In this post I will explain how I connected knowledge from two testing domains, security and UI automation, in order to achieve proper UI automation stack configuration.
In order to be able to use various browser/os combinations for ui automation, I am using SauceLabs, cloud based testing provider for web and mobile. SauceLabs is running Selenium Server instances to which you are connecting using RemoteWebDriver.
Here is how to do that in Ruby:
What bothered me is that UI test would open http connection and testing infrastructure would be vulnerable to man in the middle attack. By investigating the Selenium documentation, it is not possible to run Selenium Server with https.
What is next? SauceLabs has its own product, Sauce Connect.
"Sauce Connect is a secure tunneling app which allows you to execute tests securely when testing behind firewalls via a secure connection between Sauce Labs’ client cloud and your environment."
That means you are still using http towards Selenium sever, but over secure tunnel.
"Data transmitted by Sauce Connect is encrypted through industry-standard TLS, using the AES-256 cipher."
What is interesting is SauceLabs official statement:
"You should use Sauce Connect whenever you’re testing an app behind a firewall. Sauce Connect is not required to execute scripts on Sauce."
This should be paraphrased:
You should use Sauce Connect when your testing scripts are using sensitive corporate data.
Never put aside your testing domain knowledge, you should always combine them, especially when clients security is at stake.
Labels: security testing, testing tool