How to Pass the Professional Scrum Master exam ( PSM 1)

I passed PSM 1 ( Professional Scrum Master ) and here I would like to give some trick to pass it.

 How to Pass the Professional Scrum Master exam ( PSM 1)

Professional Scrum Master Certification at a glance:

·       Organisation: scrum.org

·       No. of questions: 80

·       Duration: 60 minutes

·       Type of questions: multiple choice (with one or more correct answers) and true/false

·       Passing Score: 85% 

·       Price: $150 ( as of 2020)

·       Needs renewal: no

1. Read the scrum guide multiple times again and again till you fully absorb the knowledge.
2. Do an open assessment from Scrum https://www.scrum.org/open-assessments  PSP, PSM, and PSD until you score 100 %.
3. Do Mikhail Lapshin simulator test multiple time till you get 100%
4. Read the Nexus Guide which really helps to understand how multiple scrum teams work on a single product
5. Review the Scrum glossary for quick definitions of key terms
6. Take my Professional Scrum Master I (PSM I) Practice Assessment. These questions are different from the Scrum.org Open assessment and genuine which has been asked in the PSM 1 assessment previously.
7. Go through google and another forum to have an idea of common misunderstanding in scrum.
8. During the exam read the questions carefully and slowly so that you don’t misinterpret the meaning.
9. Save some time for revising the question/answer
10. Once you pass you will get the certificate

I hope this information is sufficient to pass. 

Also don't give the certification just to vaunt it in your CV.Try to have some learning also.

Feel free to comment on any other suggestion or to tell me that you managed to pass the exam.

Best of luck!!

Setting up a Mobile Test Lab

Setting up a mobile test lab can be herculean task.

We can have two approach to have this:

● On-premise device test lab like real Samsung,iphone devices

● Remote device test lab like Device Farm and Perfecto

Refer image of Sauce Labs devices available remotely

On-premise device test labs are generally difficult and time consuming to maintain. Having devices locally in parallel with emulators and simulators would best serve the early development and testing phases of the mobile app.

When reaching a more advanced stage of the app development, teams need to perform full regression test, functional tests, and non-functional tests.

 

These tests are best executed on a full device lab. This is where a remote device test lab is managed, continuously updated, and maintained in the cloud. Such remote device test labs complement an on-premise device test lab and ensure that sufficient combinations of device and operating system are available and up to date. 

By making use of commonly available remote device test labs, teams get access to a larger set of supported capabilities including richer test reports and advanced test automation capabilities.

Lastly, when executing at scale through a test automation framework or through a continuous integration job (CI), stability of the overall test lab is key for test efficiency and reliability. Such labs are typically designed to ensure that devices and operating systems are always available and stable.

Remote device test labs are not always necessary in the later development stages of the app. 

Well designed and maintained on-premise device test labs can be as good as or better than any remote device test lab.

Reference: https://www.istqb.org/

Test Approach for Sign-in with Apple

Overview

Apple is planning to mandate "Sign in with Apple" feature for which the deadline has been set as April 2020 for all the app's having other 3rd party login integration like Google and Linkedin.

Though it give's some relaxation to some App which if they wish, can ignore to comply.More details can be found here

Examples of Use Cases

• Allow users to create an account early in your app experience if your app has limited functionality without an account.
• Allow users to create an account after interacting with features of your app. For example, to save progress or set up a profile.
• Allow users to create an account after completing a purchase as a guest.
• Allow users with existing accounts to sign in or reauthenticate to any version of your app or website.

Technical details can be found here

Test Case:

1. Validate user logins with correct Email and Password.
2. Validate user should not log-in with incorrect username and password.
3. When there is not internet connection and user tap on sign-in with Apple "Message should be shown to connect with internet"
4. Two factor authentication should work fine for login (If any).
5. 5- Validate sign-in should work fine on both platform Android and iOS.
6. Fetch Apple's public key to verify the ID token signature and validate the response should be 200 OK.
7. Validate the authorization grant code with Apple to obtain tokens or validate an existing refresh token,if response is ok show 200 ok else error response 400 Bad request to be shown.
8. User should not be logged out even after 1 hour of inactivity if auto refresh token is enabled.
9. Sign in with apple should be on top than other sign-in option like FB
10. AutoFill Credential Provider Entitlement, with user permission, provide user names and passwords for AutoFill in Safari and other apps.
11. Test the functionality on different Devices and Screen Sizes.

Test Scope:

• Unit Testing: For Backend and Front End (Native/Reactnative)
• API Testing: Which will support integration of APPLE API
• System Testing:Complete integrations testing to validate customer need which should be as per requirement.

Setting Appium Doctor , Java Home and Android home for Running appium

Setting Appium Doctor , Java Home and Android home for Running appium 


One of the biggest challenge that comes in Automating Mobile using Appium is its installation.
In this post I will try to layout step by step process to have minimal heckle to install and run Appium

We need two Basic thing to install and Run Appium.

Appium Doctor : to see Environment configurations are good for Appium.As pet their git page

Appium Doctor "Attempts to diagnose and fix common Node, iOS and Android configuration issues before starting Appium."

Installing Appium Doctor using below command

• npm install appium-doctor -g

Then run below command to see respective OS configuration:

• appium-doctor --android 

• appium-doctor --iOS

 

Currently Since my system has all the right configuration everything is coming green.If you also have green tick it means configuration is good.

Setting Android Home Path and Java Home Path

- open .

~/.bash_profile

add below lines.

export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-13.0.1.jdk/Contents/Home
export PATH=$JAVA_HOME/bin:$PATH
export ANDROID_SDK_HOME=/Users/saif.siddiqui/Library/Android/sdk
export ANDROID_HOME=/Users/saif.siddiqui/Library/Android/sdk
export PATH=$PATH:$ANDROID_HOME/tools:$ANDROID_HOME/platform-tools
export ANDROID_HOME="/opt/intallation-location/android-sdk"

Keep in mind to change my system name with yours wherever applicable.

See below highlighted image for clarity

After making the changes , Run source ~/.bash_profile in CMD prompt.

Similarly Open - 

~/.profile

add below lines:

export ANDROID_HOME=/Users/saif.siddiqui/Library/Android/sdk;export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-13.0.1.jdk/Contents/Homeexport PATH=${JAVA_HOME}/bin:$PATH

Keep in mind to change my system name with yours wherever applicable.

See below highlighted image for clarity

After making the changes , Run source ~/.profile in CMD prompt.

Now Run :    appium-doctor --android 

If the configuration is good you will get all the green ticks.

Migration Testing Scenario for Android and iOS

Migration Testing Scenario for Android and iOS

Migration testing is one of the important testings particularly for mobile applications where a single mistake can take 3 days to 7 days to fix, deploy, and roll the app again on production. If you have a large user base and real-time application like Flight booking or Hotel Booking we need to be cautious while doing the migration testing.

Why we do Migration testing?

Migration is being done on the new OS, tech stack, or DataBase.
Particularly I will be discussing the migration of mobile apps which may include all or none of the above situations.

Use Case of migration:

1. To give users better performance, you don't want your million flight booking or hotel booking consumer to navigate to your competitor's site.
2. Moving to the new tech stack from the obsolete one. Why would you like to drag the legacy technology when new technology can bring you peace of mind and ROI.
3. Cost reduction of the maintenance of the application.Which may include the second point.

When the migration testing is done :

1. Do you remember the blackberry devices, they use to have their own OS. Slowly they were not able to compete with the Android OS so before they finally moved to the Android OS they were allowing the android developers to port their Android Apk on blackberry os with the help of the wrapper library they wrote. Since the .apk file was wrapped for Blackberry and it was migrated on BB OS we need to do migration testing for the new OS.
2. Currently, the Native apps are being replaced by React Native apps. This involves changes of tech stack apart from maintaining the DB of the user in the react native app which can affect different areas depending on the functionality of the app, the common one being login functionality.
3. Migration testing of the new app over old app having new features and bug fixes, example the previous functionality allowed your user to login with Email. Now they have SSO like Google login and Facebook login. We need to verify that after these new features are implemented they are working fine on the new app once they are installed over the old app.

Test Cases:

1. Install the new application and verify the migration.
2. Install the old app over the new app and verify the migration.
3. Install the new app and then the old app over it (Reverse migration for risk management).
4. Login in the old app and install the new app.If authentication token are grasped automatically all user data should be preserved else if the user is log in again on the new app they after login user should see all the data.
5. UI testing of the migrated app. Remember how Blackberry once allowed to port the Android app on their BB OS when they were not using android apps.I found many issues in my Indigo app at that time.
6. Install the new app over the old app and play with it in flight mode i.e. internet is not connected with the app.
7. Sometimes apple stores information like login in the key chain in the mobile. Now when the user login into the new app with his credential the key chain also passes some information which can lead to a crash. A perfect example is two authentications generated for the app in the same device for the same app.
8. Verify the migration of old app over the new app for different OS versions and devices available

Mobile Application Penetration Testing with MobSF

Subscribe to my youtube channel for more videos here:

What is MobSF?

As per their Github link :

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic, and malware analysis. It can be used for effective and fast security analysis of Android, iOS, and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless.

How to Configure MobSF

If you have a docker installed, up and running just use below command :


docker pull opensecurity/mobile-security-framework-mobsf 

docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest 

Running and doing static analysis of MobSF

- On running the above command MobSF will open in a browser on http://0.0.0.0:8000/ localhost.

- Drag and drop the APK/ipa file 

- MobSF will start doing the Static Analysis

Analyzing Report

Once the analysis of the file is complete you will get the result along with the potential issue that can be there in the app.

Dig out about them in detail and seek developers' help about how we can avoid these vulnerabilities.

Conclusion

Quite a user friendly and easy to use interface will surely be going to make you go-go.

It can be easily integrated with most of the CI/CD available in the market.

You can also download the PDF and share it with the concerned stakeholder. 

Running SonarQube locally with Docker: End to End

Running SonarQube with Docker in local Environment

docker pull sonarqube

$ docker run -d --name sonarqube -p 9000:9000 sonarqube

Once the installation is complete open sonarqube in Browser

http://localhost:9000

To see if the docker container is running in cmd  type 

docker container ls

ece799069a5f        sonarqube                                             "./bin/run.sh"           2 hours ago         Up 2 hours          0.0.0.0:9000->9000/tcp   reverent_goldwasser

By default you can login as admin with password admin, see authentication documentation. 

In the dashboard:

Create New Project

Enter Project Key>SetUp

Generate the token and Copy it

Select the Project Main Language,I have selected JavaScript

Download and unzip the Scanner for macOS

Configure the environment path for SonarQube in .bash profile by giving the path of the bin directory of SonarQube.It will be something like this:

Users/saif.siddiqui/Downloads/sonar-scanner-3/bin

To analyze a javascript project navigate to the project directory and run 

sonar-scanner \

  -Dsonar.projectKey=ProjectName

  -Dsonar.sources=. \

  -Dsonar.host.url=http://localhost:9000 \

  -Dsonar.login=Token\

 -Dsonar.exlusion=.node_module

OR

Running through configuration file 

Create sonar-project.properties file in the project directory to be scanned using command:

touch sonar-project.properties

Add this configuration to run js,jsx file:

sonar.projectKey= ProjectName \

sonar.sourceEncoding=UTF-8

sonar.javascript.file.suffixes=.js,.jsx

sonar.sources=detox/e2e

sonar.host.url=http://localhost:9000

sonar.login=generatedtoken

sonar.exclusions=.node_module

In the above code,sonar.javascript.file.suffixes=.js,.jsx will run only js,.jsx file other files will be ignored.

-sonar.sources will run the files in detox/e2e

-sonar.exclusions will exclude the node_module folder

Go to the project directory and run Sonar-Scanner 

Navigate to the Sonarqube Dashboard and Refresh,you will see the result something like this:

Emulator/Simulator or Real Devices,The Real Spartan ?

Emulator or Real Devices, which is better?

Why we should abstain ourself from using simulators/Emulators for Automation testing or Manual Testing altogether like:

- Testing on real devices is the best solution for uncovering bugs (regression included) and getting accurate results.

- Sometime things may seem to work on the simulator but may fail to work on Real Device,this can easily be deduced from the ongoing Native/RN task which quite often fails to work on OEM's.

-  Testing is being conducted in an environment that is not real and we are utilizing System hardware which cannot be compared to the Mobile Hardware.

- Simulators are not reliable since hardware features like GPS, camera, etc (though we only use  GPS) are either simulated or hardcoded in them and they are slow for automation purposes.

This Blog beautifully explains why we should `not use the simulator as the only source of the test environment`
https://mobilelabsinc.com/blog/simulators-vs-emulators

Unlock Secret folder in Jenkins in Mac - for initialAdminPassword

How to Unlock Secret folder in Jenkins in Mac - for initial admin password

1. Navigate to /Users/Shared/Jenkins/Home/secrets/
2. Right-click on the Secret folder to select "Get Info" option
3. In the bottom select the Lock Icon and enter your password
4. In the sharing and permission section choose read-only
5. Move back to the Secret folder and choose InitialAdminPassword. (Again no permission to view it)
6. Repeat step 2 to 5 to view InitialAdminPassword File.
7. Open the file to be viewed in Textedit
8. Copy the password and paste it on the webpage seeking a password.

1. 
   

Simple Appium Script to run on SauceLabs Server

Simple Appium Script to run on SauceLabs Server 

Create and account on Saucelabs and just replace the USERNAME and ACCESS_KEY with your credentials.

The process is clearly defined here:

https://wiki.saucelabs.com/display/DOCS/Best+Practice%3A+Use+Environment+Variables+for+Authentication+Credentials


package rough;

import org.openqa.selenium.remote.DesiredCapabilities;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

import io.appium.java_client.AppiumDriver;
import io.appium.java_client.android.AndroidDriver;

import java.net.MalformedURLException;
import java.net.URL;

public class SaucelabsSpike2 {

public static final String USERNAME = "xxxxxx";
public static final String ACCESS_KEY = "bfd66a9c-aa3f-445d-ab75-2416aa03c44a";
public static final String URL = "https://" + USERNAME + ":" + ACCESS_KEY + "@ondemand.saucelabs.com:443/wd/hub";
public static AppiumDriver driver;

@BeforeClass
public void config() {
System.out.println("URL" + URL);

DesiredCapabilities capabilities = DesiredCapabilities.android();
capabilities.setCapability("platformName", "Android");
capabilities.setCapability("deviceName", "Samsung Galaxy S4 Emulator");
capabilities.setCapability("platformVersion", "4.4");
capabilities.setCapability("app", "http://saucelabs.com/example_files/ContactManager.apk");
capabilities.setCapability("browserName", "");
capabilities.setCapability("deviceOrientation", "portrait");
capabilities.setCapability("appiumVersion", "1.5.3");

try {
driver = new AndroidDriver<>(new URL(URL), capabilities);
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}

@Test
public void sampleTest() {

driver.findElementById("com.example.android.contactmanager:id/showInvisible").click();

driver.findElementByAccessibilityId("Add Contact").click();
driver.findElementById("com.example.android.contactmanager:id/contactNameEditText").sendKeys("Test");
 driver.findElementByAccessibilityId("Save").click();
}

@AfterClass public void tearDown()
{
driver.quit();

}

}