iOS Application Penetration Testing for BeginnersRyanISI
This document provides an overview of iOS application penetration testing for beginners. It covers setting up a pen testing environment, understanding the iOS filesystem and Objective-C runtime, techniques for runtime analysis and manipulation, insecure data storage, side channel data leakage, analyzing URL schemes and network traffic, and secure coding guidelines. The agenda includes jailbreaking a device, installing useful tools like Cycript and class-dump, understanding the application sandbox and filesystem structure, runtime concepts in Objective-C, manipulating running applications using Cycript, insecure storage techniques like plist and NSUserDefaults, side channels like logs, snapshots and pasteboard, URL schemes, and analyzing network traffic using a proxy like Burp.
This introduces the linaro OP-TEE project in the context of the Automotive Grade Linux distribution. This TEE is today considered as a potential key element to provides some security enforcement in the scope of Software OTA for the AGL distribution.
This brief slides set was presented during AGL Face to Face Technical Meeting 25 – 27 May, Vannes, France
This document discusses the design and implementation of a test automation architecture (TAA). It describes the different layers of a generic TAA, including the test adaptation, test execution, test definition, and test generation layers. It then covers considerations for designing a TAA, such as the types of tests and system under test. Finally, it provides an example implementation of a TAA for an ecommerce application, outlining choices for tools, execution, reporting, and test case management.
iOS Application Penetration Testing for BeginnersRyanISI
This document provides an overview of iOS application penetration testing for beginners. It covers setting up a pen testing environment, understanding the iOS filesystem and Objective-C runtime, techniques for runtime analysis and manipulation, insecure data storage, side channel data leakage, analyzing URL schemes and network traffic, and secure coding guidelines. The agenda includes jailbreaking a device, installing useful tools like Cycript and class-dump, understanding the application sandbox and filesystem structure, runtime concepts in Objective-C, manipulating running applications using Cycript, insecure storage techniques like plist and NSUserDefaults, side channels like logs, snapshots and pasteboard, URL schemes, and analyzing network traffic using a proxy like Burp.
This introduces the linaro OP-TEE project in the context of the Automotive Grade Linux distribution. This TEE is today considered as a potential key element to provides some security enforcement in the scope of Software OTA for the AGL distribution.
This brief slides set was presented during AGL Face to Face Technical Meeting 25 – 27 May, Vannes, France
This document discusses the design and implementation of a test automation architecture (TAA). It describes the different layers of a generic TAA, including the test adaptation, test execution, test definition, and test generation layers. It then covers considerations for designing a TAA, such as the types of tests and system under test. Finally, it provides an example implementation of a TAA for an ecommerce application, outlining choices for tools, execution, reporting, and test case management.
This slide provides a basic understanding of hypervisor support in ARM v8 and above processors. And these slides (intent to) give some guidelines to automotive engineers to compare and choose right solution!
We will learn more about mobile application testing using the Appium automation testing Framework. We'll explore how it is different from web application testing, what is the importance of mobile application testing and lastly, why should we choose appium as a testing tool.
This document discusses testing web applications using Selenium. It begins by outlining some of the unique challenges of web application testing, including heterogeneous systems with different front-end and back-end components, dynamic pages generated by JavaScript, and security concerns. It then introduces Selenium, an open source tool for automating web application testing. Selenium WebDriver allows testing web applications across browsers and platforms in a programmatic way. The document provides examples of how to use Selenium WebDriver to test a web page, such as verifying the page title. It also discusses challenges like asynchronous behavior that require waiting for elements to load. Finally, it outlines the course project, which involves designing and implementing Selenium tests for adding a new class in the SchoolMate web application
iOS is derived from Mac OS X and is used in iPhone, iPad, and iPod devices. Applications can be browser-based, native, or hybrid. iOS apps are programmed using Objective-C and the CocoaTouch framework in Xcode. Apps are tested on simulators and actual devices. iOS provides security through mechanisms like secure boot chain, application isolation, data encryption using hardware crypto and keys, keychain, file encryption, and network security using SSL, TLS, VPN, and WiFi protection. Mobile apps also need penetration testing. Tools like jailbreaking, iTunes, Wireshark, Burp Suite, iExplorer, and SQLite Browser can be used to analyze data in transit and storage for security evaluations.
Session ID: SFO17-309
Session Name: Secure storage updates - SFO17-309
Speaker: Jens Wiklander - Jerome Forissier
Track: Security
★ Session Summary ★
The last release of OP-TEE includes big updates to secure storage. Integrity protection is improved and the entire secure storage space is saved as one snapshot on each update.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-309/
Presentation:
Video:
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
http://www.linaro.org
http://connect.linaro.org
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
This document provides an introduction to using the Google Test framework for unit testing C++ code. It begins with an example of a simple test for a function called calc_isect. It then demonstrates how to add assertions to tests, use test fixtures to reduce duplicated setup code, and generate parameterized tests. The document also covers best practices for test organization, installing and using Google Test, and some key features like XML output and selecting subsets of tests. Overall, the document serves as a tutorial for getting started with the Google Test framework for writing and running unit tests in C++ projects.
iOS is Apple's mobile operating system originally developed for the iPhone and later extended to the iPad and iPod. It has a layered architecture including the core OS layer, core services layer, media layer, and Cocoa Touch layer. Major technologies that run iOS include the iPhone, iPad, iPod, and Apple TV. iOS has advantages like connectivity, reliability, and scalability, but also disadvantages such as lack of significant iPod feature upgrades.
Google is adding Kotlin as an official programming language for Android development. Kotlin is a language that runs on the JVM and has full interoperability with Java. It costs nothing to adopt! I will show some cool features of Kotlin, how it makes developing with Android easy and finally we'll see what happens under the hood when we write in Kotlin.
Performance testing and reporting with JMeterjvSlideshare
This document discusses performance testing with JMeter. It provides an introduction to performance testing and why it is important. It describes the tools needed for a performance testing system, including virtual user simulators, system monitoring tools, and application monitoring tools. It then focuses on using JMeter for performance testing, explaining why JMeter is chosen and some basic parameters to consider like response time and throughput.
This document discusses hacking and securing iOS applications. It begins by covering iOS security concepts and loopholes, then discusses how those loopholes can affect apps and allow easy theft of app data. The remainder of the document provides guidance on how to protect apps by securing local storage locations, runtime analysis, and transport security. Key recommendations include encrypting sensitive data, using data protection APIs, restricting access to private data, and properly validating SSL certificates.
LCU14-107: OP-TEE on ARMv8
---------------------------------------------------
Speaker: Jens Wiklander
Date: September 15, 2014
---------------------------------------------------
★ Session Summary ★
SWG is porting OP-TEE to ARMv8 using Fixed Virtual Platform. Initially OP-TEE is running secure world in aarch32 mode, but with the normal world code running in aarch64 mode. Since ARMv8 uses ARM Trusted Firmware we have patched it with an OP-TEE dispatcher to be able to communicate between secure and normal world.
---------------------------------------------------
★ Resources ★
Zerista: http://lcu14.zerista.com/event/member/137710
Google Event: https://plus.google.com/u/0/events/c0ef114n77bhgbns9vb85g9n6ak
Presentation: http://www.slideshare.net/linaroorg/lcu14-107-optee-on-ar-mv8
Video: https://www.youtube.com/watch?v=JViplz-ah9M&list=UUIVqQKxCyQLJS6xvSmfndLA
Etherpad: http://pad.linaro.org/p/lcu14-107
---------------------------------------------------
★ Event Details ★
Linaro Connect USA - #LCU14
September 15-19th, 2014
Hyatt Regency San Francisco Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
This document discusses cross-platform development and different types of applications that can be built across platforms. It defines a platform as hardware architecture and software framework. Native applications are coded specifically for one platform using its programming language, while cross-platform or non-native applications can run on multiple platforms using languages like HTML, Java and C#. Hybrid apps combine cross-platform languages with platform-specific languages to access device hardware while maintaining cross-platform compatibility. The document compares the pros and cons of native, cross-platform and hybrid applications and provides examples of tools that can be used to build each type.
Different testing requirements that mobile applications have, challenges and solutions Challenges 1. Complex mobile testing matrix, Expensive test environment 2. Repetitive testing 3. Mobile testing for devices located at various locations Solutions: • Risk Based Testing approach • Using Mobile device emulators • Use of Automation tools • Leveraging external services
Linux device drivers act as an interface between hardware devices and user programs. They communicate with hardware devices and expose an interface to user applications through system calls. Device drivers can be loaded as kernel modules and provide access to devices through special files in the /dev directory. Common operations for drivers include handling read and write requests either through interrupt-driven or polling-based I/O.
Performance Testing is a type of testing to ensure software applications will perform well under their expected workload.
It evaluates the quality or capability of a product. Take your Performance Tests to next level with Gatling!
Unity: "Очевидное-невероятное” или хитрости разработки на Unity AndroidDevGAMM Conference
Unity для платформы Android решает за разработчика огромное количество проблем. Что впрочем не отменяет умелое использование этого мощного инструментария. Приходите и узнайте секреты и хитрости разработки от участника команды Unity Android.
This slide provides a basic understanding of hypervisor support in ARM v8 and above processors. And these slides (intent to) give some guidelines to automotive engineers to compare and choose right solution!
We will learn more about mobile application testing using the Appium automation testing Framework. We'll explore how it is different from web application testing, what is the importance of mobile application testing and lastly, why should we choose appium as a testing tool.
This document discusses testing web applications using Selenium. It begins by outlining some of the unique challenges of web application testing, including heterogeneous systems with different front-end and back-end components, dynamic pages generated by JavaScript, and security concerns. It then introduces Selenium, an open source tool for automating web application testing. Selenium WebDriver allows testing web applications across browsers and platforms in a programmatic way. The document provides examples of how to use Selenium WebDriver to test a web page, such as verifying the page title. It also discusses challenges like asynchronous behavior that require waiting for elements to load. Finally, it outlines the course project, which involves designing and implementing Selenium tests for adding a new class in the SchoolMate web application
iOS is derived from Mac OS X and is used in iPhone, iPad, and iPod devices. Applications can be browser-based, native, or hybrid. iOS apps are programmed using Objective-C and the CocoaTouch framework in Xcode. Apps are tested on simulators and actual devices. iOS provides security through mechanisms like secure boot chain, application isolation, data encryption using hardware crypto and keys, keychain, file encryption, and network security using SSL, TLS, VPN, and WiFi protection. Mobile apps also need penetration testing. Tools like jailbreaking, iTunes, Wireshark, Burp Suite, iExplorer, and SQLite Browser can be used to analyze data in transit and storage for security evaluations.
Session ID: SFO17-309
Session Name: Secure storage updates - SFO17-309
Speaker: Jens Wiklander - Jerome Forissier
Track: Security
★ Session Summary ★
The last release of OP-TEE includes big updates to secure storage. Integrity protection is improved and the entire secure storage space is saved as one snapshot on each update.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-309/
Presentation:
Video:
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
http://www.linaro.org
http://connect.linaro.org
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
This document provides an introduction to using the Google Test framework for unit testing C++ code. It begins with an example of a simple test for a function called calc_isect. It then demonstrates how to add assertions to tests, use test fixtures to reduce duplicated setup code, and generate parameterized tests. The document also covers best practices for test organization, installing and using Google Test, and some key features like XML output and selecting subsets of tests. Overall, the document serves as a tutorial for getting started with the Google Test framework for writing and running unit tests in C++ projects.
iOS is Apple's mobile operating system originally developed for the iPhone and later extended to the iPad and iPod. It has a layered architecture including the core OS layer, core services layer, media layer, and Cocoa Touch layer. Major technologies that run iOS include the iPhone, iPad, iPod, and Apple TV. iOS has advantages like connectivity, reliability, and scalability, but also disadvantages such as lack of significant iPod feature upgrades.
Google is adding Kotlin as an official programming language for Android development. Kotlin is a language that runs on the JVM and has full interoperability with Java. It costs nothing to adopt! I will show some cool features of Kotlin, how it makes developing with Android easy and finally we'll see what happens under the hood when we write in Kotlin.
Performance testing and reporting with JMeterjvSlideshare
This document discusses performance testing with JMeter. It provides an introduction to performance testing and why it is important. It describes the tools needed for a performance testing system, including virtual user simulators, system monitoring tools, and application monitoring tools. It then focuses on using JMeter for performance testing, explaining why JMeter is chosen and some basic parameters to consider like response time and throughput.
This document discusses hacking and securing iOS applications. It begins by covering iOS security concepts and loopholes, then discusses how those loopholes can affect apps and allow easy theft of app data. The remainder of the document provides guidance on how to protect apps by securing local storage locations, runtime analysis, and transport security. Key recommendations include encrypting sensitive data, using data protection APIs, restricting access to private data, and properly validating SSL certificates.
LCU14-107: OP-TEE on ARMv8
---------------------------------------------------
Speaker: Jens Wiklander
Date: September 15, 2014
---------------------------------------------------
★ Session Summary ★
SWG is porting OP-TEE to ARMv8 using Fixed Virtual Platform. Initially OP-TEE is running secure world in aarch32 mode, but with the normal world code running in aarch64 mode. Since ARMv8 uses ARM Trusted Firmware we have patched it with an OP-TEE dispatcher to be able to communicate between secure and normal world.
---------------------------------------------------
★ Resources ★
Zerista: http://lcu14.zerista.com/event/member/137710
Google Event: https://plus.google.com/u/0/events/c0ef114n77bhgbns9vb85g9n6ak
Presentation: http://www.slideshare.net/linaroorg/lcu14-107-optee-on-ar-mv8
Video: https://www.youtube.com/watch?v=JViplz-ah9M&list=UUIVqQKxCyQLJS6xvSmfndLA
Etherpad: http://pad.linaro.org/p/lcu14-107
---------------------------------------------------
★ Event Details ★
Linaro Connect USA - #LCU14
September 15-19th, 2014
Hyatt Regency San Francisco Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
This document discusses cross-platform development and different types of applications that can be built across platforms. It defines a platform as hardware architecture and software framework. Native applications are coded specifically for one platform using its programming language, while cross-platform or non-native applications can run on multiple platforms using languages like HTML, Java and C#. Hybrid apps combine cross-platform languages with platform-specific languages to access device hardware while maintaining cross-platform compatibility. The document compares the pros and cons of native, cross-platform and hybrid applications and provides examples of tools that can be used to build each type.
Different testing requirements that mobile applications have, challenges and solutions Challenges 1. Complex mobile testing matrix, Expensive test environment 2. Repetitive testing 3. Mobile testing for devices located at various locations Solutions: • Risk Based Testing approach • Using Mobile device emulators • Use of Automation tools • Leveraging external services
Linux device drivers act as an interface between hardware devices and user programs. They communicate with hardware devices and expose an interface to user applications through system calls. Device drivers can be loaded as kernel modules and provide access to devices through special files in the /dev directory. Common operations for drivers include handling read and write requests either through interrupt-driven or polling-based I/O.
Performance Testing is a type of testing to ensure software applications will perform well under their expected workload.
It evaluates the quality or capability of a product. Take your Performance Tests to next level with Gatling!
Unity: "Очевидное-невероятное” или хитрости разработки на Unity AndroidDevGAMM Conference
Unity для платформы Android решает за разработчика огромное количество проблем. Что впрочем не отменяет умелое использование этого мощного инструментария. Приходите и узнайте секреты и хитрости разработки от участника команды Unity Android.
Автоматизация тестирования в iOS-проекте на примере ICQ / Д.Куркин, М.Манаев ...Ontico
РИТ++ 2017, AppsConf
Зал Найроби + Касабланка, 5 июня, 16:00
Тезисы:
http://appsconf.ru/2017/abstracts/2807.html
- Как мы решили связаться с автоматизацией тестирования и что из этого вышло.
- Наша инфраструктура для тестирования. Что тестируем, как тестируем и как следим за результатами.
- Как получать пользу от автоматизации, если продукт сильно меняется минимум раз в год.
- Особенности текущего инструментария. Что стоит учитывать и на что обратить внимание.
Mobile Monday Kiev#1 - How to save time in Mobile Apps DevelopmentIntersog
Intersog acted as a general partner of relaunched Mobile Monday (MoMo) event in Ukraine that took place in Kyiv on June 25, 2015. See the top moments from Mobile Monday Kyiv #1!
MoMo is a global platform for IT knowledge sharing and professional networking that is currently being active in 140+ cities worldwide. MoMo offers different networking formats aimed to enhance public knowledge of the most trending mobility topics and innovation. Read more and join Mobile Monday: http://intersog.com/news/intersog-helps-relaunch-mobile-monday-ukraine/
Мобилизация в Колёсах: от аутсорса до собственной командыVladimir Merkushev
Наш опыт в области разработки мобильных приложений для проектов Колёса и Крыша. Сравнение разработки в команде и с удаленным подрядчиком. Разработка приложений глазами ведущего программиста.
Авторы: Владимир Меркушев и Роман Ли
Семинар по Node.js в КПИ 20 октября 2014. Докладчики: Тимур Шемсединов, Никита Савченко, Максим Петренко. Краткое содержание:
* Что такое Node.js и как работает JavaScript в V8
* Профессионалы расскажут, почему они выбрали Node.js
* Вы узнаете его сильные и слабые стороны и где его лучше применять
* Будет полный обзор особеностей и внутреннего строения Node.js
* Примеры внедрения и Highload-проекты
* Вопросы развертывания, хостинг, тестирования, и отладки
* Где и что учить, что читать, как осваивать
This document discusses continuous performance testing (CPT) and introduces the Jagger CPT solution. It provides an overview of why performance testing is important, outlines the principles and goals of CPT, and describes the key parts of the Jagger CPT platform including load generation, metrics collection, test data management, and environment management. It also provides an example customer success story where Jagger was used for continuous performance testing of a large ecommerce site.
Мощь переполняет с JDI 2.0 - новая эра UI автоматизацииSQALab
This document provides an overview of the JDI (Java UI test automation framework). It discusses features of JDI including being UI element oriented, providing common UI elements and solutions to common problems. It provides examples of how to write tests using JDI annotations and page object pattern. The document also summarizes benefits of JDI such as reducing test code, improving test clarity, reuse across projects. Finally it outlines new features planned for JDI 2.0 including layout verification, page object generator, integration with Selenium and expanding JDI to other languages like Python.
The document discusses testing of geolocation systems. It provides an overview of geolocation, including definitions and importance. It then outlines the speaker's experience and work testing GIS systems. The rest of the document details approaches to testing geolocation, including simulating calls, checking responses and databases, and verifying accuracy. It also discusses common data formats, projections, tools like PostGIS and QGIS, and potential bugs to watch for like coordinate jumbling. The conclusion emphasizes starting simple, practicing to improve, and for tests to grow with knowledge as geolocation is important for future IT.
2. Agilites Collaborate to Win!
Наш рецепт успеха – быть «Аджилити»!
КОММУНИКАЦИИ, ГИБКОСТЬ, ВОЛЯ к ПОБЕДЕ!
• Головин Андрей - QA Engineer
• Максименко Анна- QA Engineer
11. Android Software
Development Kit
Инструменты для Android:
Драйвера для устройств
Agilites
Спасибо кэп: всю необходимую информацию,
по установке вы можете найти в великом Google.
14. Установка на устройства:
iOS: iPad2, iPad4, iPad mini Retina,
iPhone 3g(iPhone3gS), iPod5, iPhone6+(iPhone6).
Android: Samsung Google Nexus 10,
LG Google Nexus 5, Acer Iconia Tab A500,
Samsung Galaxy Tab3 10.1, Samsung Galaxy S2 I9100,
Samsung Galaxy Mini S5570
Спасибо КЭП: все используемые устройства,
должны быть с разными прошивками.
Agilites
16. Agilites
Баг в игровой механике:
Drag and drop - применение предмета с
помощью прикосновения пальцем к предмету
и перемещения предмета, по экрану, к месту
его применения.
Tap and Tap - применение предмета
единичным касанием к нему и следующему
прикосновению к месту применения предмета.
Шоустоп приложения, если собрать
предметы с помощью механики
drag and drop
20. Agilites
Пример бага c Hint:
Хинт зацикливается если в одном
из сценариев с локациями
оставить незаконченные
действия, перейти в другой
сценарий и выполнить все
доступные квесты и следовать
за хинтом.
21. Игровой функционал:
Agilites
Send Review
Save
iOS: <name aps> /Library/Documents
iCloud
Спасибо КЭП: пробуйте выходить из игры в разные моменты
на протяжении всего прохождения. Android: сохраняются ли данные
после закрытия приложения с помощью функций “force Stop”
22. Пример №1:
Шоустоп приложения, после
перезапуска в момент падения
колбы в инвентарь.
Agilites
Баг с сохранением игры:
Пример №2:
Шоустоп приложения по
переходу в локацию в момент
получения последнего осколка.
24. Потребления памяти и FPS:
FPS - Frame per second
MAC > Instruments >
Activity Monitor > «app name» >
> Real Memory
cmd > adb shell top -m 5 -n 1
iOS:
Android:
Agilites
25. Баг с потреблением памяти:
Конфуз с превышенным
потреблением памяти при
портировании приложения
на Android.
Agilites
26. Реакция на suspend event:
Входящие звонки
Входящие Сообщения
Будильник
Напоминания
Спасибо КЭП: реакция игры на приход Notifications от
сторонних приложений.
Push - Notification
Agilites
27. Agilites
Баг с перезапуском приложения
Пропал предмет после
перезапука приложения в момент
скролла предметов
в инвенторе.
Инвентарь – набор предметов,
имеющихся у персонажа в игре.
29. Agilites
Пример бага покупки:
Нет возможности купить
контент, после разрыва
интернет соединения, на последнем
окне подтверждения покупки.
30. Game Center
Google play game
services
Популярные социальные сети:
- Twitter;
- Facebook;
- YouTube;
- Google+;
- Instagram.
Достижения и соц. сети:
Agilites
Родительский контроль
Запреты
32. Agilites
- фиксы жалоб и багов;
- добавление нового функционала;
- маркетинговые материалы.
Апдейты:
33. Agilites
Апдейты:
Проверка №1: Обновления приложения, на не
прокаченном доме.
Проверка №2: Сделать обновление приложения
после третьего абгрейда дома.
Проверка №3: Сделать обновление приложения в
момент когда происходит улучшение дома со второго
на третий этап.
36. Agilites
Ссылки на все ресурсы:
Особенности Store:
http://developer.android.com/
https://developer.apple.com/
Тест кейсы:
http://agilites.com/blog/software-testing/example-of-checks-when-testing-mobile-
application-interruptions.html
http://agilites.com/blog/software-testing/example-of-checks-testing-inapp.html
Великий помощник:
https://www.google.com.ua