Testing iOS Apps                        Graham Lee / @secboffinMonday, 25 March 13
Watch the video with slide                         synchronization on InfoQ.com!                      http://www.infoq.com...
Presented at QCon London                       www.qconlondon.comPurpose of QCon- to empower software development by facil...
Penetration                      Unit                                  Integration                                   Whole...
AgendaMonday, 25 March 13
Agenda                      • High-level overview of testing optionsMonday, 25 March 13
Agenda                      • High-level overview of testing options                      • Native iOS apps, with some bro...
Agenda                      • High-level overview of testing options                      • Native iOS apps, with some bro...
Agenda                      • High-level overview of testing options                      • Native iOS apps, with some bro...
Agenda                      • High-level overview of testing options                      • Native iOS apps, with some bro...
Unit Tests                      •   OCUnit built into                          Xcode                      •   Reasonable G...
Monday, 25 March 13
Monday, 25 March 13
@implementation StackOverflowCommunicatorTests   - (void)setUp {       communicator = [[InspectableStackOverflowCommunicat...
https://github.com/philSquared/Catch       “CATCH stands for C++ Automated Test Cases in Headers       and is a multi-para...
TEST_CASE("parser/API", "Design the public interface for the parser")             {                FZASourceParser *parser...
It’s not a “unit test”                            framework…                      • …it’s a framework for running tests   ...
Calabash                      • https://github.com/calabash/calabash-ios                      • http://calaba.sh          ...
$ calabash-       ios console       > query("label")       …           [0] {                      "rect" => {             ...
$ calabash-       ios console       > touch(query("label       marked:iPhone"))Monday, 25 March 13
Given I am on the Welcome Screen                      Then I choose the section iPhone                      And take pictu...
Monday, 25 March 13
Monday, 25 March 13
var target = UIATarget.localTarget();               var app = target.frontMostApp();               var window = app.mainWi...
Monday, 25 March 13
Monday, 25 March 13
var target = UIATarget.localTarget();           var app = target.frontMostApp();           var window = app.mainWindow(); ...
Testing app-bundled JSMonday, 25 March 13
Monday, 25 March 13
Monday, 25 March 13
Monday, 25 March 13
Monday, 25 March 13
Monday, 25 March 13
Monday, 25 March 13
–[UIWebView              stringByEvaluatingJavaScriptFromString:]Monday, 25 March 13
Monday, 25 March 13
https://www.owasp.org/index.php/                        IOS_Developer_Cheat_SheetMonday, 25 March 13
Testing iOS Apps                        Graham Lee / @secboffinMonday, 25 March 13
Upcoming SlideShare
Loading in...5
×

Testing iOS Apps

494

Published on

Video and slides synchronized, mp3 and slide download available at http://bit.ly/YUUZug.

Graham Lee discusses strategies and tools for testing iOS apps with a view to uncovering hidden security and usability issues. Filmed at qconlondon.com.

Graham Lee is a security consultant and contract developer, specializing in iOS and Mac OS X application development. He is the author of "Professional Cocoa Application Security", published by Wiley in 2010 and described as a "must read" by someone who isn't even related to him. Graham lives and works in Oxford, UK. Twitter: @iamleeg

Published in: Technology, Education
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
494
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Transcript of "Testing iOS Apps"

  1. 1. Testing iOS Apps Graham Lee / @secboffinMonday, 25 March 13
  2. 2. Watch the video with slide synchronization on InfoQ.com! http://www.infoq.com/presentations /testing-iOS InfoQ.com: News & Community Site• 750,000 unique visitors/month• Published in 4 languages (English, Chinese, Japanese and Brazilian Portuguese)• Post content from our QCon conferences• News 15-20 / week• Articles 3-4 / week• Presentations (videos) 12-15 / week• Interviews 2-3 / week• Books 1 / month
  3. 3. Presented at QCon London www.qconlondon.comPurpose of QCon- to empower software development by facilitating the spread ofknowledge and innovationStrategy - practitioner-driven conference designed for YOU: influencers ofchange and innovation in your teams- speakers and topics driving the evolution and innovation- connecting and catalyzing the influencers and innovatorsHighlights- attended by more than 12,000 delegates since 2007- held in 9 cities worldwide
  4. 4. Penetration Unit Integration Whole-app A lot to coverMonday, 25 March 13
  5. 5. AgendaMonday, 25 March 13
  6. 6. Agenda • High-level overview of testing optionsMonday, 25 March 13
  7. 7. Agenda • High-level overview of testing options • Native iOS apps, with some browser componentMonday, 25 March 13
  8. 8. Agenda • High-level overview of testing options • Native iOS apps, with some browser component • Unit testsMonday, 25 March 13
  9. 9. Agenda • High-level overview of testing options • Native iOS apps, with some browser component • Unit tests • Integration testsMonday, 25 March 13
  10. 10. Agenda • High-level overview of testing options • Native iOS apps, with some browser component • Unit tests • Integration tests • Penetration testsMonday, 25 March 13
  11. 11. Unit Tests • OCUnit built into Xcode • Reasonable GUI Integration as of v4 • Baroque and outdated syntaxMonday, 25 March 13
  12. 12. Monday, 25 March 13
  13. 13. Monday, 25 March 13
  14. 14. @implementation StackOverflowCommunicatorTests - (void)setUp { communicator = [[InspectableStackOverflowCommunicator alloc] init]; } - (void)tearDown { [communicator cancelAndDiscardURLConnection]; } - (void)testSearchingForQuestionsOnTopicCallsTopicAPI { [communicator searchForQuestionsWithTag: @"ios"]; STAssertEqualObjects([[communicator URLToFetch] absoluteString], @"http:// api.stackoverflow.com/1.1/search?tagged=ios&pagesize=20", @"Use the search API to find questions with a particular tag"); } @endMonday, 25 March 13
  15. 15. https://github.com/philSquared/Catch “CATCH stands for C++ Automated Test Cases in Headers and is a multi-paradigm automated test framework for C, C++ and Objective-C. It is implemented entirely in a set of headers, but is packaged up as a single header for extra convenience.”Monday, 25 March 13
  16. 16. TEST_CASE("parser/API", "Design the public interface for the parser") { FZASourceParser *parser = [FZASourceParser new]; SECTION("acceptableIO", "Accept unparsed, generate parsed targets") { TestBuildTarget *target = [TestBuildTarget new]; id <FZABuildTarget> output = nil; target.parsed = YES; CHECK_THROWS(output = [parser parse: target]); CHECK(output == nil); target.parsed = NO; CHECK_NOTHROW(output = [parser parse: target]); CHECK([output conformsToProtocol: @protocol(FZABuildTarget)]); CHECK([[output name] isEqualToString: [target name]]); CHECK([output isParsed] == YES); [target release]; } [parser release]; } TEST_CASE("parser/run", "Run through the test project and see what we find") { FZASourceParser *parser = [FZASourceParser new]; FZAXcodeProject *project = [[FZAXcodeProject alloc] initWithProjectFolder: @"TestProject.xcodeproj"]; id <FZABuildTarget>parsedTarget = [parser parse: [project targetAtIndex: 0]]; REQUIRE(parsedTarget != nil); CHECK([parsedTarget countOfFunctions] == 1); [project release]; [parser release]; }Monday, 25 March 13
  17. 17. It’s not a “unit test” framework… • …it’s a framework for running tests • …and for reporting test results • Integration tests, whole-app testsMonday, 25 March 13
  18. 18. Calabash • https://github.com/calabash/calabash-ios • http://calaba.sh • BDD-style spec format for tests • Automatic runner/reporterMonday, 25 March 13
  19. 19. $ calabash- ios console > query("label") … [0] { "rect" => { "center_y" => 261.5, "width" => 300, "center_x" => 160, "height" => 43, "x" => 10, "y" => 240 }, "frame" => { "width" => 300, "height" => 43, "x" => 10, "y" => 0 }, "description" => "<UILabel: 0x72f0920; frame = (10 0; 300 43); text = iPhone; clipsToBounds = YES; userInteractionEnabled = NO; layer = <CALayer: 0x72f09b0>>", "UIType" => "UIView", "class" => "UILabel" }, …Monday, 25 March 13
  20. 20. $ calabash- ios console > touch(query("label marked:iPhone"))Monday, 25 March 13
  21. 21. Given I am on the Welcome Screen Then I choose the section iPhone And take pictureThen "I choose the section $section" do |section| touch("view label text:#{section}")endMonday, 25 March 13
  22. 22. Monday, 25 March 13
  23. 23. Monday, 25 March 13
  24. 24. var target = UIATarget.localTarget(); var app = target.frontMostApp(); var window = app.mainWindow(); target.logElementTree();Monday, 25 March 13
  25. 25. Monday, 25 March 13
  26. 26. Monday, 25 March 13
  27. 27. var target = UIATarget.localTarget(); var app = target.frontMostApp(); var window = app.mainWindow(); var tableView = window.tableViews()[0]; var iPhoneCell = tableView.cells() ["iPhone"]; iPhoneCell.tap(); WWDC 2010 Session 306: Automating UI Testing with InstrumentsMonday, 25 March 13
  28. 28. Testing app-bundled JSMonday, 25 March 13
  29. 29. Monday, 25 March 13
  30. 30. Monday, 25 March 13
  31. 31. Monday, 25 March 13
  32. 32. Monday, 25 March 13
  33. 33. Monday, 25 March 13
  34. 34. Monday, 25 March 13
  35. 35. –[UIWebView stringByEvaluatingJavaScriptFromString:]Monday, 25 March 13
  36. 36. Monday, 25 March 13
  37. 37. https://www.owasp.org/index.php/ IOS_Developer_Cheat_SheetMonday, 25 March 13
  38. 38. Testing iOS Apps Graham Lee / @secboffinMonday, 25 March 13

×