The Power of Automation Testing in IT Security

November 18, 2016 | Views: 4143

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hello, Cybrarians!
As always, I’m grateful that I still get your support on my articles and I’m really glad that I’m part of this great community and platform.
As you may know, I’m writing different IT-SEC articles from time to time and will continue to share my experience with all of you.
Today I would like to discuss the Power of Automation Testing which is a really important mindset that is used in the whole IT Industry.

When you get into the world of IT in general, you will soon find out that your time is really precious and you will have a choice – to work hard or to work smart. However, If you choose to work smart , you will eventually be forced to think of a solution that will decrease your time at work rapidly and give you more performance, stable results, and less effort.

Let’s take an example: You have a client that gives you a link from his website and you need to test it from security exploits, broken-links, functions that don’t work properly, even the visual representation of the data etc… You don’t know how big is this website, you don’t know what technologies are used, how they work together in the background (but you don’t need to care about that for now) – but you know how everything should work when the user is using this site. There are lots of functionalities to be tested and you will probably spend many hours of repetitive and boring work. You can even get tired and miss something and some day your client will call you back and ask you why you have missed to check his bla bla bla…

The solution: Work with Automated testing instead of checking everything with a manual approach.

This type of job where you automate everything and you use tests which are specifically performed – is usually called (QA) Quality Assurance Testing, but the Pentesters also use a lot of Automation Testing in their jobs.

Now Let’s see what are the pros and cons of the Automation Testing versus The Manual Testing.

  • Automation Testing takes more time at the beginning (for development) but rapidly shortens the time spent in long-term. Test cases are performed flawlessly.
  • With Automation Testing you can repeat the same tests/scripts over and over or change them with minimum effort.
  • With Automation Testing you can be sure that the results are correct and nothing is missed if it’s included in the test cases.What can we do? What usually needs to be covered in one test case? We can:
  • Check Input fields (Validation).
  • Test functionalities if they are working.
  • Log what is happening, get a lot of organized information.
  • Click, type at Web elements and interact with them.
  • Take a screenshot when there is an issue.
  • Perform more tests in parallel or on remote machines.
  • Perform the same tests from multiple OS, Web Browsers, different versions.
  • Perform security scans and customize what they do to the application.
  • Read/Write data to the Database.
  • Make dynamic tests which are capable of adapting.
  • Almost everything that one user can make manually.

What tools are there? There are a lot of tools, but my suggestion would be to start with the following:

1. Selenium (WebDriver or IDE).

2. Telerik Test Studio.

3.TestComplete.

If you still have need to see a lot of useful tools, please navigate here and research more:
https://www.owasp.org/index.php/Appendix_A:_Testing_Tools
These All-In-One tools allow you to develop advanced test cases, in which you can “explain” the scenario of testing, and then the “driver” will perform it for you. If you have big projects and your automated tests are good, you will save a lot of time, a lot of effort after the development, and a lot of money from your company. Less money spent = More money for you!

I would suggest you go with Selenium Webdriver + TestNG (Junit) in Java because it’s well-documented, easy to use and open source.

I hope that you liked my article, Feel free to share and support my work.
Thank you, and have a nice day!

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
2 Comments
  1. Good one.. As an automation engineer working at a different domain, this is not just particularly rigid to security but generic to all domains moving into automation.. Only thing is, automation is not solution for everything. We have to be smart enough to decide what to automate and what not to. Because you are telling a system “what” to automate,it doesn’t know “what” to do when an unexpected scenario or an adverse event occurs. Nice article. 🙂

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel