SlideShare a Scribd company logo

QA Fest 2018. Michał Buczko. Automated Security Scanning in Payment Industry

Q
QAFest

Our QA world is focused on two topics: Automation and Cybersecurity. This case study shows how you can combine them successfully, by enhancing your automation with security scanning. We will use WebDriver and OWASP ZAProxy as our examples. Even with low investment and entry knowledge you can start playing with tools like automated scanners. We will show case study how to get fast benefits from combining them with Selenium test automation. See how to reuse your existing automation to get additional security scan results with almost minimum effort. With that You can easily enter software security world with minimum investment.

Education
1 of 32
Automated Security Scanning in Payment Industry t WITH PASSION TO QUALITY Michał Buczko QA CONFERENCE #1 IN UKRAINE, KYIV 2018
Test Consultant Public Speaker Security enthusiast t WITH PASSION TO QUALITY KYIV 2018 About me:
1.) Why security? 2.) How hard it is to start? 3.) How to run automated scanners? 4.) Required investments? 5.) Main benefits? 6.) Alternative options.. t WITH PASSION TO QUALITY KYIV 2018 Agenda:
Why security is important? Why Your team should focus around this topic inside project or product delivery?
Data integrity and management People give out their private data Economnic impact of cybersecurity attacks is significant IoT and digitalization of daily life
Biggest challenges with starting security testing?
Domain klowledge if huge and We don’t have expirience Experts are expensive It costs a lot of time and money to start security testing
Automated security scanners Step by step guide how to enable security scanning inside Your existing test automation
Automated functional test i.e. Webdriver Security intercepting proxy i.e. OWASP ZAProxy Effective integration
OWASP ZAP  open-source web application security scanner  fully internationalized into over 25 languages  Used as a proxy server, it allows the user to manipulate all of the traffic that passes through it, including traffic using https.  Cross-platform tool written in Java  Some of the built in features include:  Intercepting proxy server,  Automated scanner,  Passive scanner,  It has a plugin-based architecture and an online ‘marketplace’.
UI and Report examples
Sounds easy but how to start? Where are the main investments in such solutions?
How to enable scanner in my automation? How to decode and test HTTPS traffic? What is the impact on project schedule?
Driver with proxy Selenium 2.0 The simple way to:  Set a manual proxy  Accept all SSL Certs  Run browser with proxy on all popups
Driver with Proxy Selenium 3.0 The simple way to:  Set a manual proxy  Accept all SSL Certs  Run browser with proxy on all popups
ZAP SSL certificate in Firefox  Open up OWASP ZAP  go to Tools -> Options  In the Certificates section, click on Generate  Save the certificate in some location  Navigate to the Preferences of your browser  Click on the Advanced tab, navigate to the Certificates tab and click on View Certificates  Select the Authorities tab and click on Import and choose the OWASP ZAP Root Certificate  Check all the boxes  Browse sites with HTTPS enabled. You're no longer prompted with the SSL Security Exception Error message.
ZAP SSL certificate in Firefox  Open up OWASP ZAP  go to Tools -> Options  In the Certificates section, click on Generate  Save the certificate in some location  Navigate to the Preferences of your browser  Click on the Advanced tab, navigate to the Certificates tab and click on View Certificates  Select the Authorities tab and click on Import and choose the OWASP ZAP Root Certificate  Check all the boxes  Browse sites with HTTPS enabled. You're no longer prompted with the SSL Security Exception Error message.
ZAP SSL certificate in Firefox  Open up OWASP ZAP  go to Tools -> Options  In the Certificates section, click on Generate  Save the certificate in some location  Navigate to the Preferences of your browser  Click on the Advanced tab, navigate to the Certificates tab and click on View Certificates  Select the Authorities tab and click on Import and choose the OWASP ZAP Root Certificate  Check all the boxes  Browse sites with HTTPS enabled. You're no longer prompted with the SSL Security Exception Error message.
ZAP SSL certificate in Firefox  Open up OWASP ZAP  go to Tools -> Options  In the Certificates section, click on Generate  Save the certificate in some location  Navigate to the Preferences of your browser  Click on the Advanced tab, navigate to the Certificates tab and click on View Certificates  Select the Authorities tab and click on Import and choose the OWASP ZAP Root Certificate  Check all the boxes  Browse sites with HTTPS enabled. You're no longer prompted with the SSL Security Exception Error message.
ZAP SSL certificate in Firefox  Open up OWASP ZAP  go to Tools -> Options  In the Certificates section, click on Generate  Save the certificate in some location  Navigate to the Preferences of your browser  Click on the Advanced tab, navigate to the Certificates tab and click on View Certificates  Select the Authorities tab and click on Import and choose the OWASP ZAP Root Certificate  Check all the boxes  Browse sites with HTTPS enabled. You're no longer prompted with the SSL Security Exception Error message.
ZAP SSL certificate in Firefox  Open up OWASP ZAP  go to Tools -> Options  In the Certificates section, click on Generate  Save the certificate in some location  Navigate to the Preferences of your browser  Click on the Advanced tab, navigate to the Certificates tab and click on View Certificates  Select the Authorities tab and click on Import and choose the OWASP ZAP Root Certificate  Check all the boxes  Browse sites with HTTPS enabled. You're no longer prompted with the SSL Security Exception Error message.
ZAP SSL certificate in Firefox  Open up OWASP ZAP  go to Tools -> Options  In the Certificates section, click on Generate  Save the certificate in some location  Navigate to the Preferences of your browser  Click on the Advanced tab, navigate to the Certificates tab and click on View Certificates  Select the Authorities tab and click on Import and choose the OWASP ZAP Root Certificate  Check all the boxes  Browse sites with HTTPS enabled. You're no longer prompted with the SSL Security Exception Error message.
How much does it cost? • Webdriver - FREE • ZAProxy - FREE • YES, and.. • Investigation time • Project interruption • Learning attitude required
What can I get from this? What is the benefit for my: • Team • Project • Product • Company
Easy start with building image about security of your system Starting point for learning, excercising, upskilling anyone interested in security Security related pipeline inside Your CI/CD systems without investing in additional costly licences
How to maximize the benefits?
Does any alternatives exist? How to enable simillar results via other market available solutions?
Features • Multiple integrated tools and solutions • Free to use and adapt to Your needs • Constant developement make by Objectivity Risks • Require technical knowledge to start integration • Its a tool-set to re-use not box solution Benefits • Freedom of usage and adaptation • Open-source • Not limited by technology stack or business objective Objectivity Test Framework
Features • Open source on github • BDD test enhancement without technical skills requirement • CI integrated Risks • BDD tests are not easily owned inside organizations • Another layer on top of tool-set i.e. ZAP • No proven market value I heard Benefits • BDD in good setup can work very well • Few alternative routes to use • Less technical requirements to enable such solutions F-Secure Mittn BDD Security
Features • Standalone scanning solution • Do not require technical knowledge • Push URL and wait for results Risks • No control over the scanning scope • Not cheap solution – costly licences • Sometimes to big for the problem Benefits • Easy to understand visualisation • Well documented results • Catalog feature, if applied on multiple projects Qualys Web Scanner
Тема доклада Тема доклада Тема доклада WITH PASSION TO QUALITY KYIV 2018 Any questions? QA CONFERENCE #1 IN UKRAINE KYIV 2018 Thanks !!
Тема доклада Тема доклада Тема доклада KYIV 2018 WITH PASSION TO QUALITY QA CONFERENCE #1 IN UKRAINE

Recommended

IBM Robotic Process Automation Fundamentals
IBM Robotic Process Automation FundamentalsIBM Robotic Process Automation Fundamentals
IBM Robotic Process Automation Fundamentals
Winton Winton
 
The OWASP Top 10 Most Critical Web App Security Risks - TdT@Cluj #20
The OWASP Top 10 Most Critical Web App Security Risks - TdT@Cluj #20The OWASP Top 10 Most Critical Web App Security Risks - TdT@Cluj #20
The OWASP Top 10 Most Critical Web App Security Risks - TdT@Cluj #20
Tabăra de Testare
 
installing-and-setting-up-your-zap-environment-slides.pdf
installing-and-setting-up-your-zap-environment-slides.pdfinstalling-and-setting-up-your-zap-environment-slides.pdf
installing-and-setting-up-your-zap-environment-slides.pdf
Marcelo Cunha
 
Security Testing using ZAP in SFDC
Security Testing using ZAP in SFDCSecurity Testing using ZAP in SFDC
Security Testing using ZAP in SFDC
Thinqloud
 
Web testing with Selenium
Web testing with SeleniumWeb testing with Selenium
Web testing with Selenium
XBOSoft
 
SSL Impersonation in 5 minutes or less!
SSL Impersonation in 5 minutes or less!SSL Impersonation in 5 minutes or less!
SSL Impersonation in 5 minutes or less!
Chris John Riley
 
How to Install SSL on WordPress.pdf
How to Install SSL on WordPress.pdfHow to Install SSL on WordPress.pdf
How to Install SSL on WordPress.pdf
Host It Smart
 
Continuous Delivery
Continuous DeliveryContinuous Delivery
Continuous Delivery
Vishal Sahasrabuddhe
 

Recommended

IBM Robotic Process Automation Fundamentals
IBM Robotic Process Automation FundamentalsIBM Robotic Process Automation Fundamentals
IBM Robotic Process Automation Fundamentals
Winton Winton
 
The OWASP Top 10 Most Critical Web App Security Risks - TdT@Cluj #20
The OWASP Top 10 Most Critical Web App Security Risks - TdT@Cluj #20The OWASP Top 10 Most Critical Web App Security Risks - TdT@Cluj #20
The OWASP Top 10 Most Critical Web App Security Risks - TdT@Cluj #20
Tabăra de Testare
 
installing-and-setting-up-your-zap-environment-slides.pdf
installing-and-setting-up-your-zap-environment-slides.pdfinstalling-and-setting-up-your-zap-environment-slides.pdf
installing-and-setting-up-your-zap-environment-slides.pdf
Marcelo Cunha
 
Security Testing using ZAP in SFDC
Security Testing using ZAP in SFDCSecurity Testing using ZAP in SFDC
Security Testing using ZAP in SFDC
Thinqloud
 
Web testing with Selenium
Web testing with SeleniumWeb testing with Selenium
Web testing with Selenium
XBOSoft
 
SSL Impersonation in 5 minutes or less!
SSL Impersonation in 5 minutes or less!SSL Impersonation in 5 minutes or less!
SSL Impersonation in 5 minutes or less!
Chris John Riley
 
How to Install SSL on WordPress.pdf
How to Install SSL on WordPress.pdfHow to Install SSL on WordPress.pdf
How to Install SSL on WordPress.pdf
Host It Smart
 
Continuous Delivery
Continuous DeliveryContinuous Delivery
Continuous Delivery
Vishal Sahasrabuddhe
 
Tech t18
Tech t18Tech t18
Tech t18
SelectedPresentations
 
Continuous delivery is more than dev ops
Continuous delivery is more than dev opsContinuous delivery is more than dev ops
Continuous delivery is more than dev ops
Agile Montréal
 
Stamp Out Agile and DevOps Bottlenecks
Stamp Out Agile and DevOps BottlenecksStamp Out Agile and DevOps Bottlenecks
Stamp Out Agile and DevOps Bottlenecks
TechWell
 
Dapp
DappDapp
Dapp
ShubhamKumar2038
 
TOP FEATURES OF CertiDApp
TOP FEATURES OF CertiDAppTOP FEATURES OF CertiDApp
TOP FEATURES OF CertiDApp
Varun Khandelwal
 
Alternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebAlternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure Web
CASCouncil
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know it
Security BSides London
 
Software testing proposal for the software comppany .pptx
Software testing proposal for the software comppany .pptxSoftware testing proposal for the software comppany .pptx
Software testing proposal for the software comppany .pptx
MeseAK
 
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
Peter LaFond
 
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfLearn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
ReliqusConsulting
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps World
Shannon Lietz
 
Getting Started with Sitelock on ResellerClub
Getting Started with Sitelock on ResellerClubGetting Started with Sitelock on ResellerClub
Getting Started with Sitelock on ResellerClub
ResellerClub
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
CloudIDSummit
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
CloudIDSummit
 
QA metrics in Agile (GUIDE)
QA metrics in Agile (GUIDE)QA metrics in Agile (GUIDE)
QA metrics in Agile (GUIDE)
Vladimir Primakov (Volodymyr Prymakov)
 
Enterprise-Grade DevOps Solutions for a Start Up Budget
Enterprise-Grade DevOps Solutions for a Start Up BudgetEnterprise-Grade DevOps Solutions for a Start Up Budget
Enterprise-Grade DevOps Solutions for a Start Up Budget
DevOps.com
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET Core
NETUserGroupBern
 
Adwebtech ssl presentation_beyond_https
Adwebtech ssl presentation_beyond_httpsAdwebtech ssl presentation_beyond_https
Adwebtech ssl presentation_beyond_https
Anju Gigoo
 
Build and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityBuild and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of Mediocrity
T.Rob Wyatt
 
Security testing
Security testingSecurity testing
Security testing
Rihab Chebbah
 
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилинQA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QAFest
 
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The FutureQA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
QAFest
 

More Related Content

Similar to QA Fest 2018. Michał Buczko. Automated Security Scanning in Payment Industry

Tech t18
Tech t18Tech t18
Tech t18
SelectedPresentations
 
Continuous delivery is more than dev ops
Continuous delivery is more than dev opsContinuous delivery is more than dev ops
Continuous delivery is more than dev ops
Agile Montréal
 
Stamp Out Agile and DevOps Bottlenecks
Stamp Out Agile and DevOps BottlenecksStamp Out Agile and DevOps Bottlenecks
Stamp Out Agile and DevOps Bottlenecks
TechWell
 
Dapp
DappDapp
Dapp
ShubhamKumar2038
 
TOP FEATURES OF CertiDApp
TOP FEATURES OF CertiDAppTOP FEATURES OF CertiDApp
TOP FEATURES OF CertiDApp
Varun Khandelwal
 
Alternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebAlternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure Web
CASCouncil
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know it
Security BSides London
 
Software testing proposal for the software comppany .pptx
Software testing proposal for the software comppany .pptxSoftware testing proposal for the software comppany .pptx
Software testing proposal for the software comppany .pptx
MeseAK
 
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
Peter LaFond
 
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfLearn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
ReliqusConsulting
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps World
Shannon Lietz
 
Getting Started with Sitelock on ResellerClub
Getting Started with Sitelock on ResellerClubGetting Started with Sitelock on ResellerClub
Getting Started with Sitelock on ResellerClub
ResellerClub
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
CloudIDSummit
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
CloudIDSummit
 
QA metrics in Agile (GUIDE)
QA metrics in Agile (GUIDE)QA metrics in Agile (GUIDE)
QA metrics in Agile (GUIDE)
Vladimir Primakov (Volodymyr Prymakov)
 
Enterprise-Grade DevOps Solutions for a Start Up Budget
Enterprise-Grade DevOps Solutions for a Start Up BudgetEnterprise-Grade DevOps Solutions for a Start Up Budget
Enterprise-Grade DevOps Solutions for a Start Up Budget
DevOps.com
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET Core
NETUserGroupBern
 
Adwebtech ssl presentation_beyond_https
Adwebtech ssl presentation_beyond_httpsAdwebtech ssl presentation_beyond_https
Adwebtech ssl presentation_beyond_https
Anju Gigoo
 
Build and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityBuild and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of Mediocrity
T.Rob Wyatt
 
Security testing
Security testingSecurity testing
Security testing
Rihab Chebbah
 

Similar to QA Fest 2018. Michał Buczko. Automated Security Scanning in Payment Industry (20)

Tech t18
Tech t18Tech t18
Tech t18
 
Continuous delivery is more than dev ops
Continuous delivery is more than dev opsContinuous delivery is more than dev ops
Continuous delivery is more than dev ops
 
Stamp Out Agile and DevOps Bottlenecks
Stamp Out Agile and DevOps BottlenecksStamp Out Agile and DevOps Bottlenecks
Stamp Out Agile and DevOps Bottlenecks
 
Dapp
DappDapp
Dapp
 
TOP FEATURES OF CertiDApp
TOP FEATURES OF CertiDAppTOP FEATURES OF CertiDApp
TOP FEATURES OF CertiDApp
 
Alternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebAlternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure Web
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know it
 
Software testing proposal for the software comppany .pptx
Software testing proposal for the software comppany .pptxSoftware testing proposal for the software comppany .pptx
Software testing proposal for the software comppany .pptx
 
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
 
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfLearn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps World
 
Getting Started with Sitelock on ResellerClub
Getting Started with Sitelock on ResellerClubGetting Started with Sitelock on ResellerClub
Getting Started with Sitelock on ResellerClub
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
 
QA metrics in Agile (GUIDE)
QA metrics in Agile (GUIDE)QA metrics in Agile (GUIDE)
QA metrics in Agile (GUIDE)
 
Enterprise-Grade DevOps Solutions for a Start Up Budget
Enterprise-Grade DevOps Solutions for a Start Up BudgetEnterprise-Grade DevOps Solutions for a Start Up Budget
Enterprise-Grade DevOps Solutions for a Start Up Budget
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET Core
 
Adwebtech ssl presentation_beyond_https
Adwebtech ssl presentation_beyond_httpsAdwebtech ssl presentation_beyond_https
Adwebtech ssl presentation_beyond_https
 
Build and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityBuild and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of Mediocrity
 
Security testing
Security testingSecurity testing
Security testing
 

More from QAFest

QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилинQA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QAFest
 
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The FutureQA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
QAFest
 
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...
QAFest
 
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...
QAFest
 
QA Fest 2019. Никита Галкин. Как зарабатывать больше
QA Fest 2019. Никита Галкин. Как зарабатывать большеQA Fest 2019. Никита Галкин. Как зарабатывать больше
QA Fest 2019. Никита Галкин. Как зарабатывать больше
QAFest
 
QA Fest 2019. Сергей Пирогов. Why everything is spoiled
QA Fest 2019. Сергей Пирогов. Why everything is spoiledQA Fest 2019. Сергей Пирогов. Why everything is spoiled
QA Fest 2019. Сергей Пирогов. Why everything is spoiled
QAFest
 
QA Fest 2019. Сергей Новик. Между мотивацией и выгоранием
QA Fest 2019. Сергей Новик. Между мотивацией и выгораниемQA Fest 2019. Сергей Новик. Между мотивацией и выгоранием
QA Fest 2019. Сергей Новик. Между мотивацией и выгоранием
QAFest
 
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...
QAFest
 
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...
QAFest
 
QA Fest 2019. Иван Крутов. Bulletproof Selenium Cluster
QA Fest 2019. Иван Крутов. Bulletproof Selenium ClusterQA Fest 2019. Иван Крутов. Bulletproof Selenium Cluster
QA Fest 2019. Иван Крутов. Bulletproof Selenium Cluster
QAFest
 
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...
QAFest
 
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QAFest
 
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automation
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automationQA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automation
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automation
QAFest
 
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...
QAFest
 
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...
QAFest
 
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях IT
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях ITQA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях IT
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях IT
QAFest
 
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложении
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложенииQA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложении
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложении
QAFest
 
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...
QAFest
 
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...
QAFest
 
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22
QAFest
 

More from QAFest (20)

QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилинQA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
 
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The FutureQA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
 
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...
 
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...
 
QA Fest 2019. Никита Галкин. Как зарабатывать больше
QA Fest 2019. Никита Галкин. Как зарабатывать большеQA Fest 2019. Никита Галкин. Как зарабатывать больше
QA Fest 2019. Никита Галкин. Как зарабатывать больше
 
QA Fest 2019. Сергей Пирогов. Why everything is spoiled
QA Fest 2019. Сергей Пирогов. Why everything is spoiledQA Fest 2019. Сергей Пирогов. Why everything is spoiled
QA Fest 2019. Сергей Пирогов. Why everything is spoiled
 
QA Fest 2019. Сергей Новик. Между мотивацией и выгоранием
QA Fest 2019. Сергей Новик. Между мотивацией и выгораниемQA Fest 2019. Сергей Новик. Между мотивацией и выгоранием
QA Fest 2019. Сергей Новик. Между мотивацией и выгоранием
 
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...
 
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...
 
QA Fest 2019. Иван Крутов. Bulletproof Selenium Cluster
QA Fest 2019. Иван Крутов. Bulletproof Selenium ClusterQA Fest 2019. Иван Крутов. Bulletproof Selenium Cluster
QA Fest 2019. Иван Крутов. Bulletproof Selenium Cluster
 
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...
 
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
 
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automation
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automationQA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automation
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automation
 
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...
 
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...
 
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях IT
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях ITQA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях IT
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях IT
 
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложении
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложенииQA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложении
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложении
 
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...
 
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...
 
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22
 

Recently uploaded

Gender and Mental Health - Counselling and Family Therapy Applications and In...
Gender and Mental Health - Counselling and Family Therapy Applications and In...Gender and Mental Health - Counselling and Family Therapy Applications and In...
Gender and Mental Health - Counselling and Family Therapy Applications and In...
PsychoTech Services
 
Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray (9)Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray (9)
nitinpv4ai
 
220711130088 Sumi Basak Virtual University EPC 3.pptx
220711130088 Sumi Basak Virtual University EPC 3.pptx220711130088 Sumi Basak Virtual University EPC 3.pptx
220711130088 Sumi Basak Virtual University EPC 3.pptx
Kalna College
 
Contiguity Of Various Message Forms - Rupam Chandra.pptx
Contiguity Of Various Message Forms - Rupam Chandra.pptxContiguity Of Various Message Forms - Rupam Chandra.pptx
Contiguity Of Various Message Forms - Rupam Chandra.pptx
Kalna College
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
Krassimira Luka
 
78 Microsoft-Publisher - Sirin Sultana Bora.pptx
78 Microsoft-Publisher - Sirin Sultana Bora.pptx78 Microsoft-Publisher - Sirin Sultana Bora.pptx
78 Microsoft-Publisher - Sirin Sultana Bora.pptx
Kalna College
 
skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)
Mohammad Al-Dhahabi
 
BPSC-105 important questions for june term end exam
BPSC-105 important questions for june term end examBPSC-105 important questions for june term end exam
BPSC-105 important questions for june term end exam
sonukumargpnirsadhan
 
How to Setup Default Value for a Field in Odoo 17
How to Setup Default Value for a Field in Odoo 17How to Setup Default Value for a Field in Odoo 17
How to Setup Default Value for a Field in Odoo 17
Celine George
 
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptxRESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
zuzanka
 
Standardized tool for Intelligence test.
Standardized tool for Intelligence test.Standardized tool for Intelligence test.
Standardized tool for Intelligence test.
deepaannamalai16
 
Skimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S EliotSkimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S Eliot
nitinpv4ai
 
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGHKHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
shreyassri1208
 
Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10
nitinpv4ai
 
How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17
Celine George
 
Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.
IsmaelVazquez38
 
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
TechSoup
 
A Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two HeartsA Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two Hearts
Steve Thomason
 
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
Nguyen Thanh Tu Collection
 
CIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdfCIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdf
blueshagoo1
 

Recently uploaded (20)

Gender and Mental Health - Counselling and Family Therapy Applications and In...
Gender and Mental Health - Counselling and Family Therapy Applications and In...Gender and Mental Health - Counselling and Family Therapy Applications and In...
Gender and Mental Health - Counselling and Family Therapy Applications and In...
 
Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray (9)Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray (9)
 
220711130088 Sumi Basak Virtual University EPC 3.pptx
220711130088 Sumi Basak Virtual University EPC 3.pptx220711130088 Sumi Basak Virtual University EPC 3.pptx
220711130088 Sumi Basak Virtual University EPC 3.pptx
 
Contiguity Of Various Message Forms - Rupam Chandra.pptx
Contiguity Of Various Message Forms - Rupam Chandra.pptxContiguity Of Various Message Forms - Rupam Chandra.pptx
Contiguity Of Various Message Forms - Rupam Chandra.pptx
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
 
78 Microsoft-Publisher - Sirin Sultana Bora.pptx
78 Microsoft-Publisher - Sirin Sultana Bora.pptx78 Microsoft-Publisher - Sirin Sultana Bora.pptx
78 Microsoft-Publisher - Sirin Sultana Bora.pptx
 
skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)
 
BPSC-105 important questions for june term end exam
BPSC-105 important questions for june term end examBPSC-105 important questions for june term end exam
BPSC-105 important questions for june term end exam
 
How to Setup Default Value for a Field in Odoo 17
How to Setup Default Value for a Field in Odoo 17How to Setup Default Value for a Field in Odoo 17
How to Setup Default Value for a Field in Odoo 17
 
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptxRESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
 
Standardized tool for Intelligence test.
Standardized tool for Intelligence test.Standardized tool for Intelligence test.
Standardized tool for Intelligence test.
 
Skimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S EliotSkimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S Eliot
 
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGHKHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
 
Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10
 
How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17
 
Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.
 
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
 
A Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two HeartsA Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two Hearts
 
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
 
CIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdfCIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdf
 

QA Fest 2018. Michał Buczko. Automated Security Scanning in Payment Industry

  • 1. Automated Security Scanning in Payment Industry t WITH PASSION TO QUALITY Michał Buczko QA CONFERENCE #1 IN UKRAINE, KYIV 2018
  • 2. Test Consultant Public Speaker Security enthusiast t WITH PASSION TO QUALITY KYIV 2018 About me:
  • 3. 1.) Why security? 2.) How hard it is to start? 3.) How to run automated scanners? 4.) Required investments? 5.) Main benefits? 6.) Alternative options.. t WITH PASSION TO QUALITY KYIV 2018 Agenda:
  • 4. Why security is important? Why Your team should focus around this topic inside project or product delivery?
  • 5. Data integrity and management People give out their private data Economnic impact of cybersecurity attacks is significant IoT and digitalization of daily life
  • 7. Domain klowledge if huge and We don’t have expirience Experts are expensive It costs a lot of time and money to start security testing
  • 8. Automated security scanners Step by step guide how to enable security scanning inside Your existing test automation
  • 9. Automated functional test i.e. Webdriver Security intercepting proxy i.e. OWASP ZAProxy Effective integration
  • 10. OWASP ZAP  open-source web application security scanner  fully internationalized into over 25 languages  Used as a proxy server, it allows the user to manipulate all of the traffic that passes through it, including traffic using https.  Cross-platform tool written in Java  Some of the built in features include:  Intercepting proxy server,  Automated scanner,  Passive scanner,  It has a plugin-based architecture and an online ‘marketplace’.
  • 11. UI and Report examples
  • 12. Sounds easy but how to start? Where are the main investments in such solutions?
  • 13. How to enable scanner in my automation? How to decode and test HTTPS traffic? What is the impact on project schedule?
  • 14. Driver with proxy Selenium 2.0 The simple way to:  Set a manual proxy  Accept all SSL Certs  Run browser with proxy on all popups
  • 15. Driver with Proxy Selenium 3.0 The simple way to:  Set a manual proxy  Accept all SSL Certs  Run browser with proxy on all popups
  • 16. ZAP SSL certificate in Firefox  Open up OWASP ZAP  go to Tools -> Options  In the Certificates section, click on Generate  Save the certificate in some location  Navigate to the Preferences of your browser  Click on the Advanced tab, navigate to the Certificates tab and click on View Certificates  Select the Authorities tab and click on Import and choose the OWASP ZAP Root Certificate  Check all the boxes  Browse sites with HTTPS enabled. You're no longer prompted with the SSL Security Exception Error message.
  • 17. ZAP SSL certificate in Firefox  Open up OWASP ZAP  go to Tools -> Options  In the Certificates section, click on Generate  Save the certificate in some location  Navigate to the Preferences of your browser  Click on the Advanced tab, navigate to the Certificates tab and click on View Certificates  Select the Authorities tab and click on Import and choose the OWASP ZAP Root Certificate  Check all the boxes  Browse sites with HTTPS enabled. You're no longer prompted with the SSL Security Exception Error message.
  • 18. ZAP SSL certificate in Firefox  Open up OWASP ZAP  go to Tools -> Options  In the Certificates section, click on Generate  Save the certificate in some location  Navigate to the Preferences of your browser  Click on the Advanced tab, navigate to the Certificates tab and click on View Certificates  Select the Authorities tab and click on Import and choose the OWASP ZAP Root Certificate  Check all the boxes  Browse sites with HTTPS enabled. You're no longer prompted with the SSL Security Exception Error message.
  • 19. ZAP SSL certificate in Firefox  Open up OWASP ZAP  go to Tools -> Options  In the Certificates section, click on Generate  Save the certificate in some location  Navigate to the Preferences of your browser  Click on the Advanced tab, navigate to the Certificates tab and click on View Certificates  Select the Authorities tab and click on Import and choose the OWASP ZAP Root Certificate  Check all the boxes  Browse sites with HTTPS enabled. You're no longer prompted with the SSL Security Exception Error message.
  • 20. ZAP SSL certificate in Firefox  Open up OWASP ZAP  go to Tools -> Options  In the Certificates section, click on Generate  Save the certificate in some location  Navigate to the Preferences of your browser  Click on the Advanced tab, navigate to the Certificates tab and click on View Certificates  Select the Authorities tab and click on Import and choose the OWASP ZAP Root Certificate  Check all the boxes  Browse sites with HTTPS enabled. You're no longer prompted with the SSL Security Exception Error message.
  • 21. ZAP SSL certificate in Firefox  Open up OWASP ZAP  go to Tools -> Options  In the Certificates section, click on Generate  Save the certificate in some location  Navigate to the Preferences of your browser  Click on the Advanced tab, navigate to the Certificates tab and click on View Certificates  Select the Authorities tab and click on Import and choose the OWASP ZAP Root Certificate  Check all the boxes  Browse sites with HTTPS enabled. You're no longer prompted with the SSL Security Exception Error message.
  • 22. ZAP SSL certificate in Firefox  Open up OWASP ZAP  go to Tools -> Options  In the Certificates section, click on Generate  Save the certificate in some location  Navigate to the Preferences of your browser  Click on the Advanced tab, navigate to the Certificates tab and click on View Certificates  Select the Authorities tab and click on Import and choose the OWASP ZAP Root Certificate  Check all the boxes  Browse sites with HTTPS enabled. You're no longer prompted with the SSL Security Exception Error message.
  • 23. How much does it cost? • Webdriver - FREE • ZAProxy - FREE • YES, and.. • Investigation time • Project interruption • Learning attitude required
  • 24. What can I get from this? What is the benefit for my: • Team • Project • Product • Company
  • 25. Easy start with building image about security of your system Starting point for learning, excercising, upskilling anyone interested in security Security related pipeline inside Your CI/CD systems without investing in additional costly licences
  • 26. How to maximize the benefits?
  • 27. Does any alternatives exist? How to enable simillar results via other market available solutions?
  • 28. Features • Multiple integrated tools and solutions • Free to use and adapt to Your needs • Constant developement make by Objectivity Risks • Require technical knowledge to start integration • Its a tool-set to re-use not box solution Benefits • Freedom of usage and adaptation • Open-source • Not limited by technology stack or business objective Objectivity Test Framework
  • 29. Features • Open source on github • BDD test enhancement without technical skills requirement • CI integrated Risks • BDD tests are not easily owned inside organizations • Another layer on top of tool-set i.e. ZAP • No proven market value I heard Benefits • BDD in good setup can work very well • Few alternative routes to use • Less technical requirements to enable such solutions F-Secure Mittn BDD Security
  • 30. Features • Standalone scanning solution • Do not require technical knowledge • Push URL and wait for results Risks • No control over the scanning scope • Not cheap solution – costly licences • Sometimes to big for the problem Benefits • Easy to understand visualisation • Well documented results • Catalog feature, if applied on multiple projects Qualys Web Scanner
  • 31. Тема доклада Тема доклада Тема доклада WITH PASSION TO QUALITY KYIV 2018 Any questions? QA CONFERENCE #1 IN UKRAINE KYIV 2018 Thanks !!
  • 32. Тема доклада Тема доклада Тема доклада KYIV 2018 WITH PASSION TO QUALITY QA CONFERENCE #1 IN UKRAINE