Test Web applications using Selenium Outline q

Test Web applications using Selenium

Outline q Uniqueness of web app testing Q Q Heterogonous system Dynamic pages Performance testing Security testing q Selenium Web. Driver

Web application architecture q Heterogeneous system Q Front end v Browser: IE, Firefox, Chrome, Safari… Q Server side v Application Server v Database Server v File System v ……

Heterogeneous system q Front end Q HTML, Java. Script, Adobe Flash…… HTML Java. Script Source behind Page in Browser

Uniqueness 1: Heterogeneous system q Server side Q Can be written in PHP, Java, C#. . . Q Communicate with Database server in SQL PHP Script PHP SQL HTML SQL

Heterogeneous System q Need to test all sub-components Q Anything could go wrong… q However, only front end is accessible for testing Q Can not directly test the Server code and SQL Q Have to drive the test execution v Frontend n HTML: Malformed HTML page? n Java. Script: Runtime Errors? (demo) v Server script n PHP, Java…: Runtime Errors? (demo) n SQL: Malformed SQL query string? (demo)

Test from the front end q Pros Q Hide the complexity of the backend Q Uniform interface Q Can use a robot to automate test execution q Cons Q The front end is not trustable v Crafted malicious requests

Selenium q A tool set that automates web app testing across platforms q Can simulate user interactions in browser q Two components Q Selenium IDE Q Selenium Web. Driver (aka. Selenium 2)

Selenium IDE q Firefox extension q Easy record and replay q Debug and set breakpoints q Save tests in HTML, Web. Driver and other formats.

Selenium IDE test cases q Selenium saves all information in an HTML table format q Each record consists of: Q Command – tells Selenium what to do (e. g. “open”, “type”, “click”, “verify. Text”) Q Target – tells Selenium which HTML element a command refers to (e. g. textbox, header, table) Q Value – used for any command that might need a value of some kind (e. g. type something into a textbox)

How to record/replay with Selenium IDE 1. Start recording in Selenium IDE 2. Execute scenario on running web application 3. Stop recording in Selenium IDE 4. Verify / Add assertions 5. Replay the test. Selenium IDE Demo……

Bad things of testing from the front end q The front end is not trustable Q Front end code can be accessed by anybody Q Malicious users can infer the input parameters Q Crafted requests! q Demo Q Front end limits the length of the input values Q Front end limits the content of the input values Q Front end limits the combination of the input values

Uniqueness 2: Dynamic pages q Client page could be dynamic Q Q It can change itself at runtime HTML can be modified by Java. Script can modify itself Demo q Server script could be dynamic Q Client pages are constructed at runtime Q The same server script can produce completely different client pages Q Demo v School. Mate

Uniqueness 3: Performance q Performance is crucial to the success of a web app Q Recall the experience to register for a class in the first days of the semester… q Performance testing evaluates system performance under normal and heavy usage Q Volume testing v For expected concurrent number of users Q Stress testing v To understand the upper limits of capacity q Performance testing can be automated

Uniqueness 4: Security q Web app usually deals with sensitive info, e. g. Q Credit card number Q SSN Q Billing / Shipping address q Security is the biggest concern q Security testing should simulate possible attacks

Uniqueness 4: Security q SQL Injection Q The untrusted input is used to construct dynamic SQL queries. Q E. g, update my own password $str = "UPDATE users SET password = ” “. $_POST['new. Pass’]. “” WHERE username =”“. $_POST['username']. “””; mysql_query( $str ); $_POST['new. Pass’] = pass, $_POST['username'] = me PHP Script Normal Case Query String: UPDATE users SET password = “pass” WHERE username =“me” $_POST['new. Pass’] = pass, $_POST['username'] = “ OR 1=1 -- Attack Query String: UPDATE users SET password = “pass” WHERE username =“” OR 1=1 --”

Uniqueness 4: Security q Cross Site Scripting (XSS) Q The untrusted input is used to construct dynamic HTML pages. Q The malicious JS injected executes in victim’s browser Q The malicious JS can steal sensitive info Q Demo q Solution: Never trust user inputs q Design test cases to simulate attacks

Outline q Uniqueness of web app testing Q Q Heterogonous system Dynamic pages Performance testing Security testing q Selenium Web. Driver

Selenium Web. Driver (Selenium 2) q Selenium-Web. Driver Q Write a program to control the test execution of a web app Q More flexible and powerful than IDE q Selenium-Web. Driver supports multiple browsers in multiple platforms Q Q Q Q Google Chrome 12. 0. 712. 0+ Internet Explorer 6+ Firefox 3. 0+ Opera 11. 5+ Android – 2. 3+ for phones and tablets i. OS 3+ for phones i. OS 3. 2+ for tablets

Selenium Web. Driver q Web. Driver is designed to providing a simpler and uniform programming interface Q Same Web. Driver script runs for different platforms q Support multiple programming languages: Q Java, C#, Python, Ruby, PHP, Perl… q It’s efficient Q Web. Driver leverages each browser’s native support for automation.

How to use Selenium Web. Driver (1) Go to a page (2) Locate an element (3) Do something with that element . . . (i) Locate an element (i+1) Do something with that element (i+2) Verify / Assert the result

Demo: Verify page title public static void main( String[] args ) { // Create a new instance of the Firefox driver Web. Driver driver = new Firefox. Driver(); // (1) Go to a page driver. get("http: //www. google. com"); // (2) Locate an element Web. Element element = driver. find. Element(By. name("q")); // (3 -1) Enter something to search for element. send. Keys("Purdue Univeristy"); // (3 -2) Now submit the form. Web. Driver will find the form for us from the element. submit(); // (3 -3) Wait up to 10 seconds for a condition Web. Driver. Wait waiting = new Web. Driver. Wait(driver, 10); waiting. until( Expected. Conditions. presence. Of. Element. Located( By. id("pnnext") ) ); // (4) Check the title of the page if( driver. get. Title(). equals("purdue univeristy - Google Search") ) System. out. println("PASS"); else System. err. println("FAIL"); } //Close the browser driver. quit();

." src="https://present5.com/presentation/fbaa375e2ab163e24b911b7517b2267d/image-23.jpg" alt="How to locate an element q By id Q HTML: