By Prasanth V — “Keep calm and automate on — the mantra of a proficient automation tester.”

This document presents the fundamental ideas and technologies required for automating web-based applications using Selenium WebDriver, Cucumber, and Python

What is Cucumber?

Cucumber is a tool that facilitates behavior-driven development (BDD), allowing for the definition of testing steps in plain English language (Gherkin). This makes it easily comprehensible to non-technical team members and business stakeholders. Cucumber is versatile and supports various programming languages such as Java, C#, Ruby, and Python, among others.

What is Selenium?

Selenium is an automation testing tool (open source) that can execute several functional test cases for web-based applications across multiple browsers. It supports multiple languages like Java, C#, Ruby, python, etc.

What is BDD?

Behavior Driven Development (BDD) is a method for crafting test cases in a format easily comprehensible to humans, utilizing Gherkin as a tool. BDD serves the dual purpose of enhancing communication between analysts and developers while also closing the divide between manual QA testers and automation testers.

Example:

Let us understand with this simple example which we will add in the feature file.

Feature: Caratlane Login

  Scenario: Login to caratlane with valid parameters
    Given Launching chrome browser
    When Open caratlane Login page
    And  Enter userName "xxxxxxxx6@caratlane.com"
    And  click continue to login button
    And  Enter Password "YYYYYY"
    And  click on the Login button
    Then User must logined successfully

Let’s now explore the intent behind each keyword within the Gherkin syntax.

Feature: What are we testing?
Scenario: How are we testing it?
Given: What is the starting state?
When: What do we do?
Then: What should happen?

Why use Cucumber with Selenium?

1. Cucumber simplifies the process of reading and comprehending the application’s workflow.
2. Selenium enables the execution of your functional test cases in web browsers.
3. By combining Cucumber and Selenium, the divide between technical and non-technical team members is eliminated.
4. Simplifies the understanding of test cases for clients.

Create Project in pycharm:

Create a Python Project as shown in the screenshot.

Adding Package files in the project:

Click on the File> Setting >Python interpreter Add all the libraries downloaded Selenium, Cucumber.

Creating a Feature File:

1. Create a new file in the testing directory of the Python project.
2. Name the file with an .feature extension. For example, testing.feature
3. In the feature file, write the feature name, scenarios, and test steps.

Add scenario in the Cucumber feature file:

Create a new file in the testing directory of the project.

1. Name the file with an .py extension. For example, testing.feature.Steps.py.
2. In the step file, write the step definitions for the steps that are used in feature files.

Create Step Definition :

A Step Definition that corresponds to and is connected with Gherkin language feature files. Essentially, a Step Definition defines the actions to be taken for each step mentioned in the feature files. For every step in the feature file, a corresponding step definition method should be included. This ensures that each step in the feature file (whether it’s a Given, When, or Then step) has an associated method that defines its execution.

When you execute a feature file with Cucumber, the framework automatically runs the step definition methods that are linked to the steps in that feature file.

To illustrate this process, we first create a StepDefinition package and then add a login.py within it to organize and manage the step definition methods.

Executing the Script:

We can execute the script using the behave command

Output of the script.

On successful execution, this is how the output is shown with each step mentioned.

Automating BDD tests with Python is a proactive approach that can significantly enhance the reliability and effectiveness testing process. By reducing the need for manual intervention and ensuring the precision of test results, can offer a more dependable testing experience. Embracing BDD automation with Python ensures that testing procedures consistently yield accurate results, leading to a more effective and engaging testing process.

References:

Cucumber

Meet the team!

Author

Prasanth V

Reviewer

Gokul M

Editor

Seema Jain

Python:

Python is a powerful and versatile programming language that can be used to build all sorts of software, from websites and apps to data analysis tools and automation scripts.

Advantages of using Python-based automation:

• Easy to learn and use: Python is beginner-friendly. It’s easy to grasp with its simple rules and has a big community for support.
• Save time and effort: Python automation simplifies tasks, saving both time and effort by handling them automatically.
• Increase productivity: Python automation makes more productive by handling tasks like report generation, leaving more time for important tasks like data reports.

Introduction to BDD:

1. Behavior-Driven Development (BDD): We’ll explore the fundamental principles of BDD and draw distinctions between BDD and Test-Driven Development (TDD).
2. Gherkin Language: We’ll delve into the syntax of Gherkin, encompassing elements such as Features, Scenarios, and the Given-When-Then structure, as well as touch upon tags, Background, and the utility of Scenario Outlines.
3. Feature Files: We’ll address the art of crafting effective scenarios and organizing features for clarity and efficiency in BDD-driven projects.

Integrating Cucumber with Selenium:

1. Step Definitions: Connecting Gherkin Instructions with Python Logic using Annotations like @Given, @When, and @Then.
2. Handling Hooks: Implementing Pre-Test and Post-Test Actions through Before and After Annotations to Set Conditions.
3. Orchestrating Runs: Configuring CucumberOptions and Executing Tests using Runners.
4. Better teamwork and communication: BDD boosts teamwork and communication within the team by establishing a shared language. This reduces confusion and ensures everyone is aligned.
5. Increased focus on the needs of the business stakeholders: BDD involves business stakeholders from the start to make sure the software meets their needs and adds value.

Essential Tools for Python-Based BDD AutomationPycharm

1. Selenium
2. Cucumber
3. Allure
4. Python
5. Pycharm
6. Chrome Driver

To install the required packages, using the Python interpreter.

1. Selenium
2. Cucumber

To create a Feature file and step file for a project using Cucumber and Selenium would typically follow these steps:

What is a feature in Cucumber?

The feature file is a crucial component of the Cucumber tool, serving as a platform for scripting acceptance steps in automated testing. These steps typically align with the application’s specifications. A feature file is a standard file format used for storing information about features, scenarios, and their corresponding descriptions that need to be tested.

Creating a Feature File:

1. Create a new file in the testing directory of the Python project.
2. Name the file with an .feature extension. For example, testing.feature
3. In the feature file, write the feature name, scenarios, and test steps.

What are Gherkin key words?

Gherkin, the language used in Behavior-Driven Development (BDD) to write structured and human-readable scenarios, relies on specific keywords to define and structure features, scenarios, and steps. Here are some common Gherkin keywords:

In simple terms:

1. Feature: What are we testing?
2. Scenario: How are we testing it?
3. Given: What is the starting state?
4. When: What do we do?
5. Then: What should happen?

Once the Gherkin file keywords are generated, they are used in the steps file (usually named steps.py) to implement the steps using Python code. The steps file is a Python module that contains functions that correspond to the Gherkin keywords.

To create a step file using Cucumber, one would typically follow these steps

1. Create a new file in the testing directory of project.
2. Name the file with an .py extension. For example, testing.feature.Steps.py.
3. In the step file, write the step definitions for the steps that are using in feature files.

For example, the following Gherkin scenario:

Steps File.py

Preview

Security Testing is a type of Software Testing that uncovers vulnerabilities, threats, and risks in a software application and prevents malicious attacks from intruders. The purpose of Security Tests is to identify all possible loopholes and weaknesses of the software system which might result in a loss of information, revenue, and reputation at the hands of the employees or outsiders of the Organization.

Why security Testing?

Security testing is important because it helps to identify and mitigate security vulnerabilities in software applications, systems, and networks. As technology becomes more advanced, security threats also become more sophisticated, and as a result, the need for effective security testing has become increasingly important.

1. Protecting sensitive data: Security testing helps to identify vulnerabilities in software applications and networks, which can be exploited by attackers to gain unauthorized access to sensitive data, such as personal information, financial data, or intellectual property.
2. Compliance with regulations: Security testing is often required by regulatory frameworks such as GDPR, and DSS, which mandate organizations to implement adequate security measures to protect sensitive data.
3. Avoiding financial losses: Security breaches can result in significant financial losses for organizations, including the cost of remediation, loss of revenue, and damage to reputation.
4. Maintaining customer trust: A security breach can have a devastating impact on an organization’s reputation and erode customer trust. Security testing helps to identify vulnerabilities and allows organizations to take proactive measures to protect their customers’ data.
5. Legal liability: Organizations can be held legally liable for security breaches that result in the loss or theft of sensitive data. Security testing can help to minimize legal risk by identifying vulnerabilities and mitigating them before an attack occurs.

In summary, security testing is essential to identify and mitigate security vulnerabilities in software applications, systems, and networks. It helps organizations to protect sensitive data, comply with regulations, avoid financial losses, maintain customer trust, and minimize legal liability.

How Security Testing done

Security testing involves a variety of techniques and tools that are used to identify and mitigate security vulnerabilities in software applications, systems, and networks. Here are some common methods used in security testing

1. Vulnerability scanning: This involves using automated tools to scan networks, systems, and applications for known vulnerabilities, such as unpatched software, weak passwords, or misconfigured servers.
2. Penetration testing: Also known as pen testing, this involves attempting to exploit vulnerabilities in a controlled manner to identify potential security weaknesses. Pen testing can be conducted manually or using automated tools.
3. Code review: This involves analyzing the source code of an application or system to identify potential security vulnerabilities. Code review can be conducted manually or using automated tools.
4. Risk assessment: This involves identifying potential security risks and assessing their likelihood and impact. A risk assessment can help to prioritize security testing efforts and ensure that the most critical vulnerabilities are addressed first.
5. Social engineering: This involves attempting to exploit human weaknesses, such as trust or lack of awareness, to gain unauthorized access to systems or data. Social engineering can include techniques such as phishing, pretexting, or baiting.

Tools Used for Security Testing:

1. Kali Linux
2. Burp Suite
3. Nexus

Benefits of security testing?

1. Identification of security vulnerabilities: Security testing helps to identify security vulnerabilities in software applications, systems, and networks. This allows organizations to take proactive measures to mitigate these vulnerabilities before they can be exploited by attackers.
2. Improved security posture: By identifying and addressing security vulnerabilities, organizations can improve their overall security posture. This can help to reduce the likelihood and impact of security breaches and increase customer trust.
3. Reduced risk of data breaches: By identifying and mitigating security vulnerabilities, organizations can reduce the risk of data breaches. This can help to protect sensitive data, such as customer information, financial data, or intellectual property.
4. Cost savings: Security breaches can result in significant financial losses, including the cost of remediation, lost revenue, and damage to reputation. By identifying and mitigating security vulnerabilities, organizations can reduce the likelihood and impact of security breaches, resulting in cost savings.
5. Increased customer trust: By taking proactive measures to protect sensitive data, organizations can increase customer trust. This can lead to increased customer loyalty and revenue.

Example of Security Attack:

1. Phishing Attack
2. Bypass(Mainpulate the response)
3. ClickJacking Attack
4. SQL Injection

Overview of Hacking

1. Reconnaissance: This is the first phase of hacking where we collect all sorts of info.

• Active reconnaissance is looking for information about the target network system, server, or application to increase the chances of the hacker being detected in the system. It is very risky for the attacker.
• Passive reconnaissance is the stealthier way of gaining information about the target. This is focused on information gathering about the company’s key members, essential facts about the company, finding out its IP addresses, and looking for other types of critical information about the company.

2. Scanning: The second phase in an ethical hacker’s strategy is the scanning phase. This step involves using all the information obtained in the reconnaissance phase and applying it to look for vulnerabilities in the targeted area.

• There are different types of scans done by ethical hackers. They can scan for open ports or different services that are running unprotected in the organization.
• Ethical hackers can also perform vulnerability scans to find weaknesses in the company servers, which can be exploited.

3. Gaining Access: This is where the ethical hacker does the actual hacking. uses all the information obtained and analyzed from the previous two phases to launch a full-fledged attack on the system or network the ethical hacker is trying to infiltrate.

• Exploits all the exposed vulnerabilities and gains control of the system he has hacked.
• Now the hacker can steal all the data he has available on hand, corrupt the systems, add viruses or other malicious entities, or manipulate it to his/her benefit.

4. Maintaining Access: The ethical hacker has to maintain his access to the server until he fulfills his goal. Ethical hackers usually Trojans and other backdoors or rootkits accomplish this phase. They can also use this maintaining access phase to launch several other attacks to inflict more damage to the organization.

5. Clearing Tracks: This is the final step to complete the entire ethical hacking process. If this phase is completed successfully, the ethical hacker has managed to hack into a system or network.

• He/she could inflict as much damage as possible and has managed to leave the system without a trace.
• They need to cover their tracks throughout to avoid detection while entering and leaving the network or server.
• The security systems in place should not be able to identify the attacker.
• The sign of a successful simulated cyber attack is if the security system never realized that an attack took place altogether.

6. Reporting: This is the documentation part of ethical hacking, in this, we have to report the vulnerabilities found, their threats and risks, exploitation, etc.

• The report should be proper, understandable & reproducible.
• There should be a proper focus on the Impact and also submit proper Proof of Concept(PoCs).
• A PoC can be a screenshot or a Screen recorded Video.