LEARNING OUTCOMES

Learning the fundamentals in functional and security testing of software systems, with special emphasis on challenges posed by Web and Mobile applications, and getting acquainted with automated tools used to practice testing techniques.

AIMS AND LEARNING OUTCOMES

Students will learn the fundamentals in functional and security testing of software systems, with special emphasis on challenges posed by Web and Mobile applications and using automated testing tools.

Students will see the many facets of the problem and will learn methodologies, approaches and techniques to check the quality of complex software systems.

After the completion of the course, the participants would be able to:

• Understand and apply the differences between functionality and security testing
• Understand fundamental concepts of software testing (e.g, manual vs automated testing)
• Use established techniques/approaches/tools for designing and executing functional tests
• Learn how attackers succeed in breaking applications
• Understand the attack target possibilities of web apps (e.g., SQL injection)
• Understand the ‘Top Ten’ vulnerabilities proposed by OWASP
• Identifying a security risk and determining severity of a security risk
• Get hands on Web and Mobile application testing techniques (both functional and security), using, e.g. Selenium framework, Burp suite and other automated testing tools
• Incorporate software testing as a continuous process

PREREQUISITES

• Object Oriented and procedural programming fundamentals (in particular, basic knowledge of Java, Javascript, PHP and SQL languages)
• basic knowledge of Web and Mobile applications

TEACHING METHODS

The teaching is a combination between presentation of theoretical concepts and exercises and discussions. It is dialogue-oriented and with a practical approach.

Mandatory assignments which must be completed during the course will be provided to the students.

SYLLABUS/CONTENT

This course aims at providing the foundations behind functional and security testing. Current testing practices are quite effort intensive since they rely heavily on manual activities. Test automation aims at reducing the cost of testing by automating several of the involved activities.

The laboratory, that constitutes an integral part of the course, will give the students a hands-on opportunity to see the analysis and testing techniques (both functional and security) applied to real case studies.

Functional Testing:

• Course introduction: fundamentals of functional and security testing
• Manual vs automated testing
  • Software testing essential techniques
  • Introduction to continuous testing (DevOps)
    • Introduction to Jenkins
  • Data driven testing
  • Automation Tools for Unit testing (e.g., xUnit and TestNG)
• Web app and Mobile testing
  • E2E testing approach
  • Difference between Web and Mobile testing
  • Approaches for generating E2E test cases
  • Cross-browser testing
  • Test automation best practices
    • Page Object Model
  • Testing tools
    • Capture/Replay vs. Programmable
    • DOM-based vs. Visual
• API testing
  • Introduction to POSTMAN
• Laboratory
  • Test suite development for selected Web apps
  • Selenium IDE, Selenium WebDriver, Appium, POSTMAN, Katalon, Jenkins (or other similar tools)

Security Testing:

• Background on security vulnerabilities
  • ‘Top Ten’ vulnerabilities proposed by OWASP
• Server side vulnerabilities
  • OS Command Injection
  • SQL injection
  • Remediation/sanitization
• Client side security
  • Cross-Site scripting
  • Cross-Site scripting mitigations
  • Cross-Site Request Forgery
• Risk rating
  • OWASP Risk Rating methodology
  • OWASP Risk calculator
• Laboratory
  • Security testing using WebGoat (or similar deliberately insecure web application)
  • Burp suite (or other similar tools)

RECOMMENDED READING/BIBLIOGRAPHY

• Web Application Security: Exploitation and Countermeasures for Modern Web Applications
  by Andrew Hoffman
• Web Security Academy -https://portswigger.net/web-security/learning-path
• Test Automation using Selenium WebDriver with Java: Step by Step Guide by Mr Navneesh Garg