Currently Browsing


What are Injection Attacks and why are they important?

Manual testers always try to test all possible situations that could broke an application or compromise user data. Because of that a manual tester should not think just as an ordinary user, but as individuals who will try to break the application or just to hack the application for user information. There for, applications should be tested from security perspectives, especially defense against injection attacks.

Injection attacks refers to a group of attack vectors that allow the attacker to supply untrusted input to a program. These inputs will be processed by an interpreter as part of a command or query, which will be executed. These methods are amongst the oldest and most dangerous web application attacks.

The most widespread injection attacks are SQL injection (SQLi) and Cross-site Scripting (XSS) injection attacks, especially in legacy applications. They can result in data theft, data loss, loss of data integrity, denial of service, as well as full system compromise. I mentioned these two attack methods, because their attack surface is huge. Understanding the way, they work is easy, and for those who are unexperienced, a lot of add-on tools are provided to abuse these vulnerabilities automatically.

Change iOS Settings on virtual device with Appium

In our previous post we introduced the steps to set up your Appium environment for iOS 9 devices. In this post we will write about how can you open the Settings app and do some changes in it. We will use Java as programming language, Eclipse for IDE and JUnit as runner.

Ok, so first step is to get the Java client of Selenium from Extract the downloaded *.zip file, create a new Java Project in Eclipse and add all extracted *.jar files to Build Path. Now, we can start to implement our first test case for iOS device where we will open the Settings app and disable the Location Service on iPhone. As we mentioned above, we will use JUnit as runner, but you can also choose TestNG or just create a standard Java program with the main() function.

Let’s create a before() method with annotation @Before where we will set up all of the necessary things for the desired test case.

Ranorex – is this tool the tester heaven?

What is Ranorex? Is this a medicine? 🙂

Ranorex is an automated testing tool which provides testing of Microsoft desktop apps, webpages and mobile applications. It supports wide range of technologies like .NET, WFA, WPF, Java, HTML5, Flash, iOS, Android, Windows apps (hybrid and native) and so on. You can perform cross-browser, data-driven, automated functional, regression, automated GUI and keyword-driver testing. The Ranorex software pack can be classified into a few big parts. Ranorex Studio is the main section. Ranorex Studio contains the main tools like Ranorex Recorder, Ranorex Repository and RanoreXPath. In this post we will introduce them generally in different sections.

Ranorex Studio

Ranorex Studio is the heart of the Ranorex ecosystem. If you are familiar with Microsoft’s Visual Studio you will know immediately how to use it. It has the same layout like Visual Studio 2008/2010.

Main view of the Ranorex studio

Main view of the Ranorex studio

How to select an element from table if there is no ID

When we want to select a value from a table but the element doesn’t have id or other identification, we can use the other cells of the table to identify the value.

For example:


<table id="business_marketData_items" summary="Current market values for major international indexes">
<td><a href="">Dow Jones</a></td>
<td><a href=""> Nasdaq</a></td>

There is a table with stock market data and we want to get the value of the percentage of change (the last column). The percentage doesn’t have any identification, but we know the name of the stock market. For example we choose Dow Jones and the desired value is 0.72%.

How to get the value?

Webdriver – XPath and CSS selector performance tip

There are cases when using XPath has some advantages over CSS selectors.
For example if there is a site where we can select an item only by text because the other type of locators are not clear(id’s and classes are generated and they are used in multiple places).

What can we do in this situation?

  1. Use a CSS locator to select multiple elements and then call the getText() function and compare the results with the selected string
    This is a working solution, but Webdriver calls are expensive and it can really slow down test runs in IE8 and IE9 browsers.
  2. Use the XPath’s contains function to select the element by its text value
    span[contains(text(),’Text to search for’)]
Short background story:

To solve our initial problem using CSS we have been forced to use the getText() function to be able to compare the text and get the appropriate element.
When we came up with the 2. solution the overall run time of the tests have been reduced and the test runs became more stable in IE8 and IE9.