thought process: SECURED AND PROTECTED WAY OF EXECUTING ANY SCRIPT

thought process: SECURED AND PROTECTED WAY OF EXECUTING ANY SCRIPT: "In many projects, it is very difficult to handle or maintain the interactional property of particular vendor when we go with scripts like VB..."

Hybrid Test Automation Framework

HTAF is a generic framework which will incorporate QTP 10.00 with SAP & other QTP supported application to produce more efficient and easy automation. Using HTAF, Test Modules, Test Suites and Test Cases can be created for individual tests. Framework front end (UI) is designed in such a way that graphical test cases can be created using the reusable components and the same can be used with the framework. Test results are provided accordingly for every hierarchy of test and on failure the snapshot is being attached to the test results for easy tracking. Automatic Bug reporting using bugzilla, SVN Integration for maintenance of different version of Test Cases are other highlights.

Web Services Automation Framework

In the present day the web services are extensively used but due to lack of well equipped tools the present day demand is not met. The web services are handled manually and the number of web users is increasing at a rapid rate. The present day developments and the solutions to the web service testing are not effective and require a breakthrough improvement to meet the demands. The present tools which are available in market only execute the request level and the response of SOAP service is manually performed which is error prone and requires a lot of time and human resource. The verification and validation of multiple responses are manual and thus to validate the multiple response it is very difficult leading to long delays. It is very difficult to manually handle large complex servers and the multiple servers which send and receive the requests and queries.

Performing the exact functional part verification is not easy and requires highly skilled and experienced human resource to handle it and even after meeting all the requirements the accuracy levels are low. Performance test include load test which is the number of requests a server can handle at a time and the behavior of the server when number of requests are higher then the threshold. The load test is important because the server may crash if the number of requests are more than the number of request that the server can handle. Hence finding the load and testing it for the worst is important. But with the present approach load test on multiple web service is not possible. The execution of integration test is not possible with multiple web service servers connected at a time. Clear cut projection of report is not possible for functional, performance and integration testing. Since there is great requirement of a robust effective testing framework, this area of work was chosen.

The Framework is based on SOAPUI which is a very important tool for Webservices testing. This tool is being widely used by users for testing the web services. SoapUI is the world's leading Functional Testing tool for SOA and Web Service testing.  SoapUI is a free and open source cross-platform Functional Testing solution. With the graphical interface, and enterprise-class features, SoapUI allows users to create and execute automated functional, regression, compliance, and load tests. In a single test environment, SoapUI provides complete test coverage - from SOAP and REST-based Web services, to JMS enterprise messaging layers, databases, Rich Internet Applications, and much more. Though SoapUI has a lot of functionalities and is user friendly an initial knowledge of SoapUI is required for working on SoapUI. This for many simple testing is not required for testers and the output is handled manually.

The SoapUI is based completely on xml parsing and thus the output is also shown in xml which is not a desired format of output for a large set of users. The Framework refers to the Soap classes and connects it to the server as in Soap.

SECURED AND PROTECTED WAY OF EXECUTING ANY SCRIPT

In many projects, it is very difficult to handle or maintain the interactional property of particular vendor when we go with scripts like VB, Perl, Python and Java classes. In this case, we are in situation where we need to secure the scripts and at the same it should share the library at run time. Here we considered and experimented some of the scripts like shell, Perl, python, java and visual basic scripts. In this project we were providing two different approaches for UNIX and WINDOWS environment.

In this project proposes a secured way of executing any scripts on Linux (Perl, python and shell scripts) .And for windows platform visual basic library scripts executed on QTP. In contrast windows has a very vulnerable mechanism of executing the scripts in a local host both client and server engine mechanism via secured named pipe channel.

First approach for windows platform, every time the client sends an authentication request to server .And user login transaction is happening with encrypted data exchanges via named pipe with AES algorithm 256 bit. Once authentication was success, the client will send the READY request to server .Server will share the shared location of decrypted library, which the client will upload or share it to the controller. The shared location was generated based on time tick value of the local system. And with in a fraction of seconds the libraries will be cleared from the defined location. To avoid malfunction script execution checksum were tracked in persisted encrypted database. Note – when deploying all the open script will be encrypted and provided in repository.

Second approach for Linux Environment, in this case all the scripts which resides in operating system are encrypted and kept. The single executable will collect the script and execute on the bash shell environment in silent mode and hits on file descriptor. In Linux environment, the bash descriptor access provided only to write and read mode were locked .If any hackers try to attack the Linux bash will not allow to reading the data from descriptor. In run time all the scripts will be decrypted and executed in kernel. To avoid the malfunction same logic of checksum tracking method used in persistent database. In case of Linux, the executable shouldn’t hold any double coated strings in functions of any language to avoid hack decompiling methods, we used unsigned long data type and in run time it will be converted in to string and passed as system calls. [For example, “strings “commands in Linux will decode the strings the binary file.]

  

Note: Named pipe could be replaced with socket communication.

CrossBrowser UI Automation using Computer Vision Algorithm

 Business firms in the areas of FMCG, Publications, Travel etc. run most of their business through their web sites.Thus branding through their portals and the end user comfort in using them is of utmost importance. They need to ensure that the visual consistency, alignment, positioning of various widgets, font face etc. across different browsers is maintained throughout.

 In such scenarios, cross browser UI testing plays a vital role in ensuring that there is no business loss due to browser incompatibility. This is mostly done manually where it becomes very challenging and time consuming to test the appearance details of WebPages at a pixel level especially for scenarios like image shape calibration, zooming and dynamic hyperlink checks.

  Since high amount of bandwidth is required, cross browser UI testing is usually done by a dedicated team of test professionals. As in other areas, automation can be one approach to enhance testability, however there is a dearth of tools capable of verifying the inconsistencies to the level that is required. For e.g., most of the existing tools take screenshots of the entire page making manual effort inevitable to pinpoint the exact error. We have not come across tools that directly help in identifying inconsistencies in font styles and character attributes, seamless streaming of video files, size and position of images. So are these tools really automating cross browser UI testing?

  This paper outlines an approach for automating the validation of web application widgets display across different browsers. The solution primarily involves leveraging on various image-processing libraries for optical character Recognition (OCR), image manipulation, pixel attribute identification, mouse action and dynamic hyperlink navigation checks to name a few.

Let us say the requirement is to verify that a company’s tagline is displayed in a specific font color, type and size in the homepage across all supported browser versions. We first identify the location of the text, its font style, character size, and pixel color. To find the location of text we take screenshots of the homepage and use OCR libraries like tessnet2, JOCR etc. to get the array of region coordinates corresponding to all texts in the page. Now we can match the string of the company tagline and get the corresponding co-ordinates of its location. Next, to identify the font type, size, and color, we use computer vision libraries like OpenCV, ImageJ etc. Input parameters would be the tagline region coordinates we got earlier. The computer vision functions that we need to use would depend on whether we want to get the attributes at character or at word level.

Let us consider another example where we want to locate the position of all hyperlinks on a page. This becomes very difficult using functional UI automation tools like QTP or Selenium if the web pages are rendered using technologies they do not support.

We know that the hyperlink will be underlined and its font color would change on mouse over. In this case we first identify the region co –ordinates corresponding to all the texts in the web page using OCR libraries. Then we move the mouse pointer over the co-ordinates corresponding to each word and check for changes in mouse pointer image. If we detect a change in, then we verify that the necessary changes are taking place in the text attributes if required. In this way, we can maintain an array of location co-ordinates of all hyperlinks and perform further actions for validation.

   Apart from UI validation, we can use this approach for functional testing as well in places where widely used functional test tools fail to identify the application widgets and navigate through them. We can use our own custom computer vision libraries as a plug-in to the frameworks developed over these tools, thereby improving testability of applications build using new or unsupported technologies.

As we know there is no single silver bullet for all challenges. Limitation in this approach include hit on performance due to pixel level operations like raster scanning of page regions , capturing progressive screenshots and video frame processing .Further research has to be done in this area to optimize the entire process.