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware. If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices. Another way to prevent getting this page in the future is to use Privacy Pass. You may need to download version 2.0 now from the Chrome Web Store. Cloudflare Ray ID: 66a759273d76c3fc • Your IP : 188.246.226.140 • Performance & security by Cloudflare. Download selenium 2.53.0 jars zip file. Completing the CAPTCHA proves you are a human and gives you temporary access to the web property. What can I do to prevent this in the future? If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware. If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices. Another way to prevent getting this page in the future is to use Privacy Pass. You may need to download version 2.0 now from the Chrome Web Store.
    [Show full text]
  • A4Q Selenium Tester Foundation Syllabus
    A4Q Selenium Tester Foundation Syllabus Released Version 2018 Alliance for Qualification Version 2018 © A4Q Copyright 2018 © A4Q Copyright 2018 - Copyright notice All contents of this work, in particular texts and graphics, are protected by copyright. The use and exploitation of the work is exclusively the responsibility of the A4Q. In particular, the copying or duplication of the work but also of parts of this work is prohibited. The A4Q reserves civil and penal consequences in case of infringement. Revision History Version Date Remarks Version 2018 5 August 2018 1. Release version Version 2018 3 December 2018 Minimal corrections Version 2018 © A4Q Copyright 2018 2 Table of Contents Table of Contents 2 0 Introduction 4 0.1 Purpose of this Syllabus 4 0.2 Examinable Learning Objectives and Cognitive Levels of Knowledge 4 0.3 The Selenium Tester Foundation Exam 4 0.4 Accreditation 5 0.5 Level of Detail 5 0.6 How this Syllabus is Organized 5 0.7 Business Outcomes 6 0.8 Acronyms 6 Chapter 1 - Test Automation Basics 7 1.1 Test Automation Overview 7 1.2 Manual vs. Automated Tests 9 1.3 Success Factors 12 1.4 Risks and Benefits of Selenium WebDriver 13 1.5 Selenium WebDriver in Test Automation Architecture 14 1.6 Purpose for Metrics Collection in Automation 16 1.7 The Selenium Toolset 18 Chapter 2 - Internet Technologies for Test Automation of Web Applications 20 2.1 Understanding HTML and XML 20 2.1.1 Understanding HTML 20 2.1.2 Understanding XML 28 2.2 XPath and Searching HTML Documents 30 2.3 CSS Locators 33 Chapter 3 - Using Selenium WebDriver
    [Show full text]
  • Practical Issues with TLS Client Certificate Authentication
    Practical Issues with TLS Client Certificate Authentication Arnis Parsovs Software Technology and Applications Competence Center, Estonia University of Tartu, Estonia [email protected] Abstract—The most widely used secure Internet communication Active security research is being conducted to improve standard TLS (Transport Layer Security) has an optional client password security, educate users on how to resist phishing certificate authentication feature that in theory has significant attacks, and to fix CA trust issues [1], [2]. However, the attacks security advantages over HTML form-based password authenti- mentioned above can be prevented or their impact can be cation. In this paper we discuss practical security and usability greatly reduced by using TLS client certificate authentication issues related to TLS client certificate authentication stemming (CCA), since the TLS CCA on the TLS protocol level protects from the server-side and browser implementations. In particular, we analyze Apache’s mod_ssl implementation on the server the client’s account on a legitimate server from a MITM side and the most popular browsers – Mozilla Firefox, Google attacker even in the case of a very powerful attacker who has Chrome and Microsoft Internet Explorer on the client side. We obtained a valid certificate signed by a trusted CA and who complement our paper with a measurement study performed in thus is able to impersonate the legitimate server. We believe Estonia where TLS client certificate authentication is widely used. that TLS CCA has great potential for improving Internet We present our recommendations to improve the security and security, and therefore in this paper we discuss current issues usability of TLS client certificate authentication.
    [Show full text]
  • How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication
    How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication Radhesh Krishnan Konothy, Victor van der Veeny, and Herbert Bos yEqual contribution joint first authors VU University Amsterdam, The Netherlands r:k:konoth@vu:nl;{vvdveen;herbertb}@cs:vu:nl Abstract. Exponential growth in smartphone usage combined with re- cent advances in mobile technology is causing a shift in (mobile) app behavior: application vendors no longer restrict their apps to a single platform, but rather add synchronization options that allow users to conveniently switch from mobile to PC or vice versa in order to access their services. This process of integrating apps among multiple platforms essentially removes the gap between them. Current, state of the art, mo- bile phone-based two-factor authentication (2FA) mechanisms, however, heavily rely on the existence of such separation. They are used in a vari- ety of segments (such as consumer online banking services or enterprise secure remote access) to protect against malware. For example, with 2FA in place, attackers should no longer be able to use their PC-based malware to instantiate fraudulent banking transactions. In this paper, we analyze the security implications of diminishing gaps between platforms and show that the ongoing integration and desire for increased usability results in violation of key principles for mobile phone 2FA. As a result, we identify a new class of vulnerabilities dubbed 2FA synchronization vulnerabilities. To support our findings, we present practical attacks against Android and iOS that illustrate how a Man- in-the-Browser attack can be elevated to intercept One-Time Passwords sent to the mobile phone and thus bypass the chain of 2FA mechanisms as used by many financial services.
    [Show full text]
  • Webdriver: Controlling Your Web Browser
    WebDriver: Controlling your Web Browser Erlang User Conference 2013 Hans Svensson, Quviq AB [email protected] First, a confession... I have a confession to make... I have built a web system! In PHP! ... and it was painfully mundane to test It is all forgotten and forgiven... It was back in 2003! First DEMO DEMO A bit of history Proving program Erlang correctness Reality – a constant issue PhD Testing is studentPhD necessary A bit of history Proving program Erlang correctness Reality – a constant issue PhD Testing is studentPhD necessary • We like to write our properties in QuickCheck • How can we control ‘a browser’ from Erlang? • Doing it all from scratch seems hard, unnecessary, stupid, ... Selenium “Selenium automates browsers. That's it. What you do with that power is entirely up to you. Primarily it is for automating web applications for testing purposes, but is certainly not limited to just that. Boring web-based administration tasks can (and should!) also be automated as well.” Selenium • Basically you can create and run scripts • Supported by a wide range of browsers and operating systems • Run tests in: Chrome, IE, Opera, Firefox, and partial support also for other browsers. • Runs on: Windows, OS X, Linux, Solaris, and others. • Script recording using Selenium IDE (Firefox plugin). • Language support for: C#, Java, Python, Ruby, and partial support for Perl and PHP. • Widely used to create Unit-tests and regression testing suites for web services. Selenium 2 - WebDriver • In version 2, Selenium introduced the WebDriver API • Via WebDriver it is possible to drive the browser natively • The browser can be local or remote – possible to use a grid test • It is a compact Object Oriented API • Supports Chrome, Firefox, HtmlUnit, Opera, IE, and IPhone and Android • Languages implementing driver: C#, Java, Python, and Ruby.
    [Show full text]