Web services testing *

Hello everyone! We've already talked in our blog about how the Positive Hack Days 11 forum had a special Payment Village zone, where anyone could look for vulnerabilities in an online bank, ATMs, and POS terminals. Our competition to find vulnerabilities in an online bank is not new, but in recent years it has been somewhat supplanted by ethical hacking activities for other financial systems. In 2022, we decided to correct this injustice and created a new banking platform, making use of all our years of experience. We asked the participants to find typical banking vulnerabilities and report them to us. In the competition, the participants could play for either the "white hats" (participate in the bug bounty program of an online bank) or for the "black hats" (try to steal as much money from the bank as possible).

Hello everyone, my name is Denis, I am Software Developer Engineer in Test (SDET) at Bimeister. I am in charge of test software development - frameworks, automated tests, CI Pipelines configuration, and much more.

In this article, I will tell you how we defeated the Stale Element Reference Exception while developing our framework using Selenium WebDriver and C#.

The common combination of JUnit5, Selenide and Allure has proven to be stable and reliable for autotesting. The remaining issue, however, lies in test length increase up until the rise of overall test numbers. The resulting video files turn out to be over an hour. Alexander Kochergin, Lead engineer at Innotech, has found a way to simplify the process.

Testing is one of the key processes in development. However, without analysis it is tough to say how effective testers really are. Innotech’s lead tester-engineer Pavel Petrov shared a number of metrics that are being used in project work.

Some time ago we discussed how to easy and fast setup 2FA using Google Authenticator API. In this article we describe how to make this working using Microsoft Authenticator app!

A website with bugs could be a real pain in the neck for business. Just one 404 or 500 error could end up costing an obscene amount of money for the company and hurt a good reputation. But there is a way to avoid this issue: the website testing. That's sort of what this article is about. After reading this article, you will learn how to test code in Django, create your "own website tester" and much more. Welcome to the article.

Comparing PHP-FPM, NGINX Unit, and Laravel Octane - what to choose for developing microservices.

Test automation, with product built in microservice architecture could be very situational in context of testing goals and ways to achieve them. You got an easy life if you testing a service, that is an isolated entity, which is receiving some data and providing a result of it's work in a response, by callback or through additional endpoint. In this case all you need to do is cover all the endpoints of the service, and probably learn to catch it's callbacks. However, it's not the only case. Sometimes you need to test service which isn't totally isolated, but a part of a chain of interactions. This service could send some data to other services within your infrastructure or even to third parties. This time you got plenty of additional things to bother of:

I have already written about AIOps and machine learning methods in working with IT incidents, about hybrid umbrella monitoring and various approaches to service management. Now I would like to share a very specific algorithm, how one can quickly get information about functioning conditions of business applications using synthetic monitoring and how to build, on this basis, the health metric of business services at no special cost. The story is based on a real case of implementing the algorithm into the IT system of one of the airlines.

Currently there are many APM systems, such as Appdynamics, Dynatrace, and others, having a UX control module inside that uses synthetic checks. And if the task is to learn about failures quicker than customers, I will tell you why all these APM systems are not needed. Also, nowadays health metrics are a fashionable feature of APM and I will show how you can build them without APM. 

Nowadays a lot of product managers have to confirm most of their decisions with AB-tests. Yet, it is far not always clear how to choose the parameters for the test. A particularly difficult parameter to tune is often the level of statistical significance. If we choose too high level - tests will fail even though improvements do exist. If we choose too low level - we'll be getting lots of "confirmations" of false improvements.

When we make decisions based on AB-tests, once in a while we'll be making mistakes. We can limit the losses caused by such mistakes by choosing the appropriate level of statistical significance.

Development in its pure form is not only writing code, but also a number of manipulations that are necessary for its correct and timely work. Testing in development takes the lion's share of both time and resources, but proper testing will bring only time savings and the best result for the client.

Recently I had to add python3.8 for our Python linter (the strictest one in existence): wemake-python-styleguide. And during this straight-forward (at first look) task, I have found several problems with test coverage that were not solved in Python community at all.

Let's dig into it.

The explosion of open source and issues related to it

Description

• The SOAP message path model,
• Full-duplex, one-way message patterns,
• Full-duplex, request-response message patterns, and
• Message correlation.

Disclaimer: This is a translation of an article. All rights belongs to author of original article and Miro company.

I'm a QA Engineer in Miro. Let me tell about our experiment of transferring partially testing tasks to developers and of transforming Test Engineer role into QA (Quality assurance).

First briefly about our development process. We have daily releases for client side and 3 to 5 weekly releases of server side. Team have 60+ people spitted onto 10 Functional Scrum Teams.

I'm working in Integration team. Our tasks are:

• Integration of our service into external products
• Integration of external products into our service
  For example we have integrated Jira. Jira Cards — visual representation of tasks so it's useful to work with tasks not opening Jira at all.
  
  

How the experiment starts

All starts with trivial issue. When someone of Test Engineers had sick leave then team performance was degraded significantly. Team was continued working on tasks. However when code was reached testing phase task was hold on. As a result new functionality didn't reach production in time.

Going onto vacation by Test Engineer is a more complex story. He/she needs to find another Test Engineer who ready to take extra tasks and conduct knowledge sharing. Going onto vacation by two Test Engineers at the sane time is not an applicable luxury.

Issue

Example

const decoded = jwt.verify(
   token,
   publickRSAKey,
   { algorithms: ['HS256'  , 'RS256'] }          //accepted both algorithms 
)

//header 
{
alg: 'RS256'                         =>  'HS256'
}
//payload
{
sub: '123',
name: 'Oleh Khomiak',
admin: 'false'                       => 'true'
}