Detalhes do Grupo Particular

Global Moderators

Forum wide moderators

  • Descrição:

    A vaga é para QA Sênior na Carenet Longevity, uma startup de saúde que recebeu aporte de um fundo de investimentos no começo deste ano. Temos um novo projeto, para monitoramento de dados e precisamos de um QA sênior para criação de cenários e automatização de testes.

    Requisitos:

    • Sólida experiência na área de Quality Assurance
    • Experiência com automatização de testes

    Desejável:

    • Experiência de automatização de testes em Javascript (mocha, chai, jest, frisby)
    • Experiência em ambiente com metodologia ágil (Scrum)

    Local: São Paulo/SP (Vila Olímpia)

    Favor encaminhar CV para [email protected]

    postado em Vagas
  • No último sábado, 9 de Fevereiro de 2019, rolou o primeiro bate-papo do grupo de mentoria do blog Talking About Testing, onde Alekson Fortes, Henrique de Souza e eu (Walmyr Filho), conversamos sobre DevOps baseado nos 3 caminhos descritos no livro “The DevOps Handbook: How to Create World‑Class Agility, Reliability, and Security in Technology Organizations“, … Continue lendo Bate-papo sobre DevOps – Grupo de mentoria Talking About Testing

    https://talkingabouttesting.com/2019/02/14/bate-papo-sobre-devops-grupo-de-mentoria-talking-about-testing/

    postado em Feed de Blogs e Posts
  • Se tu gostava do testlink, o test management vai servir como uma luva para vc… Pois lembra muito ele (Mas sem tantos problemas que ele tinha). Agora, se o projeto é ágil, vale ter casos de teste?

    postado em Geral
  • Q: What is the best fuzzer (automated software testing tool) to find 0-days? Why?

    A:

    0-day is a very broad statement.

    I tend to use the payload fuzzers in BurpSuite and OWasp Zap Proxy, but these require me to identify the target that I’m testing, and the appropriate data scope and range to fuzz.

    I suspect you might be more interested in application or file based fuzzers.

    Google have introduced a service for fuzzing applications.

    github.com/google/oss-fuzz

    There are many lists of fuzzers to read through.

    New tools are being created for this all the time and there is a constant flood of research on fuzzing:

    scholar.google.co.uk/scholar?hl=en&as_sdt=0%2C5&q=fuzzing&btnG=

    Since the fuzzers all work at different levels and on different technologies you have to be very specific in your research to make sure you don’t overload yourself with tools (with is all too easy to do in Security Testing)

    owasp.org/index.php/Fuzzing

    https://eviltester.com/blog/eviltester/quora/2019-02-13-what-best-fuzzer/

    postado em Feed de Blogs e Posts
  • I like to write little bots from the console to help with with application and game automation. But when the variables and objects I need are created from within anonymous functions I can’t get access. In this post I will explain how to access them.

    I’ve tried writing helper code to access the methods within objects and trawl through the DOM to find specifically named objects, and that can help with a large application where the objects are all public.

    But when the application is essentially one anonymous function kept alive by event handlers and timers, how do we access the objects.

    The short answer is:

    • set a breakpoint on the line of code that use the object
    • in the console when the breakpoint activates, create a new reference to the object from the window

    e.g. if there is a pacman object I want to access, then find a line that uses it, breakpoint the line, then from the console:

    window.pacman = pacman
    

    And I now have access to the private pacman object from the console when not in debug mode because the window now has a reference to it.

    Manual Step

    This requires a manual step before any of my automated bots can be used but if I write down what to ‘search for’ to find the line in the code then it is pretty easy to repeat.

    Security by private objects

    If we are relying on the objects being private and inaccessible due to the anonymous function then we really shouldn’t because if it is in our browser, the user can gain access to it.

    Always have protection on your server side to handle anything thrown at it.

    Opens Up New Options

    This opens up a bunch of new options for testing and automating modern JavaScript approaches for me.

    This can’t really be used for continuous integration automating or fully autonomous code injection since there is a manual step involved. But for automating tactically where the user is present, this opens up more possibilities.

    Want to see it in action?

    Using the simple open source Pacman clone from platzh1rsch.ch where all the code is wrapped and called from anonymous function. I show the steps and thought processes for gaining console access to the main game and pacman objects to allow me to write infinite life cheats.

    Watch on YouTube

    Where to learn more?

    I have some material covering this topic:

    https://eviltester.com/2019/02/hacking-javascript-private-variables.html

    postado em Feed de Blogs e Posts
  • No ano de 2019 a Escola Talking About Testing está fechando uma parceria com a organização Patas Dadas e 10% do valor pago por cada curso será doado à tal organização. A Patas Dadas tem a missão de resgatar animais em situação de abandono, proporcionando o atendimento veterinário necessário até estarem prontos para a adoção, buscando … Continue lendo Talking About Testing & Patas Dadas

    https://talkingabouttesting.com/2019/02/12/talking-about-testing-patas-dadas/

    postado em Feed de Blogs e Posts
  • Mais um post da série qualidade de código em teste de software Se você está chegando neste post agora e ainda não leu os conteúdos anteriores, recomendo começar por eles. Seguem os links: Escreva pequenas unidades de código Escreva simples unidades de código Agora se você já leu o primeiro e segundo post da série, vamos … Continue lendo Escreva código uma só vez

    https://talkingabouttesting.com/2019/02/11/escreva-codigo-uma-so-vez/

    postado em Feed de Blogs e Posts
  • Good pipelines are stable and can support frequent and small releases. When building the pipeline you need to include not only the build and unit tests part, but also the e2e tests and even the smoke tests and deploy to all the environments, so you have as minimun as human interation as possible, avoiding releases … Continue reading Automated tests in a CD/CI pipeline →

    https://azevedorafaela.com/2019/02/07/automated-tests-in-a-cd-ci-pipeline/

    postado em Feed de Blogs e Posts
  • One way I practice my Software Testing, improve my JavaScript programming and practice my automating is by ‘hacking’ JavaScript games.

    One of my bots scored 282010 on https://phoboslab.org/xtype/ This ‘bot’ is JavaScript code that runs from the Browser Dev Tools and plays the game.

    Image of high score bot achieved

    I have a video showing the bot in action below.

    To create this I have to learn to use the dev tool to inspect the Dom, and the running memory space, and read the JavaScript. All of this is modelling the application. A recon step that helps me with my Software Testing.

    As I recon the app I look at the network tab to see what files are loaded and what API calls are issued. This also informs my model. And makes me think about Injection and Manipulation points.

    Perhaps I can use a proxy to trap and amend those requests? Perhaps my proxy can respond with a different file or data automatically?

    These are thought process and skills that I can apply in my testing. I also learn more about HTTP, Dev tools and Proxies.

    When the game is running I have to observe its execution behaviour. I build a model of the software and its functionality. This informs my Software Testing. I have to build models of the application as I test and make decisions about what to target.

    To ‘hack’ the game, I have to inspect the objects which have been instantiated by the code. I can do this in the console by typing in the object names.

    Inspecting a game object in memory

    To learn what these objects are I have to read the game code. This improves my JavaScript because one of the best ways to learn to write code is to read code and try to understand what it does.

    I can use the Snippets view in Chrome Sources to write JavaScript. This is a built in mini JavaScript IDE in the browser.

    Writing code in the browser

    I can write simple code here to manipulate the game objects in memory to help me cheat and hack the game. I don’t need to learn a lot of JavaScript to do this, and most of the JavaScript you need is already in the game source itself.

    To write a ‘bot’… code that executes in its own thread periodically to do something, I use the ‘setInterval’ command. This is the fundamental key to writing JavaScript bots. e.g.

    var infiniteLivesBot = setInterval(infiniteLives,1000);
    

    The above line calls a function named infiniteLives every second. That infiniteLives function checks if my number of lives have decreased, and if so, increase them. e.g.

    function infiniteLives(){
        if(game.lives<3){
            game.lives=3;
        }
    }
    
    var infiniteLivesBot = setInterval(infiniteLives,1000);
    

    I can easily stop this bot using the clearInterval command.

    clearInterval(infiniteLivesBot);
    

    I can run that code from the snippets view, or paste it into the console, or convert it into a bookmarklet. Whatever is more convenient to help me when I want to hack the game. I do the same thing to support my testing e.g. setup data, delete data etc.

    This is a form of ‘tactical’ automating. It won’t scale, it doesn’t go into continuous integration. It supports me. It does a specific task. It automates part of my work. It is a good start to learning to automate more strategically.

    To automate xtype I had to learn how to trigger mouse events to initiate the firing functionality. I couldn’t remember how to do this. I copy and pasted a snippet of code from stackoverflow. All professional programmers do this.

    Part of learning programming is knowing where to find a general answer. Knowing which part of the answer to isolate. Then having the confidence to bring that into your code and experiment with it.

    As I do this, I learn more JavaScript. Which allows me to write scripts in other tools e.g. Postman. And I can inject code into applications e.g. using WebDriver JavaScriptExecutor. The more I practice, the more options I open up.

    I take the knowledge and then write small utilities or applications to help me. I write a lot of small JavaScript utilities to help me with data extract activities and reformatting of data from Web applications.

    I extended my knowledge by writing JavaScript applications and games which I bundled into:

    If you want to experiment with simple games manipulation and hacking then the games in this app are designed for that purpose.

    Doing this also has a knock on effect on how I view web applications. The GUI is no longer a trusted client. The GUI can be manipulated by the user. The messages it sends to the server can be manipulated by the user. The server needs to be robust.

    This helps my Software Testing. I have to go deeper when I test. And by practicing I develop the skills to go deeper when I test. I can recognise when requirements need to be tested more deeply than they state on the surface.

    This helps my programming. I am very aware that the server needs to validate and approach the input data with caution.

    This is one way that I practice my Software Testing, JavaScript programming and automating. The benefit to me has been enormous. I recommend this, or adapt the ideas and create your own practice path.

    I cover many of the skills to do this in my online Technical Web Testing 101 course https://www.eviltester.com/page/onlinetraining/techwebtesting101/

    Free Video Discussing This Topic

    Watch on YouTube

    Want to see my XType bot in action?

    This was a hard bot to write Xtype is a bullet hell shooter which are challenging to play, let alone automate - and no, I’m not going to show you the code for the bot.

    But this is not my first bot.

    I’ve written bots to play z-type, Cookie Clicker, 3D Monster Maze

    I like these games because they are all well written, I can read the code to improve my programming, and they are fun to play.

    Many of my bots are not full playing bots like the x-type bot. They are support tools. And when I started to automate x-type I started with support tools:

    • an infinite lives hack
    • an auto-aimer so that I didn’t have to keep track of the boss while I was controlling the player
    • I added auto firing to the auto-aiming so I only had to concentrate on moving the player
    • I combined all three and had a bot that could play the game, although it was cheating with infinite lives.
    • only then did I approach the autonomous playing of the game

    For 3D Monster Maze I only wrote support tools:

    • a heads up display so that a map of the screen was rendered on screen as I played showing me the position of Rex to help me avoid him, and showing me where the exit was
    • a trap for Rex, so that if he entered it he couldn’t move
    • a chain for Rex so that he never moved from his starting point
    • armour so that if Rex caught me, he couldn’t kill me

    For many games I try to think how to add extra features to make the game more interesting. I don’t have the skill or patience to write games like these, but I do have the skill and motivation to ‘augment’ them for my learning.

    This is analogous to writing ‘tools’ to support our testing, or making applications more ‘testable’.

    Note: my games github.com/eviltester/TestingApp are not well written, but they are very easy to understand and hack.

    Watch on YouTube

    https://eviltester.com/2019/02/practice-javascript-software-testing-automation.html

    postado em Feed de Blogs e Posts
  • Quick tips for pretty printing JSON in the Browser.

    All examples in this post use the swapi.co API

    Where do you find JSON?

    In the network tab, I will very often be observing network traffic, and I’ll want to interrogate the message to view it more easily.

    So I copy and paste it from the network tab.

    showing json in the network tab

    I could use an online tool to format it and view it:

    Or I could use the browser itself.

    Paste the JSON into the console

    Pasting the Json into the console will show an interactive view where I can expand and contract the outline and view the JSON.

    showing json in the console

    Pretty Print it using JavaScript

    JavaScript has a built in JSON class and I can use the stringify method to pretty print an object as JSON to the console.

    So I first create an object from the JSON:

    bob={"name":"Luke Skywalker"}
    

    Then I can pretty print the JSON (4 is the indentation level):

    JSON.stringify(bob, null, 4)
    

    e.g

    "{
        "name": "Luke Skywalker",
        "height": "172",
        "mass": "77",
        "hair_color": "blond",
        "skin_color": "fair",
        "eye_color": "blue",
        "birth_year": "19BBY",
        "gender": "male",
        "homeworld": "https://swapi.co/api/planets/1/",
        "films": [
            "https://swapi.co/api/films/2/",
            "https://swapi.co/api/films/6/",
            "https://swapi.co/api/films/3/",
            "https://swapi.co/api/films/1/",
            "https://swapi.co/api/films/7/"
        ],
        "species": [
            "https://swapi.co/api/species/1/"
        ],
        "vehicles": [
            "https://swapi.co/api/vehicles/14/",
            "https://swapi.co/api/vehicles/30/"
        ],
        "starships": [
            "https://swapi.co/api/starships/12/",
            "https://swapi.co/api/starships/22/"
        ],
        "created": "2014-12-09T13:50:51.644000Z",
        "edited": "2014-12-20T21:17:56.891000Z",
        "url": "https://swapi.co/api/people/1/"
    }"
    

    how to use JSON stringify

    Free Video Showing How to Pretty Print JSON

    Watch on YouTube

    https://eviltester.com/2019/02/pretty-print-json-using-dev-tools.html

    postado em Feed de Blogs e Posts