43 TestNg Interview Questions :Most Beginner’s Don’t Know

TestNg ReTry 1024x747 1 300x219 1

In this tutorial we are going to discuss the exhaustive sets of Critical TestNg interview questions and answers and distributed depending on the difficulty level, where you can better equip yourself quickly on TestNg

These Sets of Testng interview questions are distributed in the following modules or set :

TestNg Interview Questions – Advance

TestNg Interview Questions – Intermediate

TestNg Interview Questions – Basic

Testng Interview Questions and Answers || Set 1

How do you exclude a group from the test execution cycle?

You can use exclude tag to exclude a group of test case from executing in the below manner in Testng xml file 

<groups>

    <run>

        <exclude name = “excludeDummy”>

        </exclude>

    </run>

</groups>

What are the types of reports generated in TestNG by default?

TestNG generates 4 kinds of reports after the execution, which are :

  • TestNG HTML report
  • TestNG Email-able report
  • TestNG Report XML
  • TestNg Failed XML report

Mention the difference between the TestNG test suite and the TestNG test?

TestNG test suite is the collection of test classes and test methods that can be run simultaneously as well as parallelly from the TestNG XML file. 

On the other hand, the TestNG test method is a single test case file or test method.

What is the use of threadPoolSize attribute with the @Test annotation 

Through The threadPoolSize attribute we can define a thread pool with the specific mentioned size by the number for the testmethod to be executed via multiple available threads.

The attribute is being ignored if the invocationCount is not being mentioned.

@Test(threadPoolSize = 3)
public void testCaseOne(){
System.out.println("testCaseOne in process");
}

In the above test method,testCaseOne will be invoked from the three different threads.

What does alwaysRun attributes do?

This alwaysRun annotation attribute is used whenever you want to execute the test method irrespective of the dependent parameters on which the test method depends, fails. If you set to true then you need to set the attribute is true.

What are the different listeners that are available?

  • ITestListener
  • IReporter 
  • ISuiteListener
  • IAnnotationTransformer 
  • IAnnotationTransformer2
  • IHookable 
  • IInvokedMethodListener 
  • IMethodInterceptor 

What is default value for the TestNG Priority?

The TestNG priority has the default value is zero.

How to re-run TestNg Failed Tests using Auto Retry mechanism ?

TestNg provides one interface called as IRetryAnalyzer listener which you can implement the interface auto re-run your Failed Test scripts by mentioning the class in the testNg.XML file , Here is the below code for implementing the same :

TestNg ReTry 1024x747 1
Testng interview questions and answers- TestNg Retry Test Script

In the above area you can configure the number of re-try ,maximum counts and also you can mention in which all exceptions you want to re-run Test scripts.

public class Retry implements IRetryAnalyzer {
    int retryCounter = 0;
    
    // The maximum number of failed execution 
    int autoRetryLimit = 2;
    @Override
    public boolean retry(ITestResult iTestResult) {
        if (retryCounter &lt; autoRetryLimit) {
            retryCounter++;
            return true;
        }
        return false;
    }
}

Approach Two : How to re-run TestNg Failed Tests using Auto Retry mechanism

In the below approach you can build 2 classes ie one is Retry class where you can keep the logic of controlling the number of iteration in case of test failures which will implement the interface Testng IRetryAnalyzer.

Another class is basically which will implement the another interface listener IAnnotationTransformer and implement the method transform which internally interacts with the previous class (ie Retry class)

public class Retry implements IRetryAnalyzer {
    int retryCounter = 0;
    
    // The maximum number of failed execution 
    int autoRetryLimit = 2;
    @Override
    public boolean retry(ITestResult iTestResult) {
        if (retryCounter &lt; autoRetryLimit) {
            retryCounter++;
            return true;
        }
        return false;
    }
}

and finally add the CognitiveRetry class in the listener for testng.xml file .

<listeners>
    <listener class-name= "com.lambdageeks.cognitiveRetryUtils.CognitiveRetry"/>
</listeners>

How to achieve TestNG itestlistener implementation?

ITestListener is an interface in TestNg which has multiple methods(unimplemented since its an interface) which can be implemented by a class . Each method represents specific functionalities or scenarios , hence depending on your need you can implement those methods .

For an example onTestFailure is a method which you can implement where you want to perform any operations while any test method gets failed , lets say you want to capture the screenshot while in case of any test method failures , so you can write the takescreenshot method inside the onTestFailure , and as the ITestListener is an interface hence testNg will keep on listening on the events (test failures) and whenever there is test failures your screenshot will get captured .

Here is the implementation of capturing screenshot whenever you test script encounters a failures :

import org.apache.commons.io.FileUtils;
import org.openqa.selenium.OutputType;
import org.openqa.selenium.TakesScreenshot;
import org.openqa.selenium.WebDriver;
import org.testng.ITestContext;
import org.testng.ITestListener;
import org.testng.ITestResult;
import java.io.File;
import java.io.IOException;
import java.util.logging.Logger;
public class CustomListerners implements ITestListener {
    WebDriver driver=null;
    String filePath = "D:\\\\LambdaGeeks\\\\SCREENSHOTS";
    @Override
    public void onTestFailure(ITestResult result) {
        String testMethodName=String.valueOf(result.getName()).trim();
        ITestContext testContext = result.getTestContext();
        WebDriver driver = (WebDriver)testContext.getAttribute("driver");
        captureTheScreenShot(testMethodName, driver);
    }
    public void captureTheScreenShot(String methodName, WebDriver driver) {
        File scrFile = ((TakesScreenshot)driver).getScreenshotAs(OutputType.FILE);
        /*
        Each screenshots will get saved with along with the test Name to have better correlation
         */
        try {
            FileUtils.copyFile(scrFile, new File(filePath+methodName+".jpg"));
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
    public void onFinish(ITestContext context) {}
    public void onTestStart(ITestResult result) {   }
    public void onTestSuccess(ITestResult result) {   }
    public void onTestSkipped(ITestResult result) {   }
    public void onTestFailedButWithinSuccessPercentage(ITestResult result) {   }
    public void onStart(ITestContext context) {   }
}

And also you need to add this class in listener tag in testng.xml file like we had done in previous question.

How to Implement testng iAnnotationtransformer ?

TestNg provides an interface named as IAnnotationTransformer that provides a method called  “transform” which you can implement and would be triggered in runtime by TestNG , this implementation is used to modify the test annotation behavior of the test class and test methods

In the below segment we would see how we could do that

public class TestClassAnnotations {
    @Test(alwaysRun = true,dependsOnMethods = "testMethodB")
    public void testMethodA() {
        System.out.println("--- Customizing the runtime behavious with ITestAnnotation ---");
    }
    @Test
    public void testMethodB() {
        System.out.println("--- Second TestMethods ---");
        Assert.fail();
    }
}

By default if we run the above code then only one method will get executed which is testMethodA and another method testMethodB will fail because we are intentionally failing this by usinig the Assert.fail() method.

But if we change the Alwaysrun=true annotation to false by using the IAnnotationTransformer then this method will not get executed , below is the code snippet on how to implement the IAnnotationTransformer and use it in the testing.xml to change the behavious of the TestNG annotation

The implementation of the CustomAnnotationTransformers goes here :

public class CustomAnnotationTransformers implements IAnnotationTransformer {
    public boolean isTestRunning(ITestAnnotation iTestAnnotation) {
        if (iTestAnnotation.getAlwaysRun()) {
            return true;
        }
        return false;
    }
    public void transform(ITestAnnotation annotations, Class testClasses, Constructor testConstructors, Method testMethods) {
        if (isTestRunning(annotations)) {
            annotations.setEnabled(false);
        }
    }
}

Here is the listener we need to add in testing.xml file

<listeners>
    <listener class-name= "com.lambdageeks.CustomAnnotationTransformers"/>
</listeners>

How to implement testng iinvokedmethodlistener?

If you want to implement a feature where a some certain method will gets executed before and after each and every Test method of TestNg then that feature could be implemented by the testng IInvokedMethodListener listener.

 

Here is the code snippet to implement the features :

package com.lambdageeks;
import org.testng.IInvokedMethod;
import org.testng.IInvokedMethodListener;
import org.testng.ITestResult;
public class CustomAnnotationTransformers implements IInvokedMethodListener {
    public void beforeInvocation(IInvokedMethod method, ITestResult testResult) {
        System.out.println(" ::: Before Method from IInvokedMethodListener is Triggered for the Test Method named as :  " + method.getTestMethod().getMethodName() + " ::: ");
    }
    public void afterInvocation(IInvokedMethod method, ITestResult testResult) {
        System.out.println(" :::: After Method from IInvokedMethodListener is Triggered for the Test Method named as :  " + method.getTestMethod().getMethodName() + " ::: ");
    }
}

Here is the Test Class for testing the feature :

public class TestClassAnnotations {
    @Test(alwaysRun = true)
    public void testMethoddummy() {
        System.out.println("--- This is a test Method , testing the feature of IInvokedMethodListener Testng Listener  ---");
    }
}

You have to Mention the TestNG iinvokedmethodlistener in the listener tag in the testng.xml like always

<listeners>
    <listener class-name="com.lambdageeks.CustomAnnotationTransformers"/>
</listeners>

The output of the execution would look like this :

::: Before Method from IInvokedMethodListener is Triggered for the Test Method named as :  testMethoddummy :::

— This is a test Method , testing the feature of IInvokedMethodListener Testng Listener  —

 :::: After Method from IInvokedMethodListener is Triggered for the Test Method named as :  testMethoddummy :::

How to implement Data providers in TestNG?

We can implement the DataProvider using TestNg in the below approach :

public class DataProviderDemo {
    @DataProvider(name = "dpName")
    public Object[][] dataProvidersMethodName() {
        return new Object[][]{{"Lambda"}, {"Geeks"}};
    }
    @Test(dataProvider = "dpName")
    public void dataproviderDummyTestMethod(String dataValues) {
        System.out.println("The Data Params with data provider examples : : " + dataValues);
    }
}

If we don’t set the priority of the test method in which order the tests are executed in TestNG?

The tests are executed in the order of Alphabatical order of the TestmethodName..

 

Such as in the below code snippet :

public class SequenceTest {
    @Test()
    public void geeks() {
        System.out.println("Sequence Test , Method ran :geeks ");
    }
    @Test()
    public void lambda() {
        System.out.println("Sequence Test , Method ran : lambda ");
    }
    @Test()
    public void abc() {
        System.out.println("Sequence Test , Method ran :abc");
    }
}

The output would look like this :

Sequence Test , Method ran :abc

Sequence Test , Method ran :geeks

Sequence Test , Method ran : lambda

 

How to run your Test scripts in parallel ?

You can run your Test scripts using TestNg XML file by mentioning the parallel=”methods” thread-count=”2″, here 2 parallel cases will get executed , if you want to executed more threads in parallel.

<suite name="DummyTest" parallel="methods" thread-count="2" >

<listeners>
<listener class-name="org.uncommons.reportng.HTMLReporter" />
<listener class-name="org.uncommons.reportng.JUnitXMLReporter" />
</listeners>
</suite>  

How to integrate TestNg with GRADLE build Tool?

You can run Testng Suite in gradle in different ways:

How to run TestNg Groups using Gradle : You can create a Task in build.gradle file can mention the useTestNG() and mention the below details while running the Test Groups.

TestNg Gradle
TestNg Interview Questions and Answers-TestNg with Gradle

How to run Testng Default listener with Gradle to generate report using TestNg library

TestNg Default listeners
TestNg Interview Questions and Answers- Testng With Gradle Default Listeners

If you want to use the custom listener then you can mention that same in the following approach :

Testng Gradle Custom listener 1024x497 1
TestNg Interview Questions and Answers-TestNG Custom Listeners with Gradle

How to run Testng Runner xml file using command prompt ?

You can use TestNg Downloaded location and mention org.testng.TestNg.testNgRunner.xml to run the runner xml file from the command prompt.

java -cp "/opt/testng-7.1.jar:bin" org.testng.TestNG testngRunner.xml

How to Integrate TestNg XML with Maven ?

You can integrate TestNg with Maven with the use of Plugin called maven-surefire-plugin where you can configure to run the testNgrunner.xml file using the configurations :

TestNG Maven Integration 1024x667 1
TestNg Interview Questions and Answers-TestNg-Maven-Surefire Integration

How can you specify the TestNg Test parameter using TestNg and Maven ?

You can specify the Test parameter using Maven SureFire Plugin with TestNg.XML file in the below fashion

TestNg Maven TestParameter 1024x543 1
TestNg Interview Questions and Answers-Test Parameter

Testng Interview Questions and Answers || Set 2

What is meant by invocationCount in TestNG?

invocationCount is a test annotation attribute by which you can define the number of iteration the test method will be executed in a single execution. 

 The above test will execute two times as invocationCount is mentioned as 2.

@Test(invocationCount = 2)
public void testOfInvCount() {
   System.out.println("Invocation count test in progress");
}

What are listeners in TestNG?

in TestNg the listeners are basically interface in Java which you need to implement in your class. The implemented class will keep on listening to certain events and executes the specific block of code associated with that event.Here when you implement the interface you ultimately implement the unimplemented methods and those block of code or the methods will get executed as and when specific event gets triggered. 

With the help of TestNG listeners, we can perform a lot of run time actions by listening to a different event triggered by the test script execution and their status, or we can do reporting. Also, we can change the implementation of TestNg annotation.

Mention the differences between @Factory and @Dataprovider annotations in TestNg?

@Dataprovider: When you want to execute the same test, but with different diverse sets of data in every run, you can use the dataprovider annotation, and this you can achieve the datadriven testing approach. Here the test method execution happens using the same class instance to which the test method belongs.

@Factory: This will be executed all the test methods present inside a test class using separate and multiple instances of the class.

How to use TestNG Reporter Class for the log generation?

You can log the details and data using the Reporter class, and these logs will be captured by the report generated by TestNG

Reporter.log(” Logging message “);

How to do exception handling in TestNG?

You can mention the type of expected exception in an attribute called expectedExceptions with the @test annotation; in this case, then TestNg would mark the test as passed.

@Test(expectedExceptions = numberFormatException.class)

How to achieve dependency injection via TestNg XML ?

TestNG allows us to inject dependencies between different groups of tests via the TestNG XML file. Through which we can have the dependence of one group onto another.

What are the various assertion approaches for TestNG ?

We can use two types of assertions with TestNg. 

Soft Asserts

Hard Asserts 

Mention some of the commonly used assertions with TestNG 

Some of the widely used assertion methods in TestNG :

  • assertEquals(boolean actual,boolean expected)
  • assertEqual(String actual,String expected)
  • assertEqual(String actual Result,String expected Result , String message)
  • assertTrue(condition)
  • assertFalse(condition)
  • assertFalse(condition, message)
  • assertTrue(condition, message)

What do you understand by the asserts in TestNG?

An assertion is performed to validate the actual test results with respect to the expected test results. In TestNg, we can use hard assert of soft assert. 

Difference between Hard assert and soft assert in TestNg

While working with the Hard assert, If in case we get any failure in the assertion condition then the subsequent test steps will not be executed and would be aborted, and eventually the test will be marked as a failed test case. 

While on the other hand the Soft Assert takes into considering of validating all the assertion points even if there are any failures in any of the assertions . That means the test execution does not get aborted even if one assertion fails.

How to write soft assertion in TestNg 

The below piece of code gives the approach of writing the soft assertion in TestNG

@Test
   public void assertion() {
   SoftAssert softAssertion = new SoftAssert();
   //Assertion 1 
   softAssertion.assertEquals("exp", "act");
   //Assertion 2 
   softAssertion.assertEquals(123, 123);
   //Assertion 3 
   softAssertion.assertEquals("actual Value", "expected value");
   // At the end considering all the assertion values
   softAssertion.assertAll();
}

How to use regular expression in TestNG groups?

A regular expression can be used in TestNG to execute the groups which have a similar pattern in their naming. 

For example, if you want to run all the groups starting with “testX” as per the name is concerned, then you can use the regular expression as testX.* in the TestNG XML file.

Testng Interview Questions and Answers || Set 3

What is TestNG?

TestNg basically represents “Testing Next Generation” is a unit testing framework that controls the flow and order of test automation and automation scripts by providing various annotations with their functionalities.

What are the advantages of TestNg?

  •             Through Testng’s various annotations, you can control the flow and order of automation and Test execution in a better approach.
  •             Test Classes or Test script Methods parallel execution can be achieved with TestNg.
  •            TestNg can be easily integrated with different build tools such as Maven, Gradle. Also, it can be integrated with CICD tools such as Jenkins.
  •            TestNG provide details HTML reporting feature and easily integrated with other Test reporting platform such as Allure, Extent Report with features of TestNG Listeners.
  •           All the tests can be triggered by the testng.xml file where you can mention the Test class/Test/Test Package name to be run.
  •           Data driven Testing can be done with the TestNg DataProvider annotation. Also, parameterization Tests can be done through Testng.xml as well, such as while performing cross browser testing, you can parameterize the different browsers for different tests. This feature helps to build the Data Driven Framework with TestNG.
  •          TestNg Provides a way to include/exclude a set of a test from tesngNg.xml with include and exclude attribute.
  •          With TestNg, you can group your tests and dependency injection in between the tests.
  •          TestNg provides many listeners with those you can achieve a lot of things like you can do custom reporting(IReporter), integration with different tools(ITestListener), Change the behavior of TestNG Test annotation in runtime with IAnnotationTransformer and many more.
  •         You can skip the specific test, prioritize your test order, create a time-bound test with TestNg Test annotations.
  •         You can use Hard Assertion as well as Soft Assertion with TestNg for writing Assert statement.
  •         TestNg generates TestNG-failed.xml after each Test execution, so you can you the same generated TestNG-failed.xml to rerun your failed test scripts.
  •        TestNg provides various Test annotation such as @BeforeMethod, @AfterMethod, @BeforeTest, @AfterTest.@BeforeSuite,@AfterSuite.
  •        You can run the expected exception Test with TestNg.
  •        You can rerun the failed test with IretryAnalyzer of Testng 

How do you trigger and execute the TestNg test Script?

You can run TestNg Test script in several ways : 

  •       Right Click on Test Class and “run as” and select the option of “TestNg Test.”
  •       Create testng.xml and right on the file and run the xml file.
  •       If you integrate testNg.xml with the build tool such as Maven/Gradle, then you can run from maven or Gradle as well.
  •       If the build tool such as Maven/Gradle is integrated with CICD, then you can run from CICD, i.e., from Jenkins.

State the Testng annotations that are available ?

Majorly used Testng Test annotations are :

  • @BeforeSuite
  • @AfterSuite
  • @BeforeTest
  • @AfterTest
  • @BeforeClass
  • @AfterClass
  • @BeforeMethod
  • @AfterMethod
  • @BeforeGroups
  • @AfterGroups
  • @Test

Mention the TestNg annotations execution sequence?

From the Test execution standpoint here is the below sequence for all the available TestNg annotations :

Precondition Annotations :

  • @BeforeSuite
  • @BeforeTest
  • @BeforeClass
  • @BeforeMethod
  • Test Annotations :
  • @Test
  • PostCondition Annotations: 
  • @AfterSuite
  • @AfterTest
  • @AfterClass
  • @AfterMethod

How to disable test execution for a test script?

You can use enabled attribute is equals to false in the @Test annotation attribute like mentioned below :

@Test(enabled = false)
public void logout(){
   System.out.println("Sample Test");
}

How can you specify listeners in TestNG xml?

You can use Tesng xml file for mentioning the listeners to be used as part the test script executions, in the below approach:

<suite>

<listeners>

        <listener class-name=”org.uncommons.reportng.HTMLReporter” />

        <listener class-name=”org.uncommons.reportng.JUnitXMLReporter” />

</listeners>

What is the Timeout Test in TestNg?

In this case, the “timeout test” means, if in case the test script takes longer than the specified time period to execute, then testng will abort the test and will mark as a failed test.

@Test(timeOut = 6000) // this time in mulliseconds
public void testShouldPass() throws InterruptedException {
   Thread.sleep(2000);
}

How to achieve the Expected Exception Test with TestNG?

If a Test method throws an exception, which is the same as specified as part of the test annotation expectedExceptions attribute, then TestNg would mark the test as passed.

@Test(expectedExceptions = ArithmeticException.class)
public void TestDivision() {
   int i = 1 / 0;
}

 The above Test method will be passed as it throws the exception expected by TestNG.

What is the difference between @BeforeTest and @BeforeMethod annotation?

@BeforeTest is executed once before each of the testng <test> tag mentioned in the testng.xml file 

@BeforeMethod is executed before each and every test script method.

What is the advantage of using the testng.xml file?

With the testng.xml file, you can control the flow of execution with single test suite or multiple test suite in a single testng xml file. Some of the important features are :

  • testng.xml file allows us to exclude and include test methods and test group execution.
  • You can pass test data/parameters through testng.xml.
  • You can add dependency between test methods and also a group of test methods
  • You can prioritize the test cases.
  • Parallel test execution of test cases is achieved.
  • You can implement different testng listeners and use them by mentioning those in the testng.xml.
  • If you run your suite with testng.xml, then you will only fail the test for the next iteration by using TestNG-failed.xml is generated after every execution.
  • You can run specific groups of tests using <groups>tag of TestNG xml.

How many types of dependencies can you achieve by using TestNG?

There are two types of dependencies we can achieve with TestNG : 

A. DependsOnMethods : 

By using this dependsOnMethods attribute, you are defining which test method will be dependent on other test methods, So if the depending method is failed or not run, then the dependent test method also will not run.

@Test
public void loginUserProfile() {
   System.out.println("Login user ");
}
@Test(dependsOnMethods = "loginUserProfile")
public void logOutPage_user() {
   System.out.println("Logout page for User");
}

 Here is logOutPage_user test method that will run after the successful execution of the loginUserProfile test.

B. dependsOnGroups : 

In this type of test dependency, It allows us to put the dependency injection for the test methods with a group of test methods.

The flow of execution happens in such a way ie the testGroup first gets triggered and executed and then the dependent test method gets triggered, and once after successful completion of the group test, the dependent test method will get executed.

@Test(groups="AtestGroupName")
public void testcaseOne()
{
   System.out.println("testcaseOne in process");
}
@Test(groups="AtestGroupName")
public void testcaseTwo()
{
   System.out.println("testcaseTwo in process");
}
@Test(dependsOnGroups="AtestGroupName")
public void testcaseThree()
{
   System.out.println("testcaseThree in process");
}

Conclusion : With this we conclude the list of all critical and important TestNg interview questions and answers , to get better grip on TestNg you can go through the exhaustive documentation on TestNg.

To learn more about the exhaustive Selenium tutorial you can visit here.

101 Tosca Interview Questions (Exhaustive QnA for 2023-24)

tosca interview question

In this post of Tosca interview questions we are going to discuss all the essential and critical tosca interview questions and answers which is segregated in different difficulty levels such as below :

Tosca Interview Questions for Entry level

Q1) Discuss about Tricentis Tosca.

Ans. Tosca is now one of the market leader as a test automation tool which has the ability to automate all kind of applications. It allows to design script-less automated tests.

important features of Tosca:

  1. Fast execution and capable of Continuous testing approach to support DevOps
  2. Supports module based test development which maximize the usage of reusability.
  3. Required minimum maintenance efforts.
  4. Ability to integrate with major third party tools.
  5. Test development is easy as it follows script less test automation.

Q2) Tell me the major components of Tosca?

Ans. The important components which are available in Tosca are –

  1. Tosca Commander.
  2. Tosca Executor.
  3. Tosca ARA (Automation Recording Assistant)
  4. Tosca Wizard
  5. Test Repository.

Q3) Explain the advantages of Tosca as a test automation tool?

Ans. The benefits provided by Tosca automation tool mentioned below:

  1. One tool combines many features.
  2. Supports script-less test automation.
  3. Test management.
  4. Bulk updates are possible.
  5. Assets can be reused.
  6. Compatible with different platforms.
  7. It follows model-based testing approach.

Q4) Define TOSCA Commander?

Ans. The Tosca commander is the UI interface of the tool which allow users to design, maintain, execute and analyze the test cases. So, it is the core backbone of the Tosca Test suite. The Tosca commander build with different sections such as Requirement, Modules, Test Case, Test script Design, Execution, and Reporting, etc.

Tosca Interview Questions and Answers
(Tosca Commander) Tosca Interview Questions and Answers

Q5) How to execute test scripts from Tosca ExecutionLists?

Ans. The different approaches of Tosca test executions are mentioned below –

  1. Using the shortcut key F6, the execution can be initiated.
  2. Right-click on the selected test cases and select the “Run” option.
  3. Select and run the ExecutionLists.

Q6) What are the different components available in TOSCA?

 Ans: There are four different components available in Tosca

  1. Tosca Commander
  2. Tosca Executor
  3. Tosca Wizard
  4. Test Repository

Q7) How to execute test scripts from Tosca ScratchBook?

Ans. We can perform trial run of the newly created or enhanced test cases through the ScratchBook to check the correctness. The Tosca logs the execution results in ScratchBook for temporary purposes. The entire or part of test cases(i.e. test steps) can be executed through ScratchBook.

Two options are available to execute the testcases from scratch books which are explained below –

  1. Can be executed at any time.
  2. We can organize the test cases in scratchbook before execution.

Q8) Is it possible to integrate Tosca with Jira?

Ans: JIRA is a test management tool. By integrating with JIRA, we can manages the bug or issues which are raised in Tosca. So, if there is any new issues are raised in TOSCA, same will be synched to JIRA through the interface.

Q9) Explain the benefits of Tosca integration with Jira?

Ans. The benefits of Tosca Jira integration are mentioned below –

  1. Synchronizes failed tests from Tosca.
  2. The bug can be raised in JIRA automatically after the execution failure in Tosca.
  3. Enables the DevOps process.
  4. The cross-tool traceability can be achieved.

Q10) What are the different types of errors which can occurs in Tosca?

Ans. Three types or errors can appear during Tosca execution.

  1. Verification-Failure: It appears when expected and actual results are not matched for the verification step.
  2. User Abort: It appears when the execution has been stopped by the tester.
  3. Dialog-Failure: It appears due to some unhandled exceptions or steps.

Q11) Explain Tosca Testsuite?

Ans. Tosca is now one of the market leader as a test automation tool which has the ability to automate all kind of applications. It allows to design script-less automated tests.

important features of Tosca:

  1. Fast execution and capable of Continuous testing approach to support DevOps
  2. Supports module based test development which maximize the usage of reusability.
  3. Required minimum maintenance efforts.
  4. Ability to integrate with major third party tools.
  5. Test development is easy as it follows script less test automation.

Q12) How can you read data from Excel using Tosca?

Ans. The excel data can be read with the help of either of the below approaches –

  1. In Test Case Design approach of TOSCA, data can be read from the external excel file with predefined format.
  2. The “Excel Engine” allows to import and read from excel file.

Q13) Is it possible to launch multiple browsers in TOSCA?

 Ans: It is not possible to launch multiple browsers in Tosca. But it can be achieved by following below steps –

 The Test Case Parameter(TCP) with the name “Browser” need to add testcase, root folder, or execution list level.

 Using the “Browser” values as InternetExplorer, Firefox, or Chrome, the corresponding web browsers will be launched.

Q14) How to perform data-driven testing in Tosca?

Ans: The data driven test automation is possible with the help of TCD (Test Case Design). The test sheet of TCD represents the the template where we can create the instances which are representing the test data for individual test cases. Again, we can create the attributes with in test sheet that represent the each data parameters and the data values can be created with in attribute as instances with in it.

For data reusability, we can define classes. After creation of TCD, the test sheets with different data sets can be mapped with template test case from where we can generate different test cases based on the different data. The test case creation process is known as instantiation of the template test cases.

Tosca Interview Questions and Answers
Tosca Interview Question and Answer-TestSuite

Q15) How to launch more than one browser in Tricentis TOSCA?

 Ans: Launching multiple browsers is not possible in TOSCA. But the user can achieve cross-browser execution. 

To perform cross-browser execution, users need to follow the below steps: 

  1. A Test Configuration Parameter “Browser” should be designed either at TestCase or its Parent Levels.
  2. Users can choose the value as InternetExplorer, Firefox, Chrome.
  3. The individual browsers will trigger executions. 

Q16) What are the different status available after post-execution in Tosca?

Ans: By default, Tosca provides four different states after test execution. Those are –

  1. Passed
  2. Failed
  3. No result
  4.  Error

Q17) Explain the limitations of TOSCA ScratchBook?

Ans: The temporary execution logs are stored in ScratchBook. During the test development, we used this option for temporary execution to check the script correctness.

If the action within a test step is executed repeatedly, the details will not be available. Also, the execution logs are not available permanently.

Q18) Explain the benefits of linking Tosca test cases with requirements?

Ans. The main purpose is the ensure the coverage of the testing based on the requirements. It will provides a high level picture of requirement coverage for test analysis.

Q19) Explain the template and process to create it?

Ans: The templates in Tosca defines a unique test flow with the help of modules. Instead of actual data, the data parameters from the TCD are linked with. Generally, the template is nothing but something in a conventional format. The Technical test case can be converted to the template by right-clicking on it. The template uses the data from TCD datasheet.

Q20) Explain the advantages of specifications which is associated with Tosca test cases?

Ans: The specifications can be linked to test cases to track the requirement coverages. It will provides a high level picture of requirement coverage for test analysis.

Q21) Explain Test Data Management.

Ans. Test data management enables you to deal with the test data necessary for test execution. The data driven test automation is possible with the help of TCD (Test Case Design). The test sheet of TCD represents the the template where we can create the instances which are representing the test data for individual test cases. Again, we can create the attributes with in test sheet that represent the each data parameters and the data values can be created with in attribute as instances with in it.

For data reusability, we can define classes. After creation of TCD, the test sheets with different data sets can be mapped with template test case from where we can generate different test cases based on the different data. The test case creation process is known as instantiation of the template test cases.

Q22) What is String Operations in Tosca?

Ans. String operations are utilized for verifying or changing the strings with regular expressions. It features count specific character/word from the announcement, aligning a word with another word, confirming the structure of a number, etc. You ought to have a module AidPack downloaded and downloaded on your endeavor to execute String operations.

Q23) Why SratchBook is required in Tricentis TOSCA?

 Ans: We can perform trial run of the newly created or enhanced test cases through the ScratchBook to check the correctness. The Tosca logs the execution results in ScratchBook for temporary purposes. The entire or part of test cases(i.e. test steps) can be executed through ScratchBook.

Q24) What is exploratory testing Tosca?

Ans. Exploratory is an approach to record the test scenario will navigating the scenario manually. It records the screen shots with technical information and generates a pdf file at the end. This document can be used for future references and training purposes.

Tosca Interview Questions for Intermediate level

25) Describe the organizational units of the testing procedures in Tricentis Tosca?

Ans: The automated testing in TOSCA contains below organizational units.

  1. Planning.
  2. Specification.
  3. Execution.
  4. Logging.
  5. Analysis.

Q26) Describe the purpose of “Tosca Query Language”(TQL)?

Ans: The TQL is the shorter form of Tosca Query Language which is used for advance searching purposes in Tosca. Conceptually, this is similar to SQL that means we can searched based on the conditions.

Q27) Is it possible to compare pdf using Tricentis Tosca?

Ans. Tosca allows users with a standard module to perform a comparison of pdf files. After the comparison of two pdf files, the mismatches will be available in execution logs.

Q28) What is Tosca CI? How does the user execute test scripts using CI Tool?

Ans: CI stands for continuous integration. TOSCA is able to execute the testcases through CI tools like Jenkins, Bamboo, etc. as part of continuous testing. With the CI features, we can integrate with CI tools easily. After the integration, test can be triggered through third party CI tools.

Tosca Interview Questions and Answers
Tosca Interview Questions-Tosca integration with CI tool

Q29) What are the loop-statements used in Tosca?

Ans. While we need to execute test steps repeatedly, the Tosca loop is used. Tosca provides different loop structure such as Do, For, While loops, etc.

Q30) What do you mean by Tosca WebAccess?

Ans: The Tosca WebAccess is a web interface which allows to access the workspace through the web browsers. The installation of Tricentis Tosca Commander is not required to work with workspaces through the WebAccess.

The workspace server system stores the data of workspaces and using the client browsers, we can access it.

Q31) Explain the usage of Tosca API Scan?

Ans. The API scan feature of Tosca allows to create the modules after scanning the API for a specific system. Basically, it enables to automate and design the API Test Cases.

Q32) What is Tosca QC / ALM Integration?

Ans: The HP Quality Center (name of the latest release is ALM) is a test management tool which manages the test development, execution and defect cycles. Tricentis Tosca allows to integrate with Quality Center with minimum customization. The main purposes of the integration are to manage the test executions and the defect managements. The execution data and the defect details will be synched between both the tool through the integration.

Q33) Explain the Tosca test configuration parameters.

Ans. The test configuration parameters (TCPs) can be used for parametrized the test data for configuration related activities i.e. ideally it should be used for those parameters which will be applicable across the entire test suites. Tosca provides some in-build TCPs which are used to change the default configuration of the Tricentis Tosca. The user defined TCPs can be created for the below specified objects –

  1. Project root element
  2. ExecutionList
  3. Test Case
  4. ExecutionEntry
  5. ScratchBook
  6. Component folder
  7. Configurations folder
  8. Any Subfolders available in TestCase, TestCase-Design or Execution Sections.

Q34) How to integrate Tosca Connect with HP ALM? 

Ans.

  1. Install Rest API.  
  2. Install Tasktop in the test system with the License.
  3. Do test script synchronization with Test Plan Module in HP ALM from TOSCA. 
  4. Synchronize the execution list with the test lab module in HP ALM from TOSCA. 
  5. Sync the latest execution logs, available in Tosca ExecutionList with testset which is available in ALM Testlab.

Q35) What are the modes of TC Shell.

Ans: The TOSCA commander administrator uses TC shell, and there are two different methods of starting TC Shell.

  1. Interactive mode: The interactive mode favor by new and intermediate users, assists the user with help and options. The complete Tosca commander GUI functionalities can be access through the interactive mode.
  2. The script mode: This is the lite version of Tosca GUI can be visible which involves minimum interaction. It’s used for execution of scripts in automated mode.

Q36) What is Synchronization in Tricentis Tosca? 

Ans. Synchronization is a process that matches the application momentum with automation tool momentum. The ActionMode “WaitOn” is used to handle the synchronization in a dynamic approach. Until the satisfaction of the condition, provided as TestStepValue for “WaitOn”, the Tosca test will wait for a pre-configured timeout value. The synchronization setting can be altered from the settings – “Go to settings->TBox->synchronization”.

Q37) How to check the existence of a file in Tosca?

Ans. With the help of standard module “TBox File Existence,” we can verify the existence of any specified file. This module has below attributes –

1. Directory – The location of the test file.

2. File -Name of the test file.

Q38) How many types of logs available in Tosca?

Ans: Two types of logs are available in Tosca after the test execution. Those are –

  1. ActualLog: It keeps the latest execution results and the execution history.
  2. ExecutionLog: By selecting the option “Archive actual ExecutionLog”, this type of logs are generated. 

Q39) What is BDD in TOSCA?

Ans: BDD is stand for Behavior Driven Development which follows agile methodology grounded software development process. The process is works as per the Test Driven Development.

BDD does not generate workable test cases but workable documentation. Here, the actions and behavior are explained as texts. This permits them to be tested as workable documentation. Requirements are depicted as user stories.

Q40) What is the purpose of ActionMode Constraint?

Ans. The ActionMode value “Constraint” is used to search for the specified values. For example – we can search a specific column value in a table with the help of “Constraint” easily.

Q41) What are the Default object components in TOSCA?

Ans. During the Tosca workspace creation window, the default objects are either auto incorporated or need to added manually using import subset option.

The default components are kept in standard.tce file which is available in the folder “%TRICENTIS_PROJECT%ToscaCommander”.

The default components which are associated with the file are –

  1. Standard modules – All kind of default modules available which can be used to steer different applications, include TBox XEngines and TBox Automation Tools.
  2. Virtual folders.
  3. Standard Reports.

Q42) What is Damage class?

Ans: This class is used to calculate the damage values for any specific events. This is calculated based on damages in terms of cost. The range of this values are between 0 to 10 (min to max).

Q43) What is Frequency class?

Ans: This class is used to calculate the damage values for any specific events. This is calculated based on damage quantity in terms of frequency. The range of this values are between 0 to 10 (min to max).

Q44) Discuss the manual test case template creation steps in Tosca?

Ans. Users can design the TestCase templates using the anticipated sections of Samples.tce subset and Tosca BI Modules. We need to follow below steps to create TestCase template –

1. Create a TestCase according to the user’s requirements. 

2. We can convert technical test case into template by selecting context menu option “Convert to Template” after right-clicking on test case.

3. Drag and drop the appropriate TestSheet onto the desired TestCase Template.

4. Assign the TestSheet attributes(data parameter) for the required TestStepValues using XL tag.

Tosca Interview Questions for Advanced level

Q45) Explain the merits of Tricentis Tosca?

 Ans: The main advantages of Tosca as a test automation tool, are specified below –

  1. Allows script-less test automation approach.
  2. Easy to learn the tool with very minimum skillset.
  3. Test automation can be initiated at the very early phase of testing.
  4. Supports the model-based test automation framework. So, it’s not required to spent efforts on test framework creation.
  5. High scale of reusability approach can be utilized with the help of components like Modules, Reusable TestStepBlock, TCD, etc.
  6. The tool itself supports the test management and functional testing activities.
  7. ALM integration is possible.
  8. Can trigger the selenium testcases from Tosca.
  9. Mass update is possible with the help of TQL.

Q46) Is API Testing possible with Tosca?

Ans: Yes, Tosca supports the API Testing. The API Scan is used to scan create the modules for the corresponding APIs. Using the API modules we can send the request and receive the response for the API call.

Q47) How to use multiple web browsers within the same test case using Tosca?

Ans. Users want to automate a test script pass over different applications that execute on other browsers. Using buffers, changing the Test Configuration Parameters at execution time by the below methods.

1. Alternating the value of test ordering Parameter to {B[Browser]} or any other Buffer Name user prefers. 

2. During the execution, we can change the buffer value using “TBOX Set Buffer” module to change the value of “Browser” test configuration parameter according to the browser name to launch.

Q48) What is TOSCA Classic Engine?

Ans: The Classic or Base engine is responsible to the test execution. Base engine follows the architecture of the test cases which are managed as business-based objects. The business-based object information and activities to steer the controls, which are related to test scripts, are accepted by the Classic engine.

Q49) What are the steps required in Object Steering in Tosca?

Ans: There are two steps involved in Object Steering:

  1. Object access.
  2. Object steering.

Q50) Discuss Tosca Model-Based Testing?

Ans. The models represent the unit of functionalities which are created by scanning the application. The modules contain the technical information of the controls to steer the test objects. Now, model-based testing explain the approach where test cases are developed and executed based on the modules. Basically, modules are added into test case as a test step through drag-drop approach to complete the test cases. In the testcase, we need to provide the data as TestStepValue and actions. No scripting is required to develop the test case.

Q51) What do you mean by Distributed Execution in TOSCA?

Ans: When any user or Test wants to execute a large set of test scripts in multiple machines, the tester must create TestEvents in Tosca commander.

Q52) Describe Test Data Management (tdm)?

Ans: The Test data Management(TDM) components are used to managing the test data which are required for test execution. The TDM component is available with the standard Tosca installation. The data are stored same as shared database repository which is used to create the workspace, through the TDM which will be assigned to test cases during the execution. In case of SQLite, the separate instance of database is required for TDM.

Q54) How to run Tests using ScratchBook?

Ans: We can perform trial run of the newly created or enhanced test cases through the ScratchBook to ensure the correctness. The Tosca logs the execution results in ScratchBook for temporary purposes. The entire or part of test cases(i.e. test steps) can be executed in ScratchBook.

After right-clicking on one or more selected test cases, test case folders or test steps, we can initiate the execution by selection of option from context-menu.

Q55) What is the use of TestMandates?

Ans: There are many scenarios like banking, insurance, etc. domain projects; we required a batch to be run at a specific time. This requirement can be fulfilled using TestMandates. The test mandate allows to execute different parts of execution list parallelly with out locking the main execution list.

Q56) Discuss the steps to instantiate TestCases using Excel?

Ans. The process instantiating means to generate the instance test cases from the template based on the different data which are defined in “TestCase Design” section or in excel template.

Below are the steps to instantiate TestCases with excel:

1. The template test case is required to create instance test cases.

2. The the data sheet attributes which are defined in TCD or external excel template, i.e. the data parameters have to be linked with template attribute with the correct syntax.

3. Right-click on the template testcase and select the context menu option “Create TemplateInstance” to start the process.

4. The excel sheet with predefined structure, has to be displayed in the subsequent dialog. 

5. Handle the authentication dialogue and proceed.

6. Next, click on OK button to start the process.

Q57) Describe Instantiating Template?

Ans: he process instantiating means to generate the instance test cases from the template based on the different data which are defined in “TestCase Design” section. This approach in Tosca, is also known as data-driven testing.

Q58) What do you mean by business parameters in Tosca?

Ans. The business parameters are use to pass the data into a Reusable TestStepBlock as arguments. The primary purpose of the business parameters is to parameterized the use of test data in Reusable TestStepBlock instead of using hard coded data. It can be created after right-clicking on the selected Reusable TestStepBlock which is created in Library folder.

Q59) Explain about TC-Shell?

Ans. TC-Shell allows to control the Tosca commander from the command line. It can be launched in two unique manners using interactive and script.

  1. A group of commands which are written in a flat file (such as bat file), can mange some operation such as execution of tests from execution with out opening the Tosca Commander. This approach is used to automate the triggering of test execution process.
  2. Users may use the comprehensive selection of purposes of the GUI version from the Tosca commander.

Q60) Explain the steps that create test cases through ARA?

Ans: The process steps are –

  • Record any scenario using ARA Wizard.
  • Add verification points during recording and perform clean up on the recorded scenario.
  • Export the recording.
  • Import recording in Tosca.
  • Execute test cases which are auto-created during recording.

Q61) Specify the different approaches for object identification in Tosca?

Ans: The different approaches to steer the controls during the scanning, for any test objects are mentioned below-

  1. Identify by properties
  2. Identify by Anchor
  3. Identify by index
  4. Identify by image

Q62) What is DokuSnapper in Tosca? 

Ans: The DokuSnapper function enables to an archive of the progress of automated tests in a document. Tosca creates a Microsoft Word document for every test script upon each execution. The document name consists of the test script name and the timestamp of the execution time. 

User can enable Dokusnapper from Settings 

Configure options and settings > Settings Dialog > Settings – Engine > Settings – DokuSnapper

Q63) What is TDS?

Ans: TDS stands for Test Data Service, which is used for test data management in Tosca. Using TDS, we can store the dynamic test data in a shared location which is easy to read/ update by the test case. As the data stored in a shared location, it is useful to share the same dynamic data across multiple test cases. Also, we can update it without opening Tosca as it’s treated as a separate component.

Q64) Explain the API Testing using TOSCA? Explain the advantages.

Ans: API stands for Application Interface. In a multi-application environment where one application is interacting other application through API, we have to wait for the completion of development of all the application for testing. So the testing is going to be a time-consuming process. Instead of that, we can start the testing of APIs once any of the application is ready to reduce the execution cycle time. So API testing is an approach to test the interface through API before integration of the entire application. Tosca provides an API scanning wizard; through this, we can scan the API and creates API modules. Later based on the module, we can create test cases to perform Tosca API Testing.

The advantages are –

  • Fast execution.
  • Reduce execution cycle time.
  • Testing can be initiated before system integration.

Q65) Explain the exploratory testing features available in Tosca?

Ans: It’s an approach to record test scenarios as a document for functional analysis, verification/ testing of training purpose.

Q66) How can we change the value of any Test Configuration Parameter during the execution?

Ans: First, one buffer has to be assigned for the Test Configuration Parameter (TCP). After that, by changing the buffer value using “Tbox Set Buffer”, we will be able to change the TCP value during execution.

Q67) Is it possible to automate mobile apps in Tosca?

Ans: Yes, Tosca supports mobile automation using engine ME3.0 for mobile testing.

Q68) Explain the approach of mobile testing?

Ans: We need to follow the below steps to perform mobile automation.

  • We need to connect the physical or simulator mobile device with our system or Appium server. For an iOS device, we need to connect the device in Appium configured Mac system.
  • Select the Scan->Mobile option while scanning mobile devices.
  • In the scan window, we need to provide basic details such as Connection type as Local or Appium Server, Name of the device, Device Id and device type as Android or iOS.
  • We need to select the checkbox for “Run Live View” to replicate mobile screen in the device.
  • To establish the connection with mobile devices, need to click on “Connect” button.
  • Select the desire mobile screen and scan to create nodule.
  • Create the mobile test cases based on the created modules and some standard modules such as an open mobile app.
  • Execute the test case.

Q69) What kinds of mobile apps are supported by Tosca?

Ans: Only Android or iOS mobile devices are supported by Tosca. Also, it can automate mobile web, native and hybrid apps.

Q70) What are the different engine available for mobile automation?

Ans: There is two engines are available –

  1. Tosca Mobile + – It’s used for old devices.
  2. Mobile Engine 3.0 (ME 3.0) – It’s used for the latest devices.

Q71) What is the basic configuration required to execute any test case in mobile Chrome browser?

Ans: We need to set the value as “CromeAndroid” for TCP Browser.

Q72) What is ARA? 

Ans:  ARA stands for Automation Recording Assistant. This is an advanced recording feature of TOSCA. With the help of ARA, we can record any scenario with the verification and generate the test cases instantly. After recording ARA generates a .ara file which needs to be imported in TOSCA to generate the instant test case. This is very useful for the business user who does not have any bits of knowledge about Tosca.

Q73) Explain the advantages of ARA?

Ans: The major advantages are –

• Standalone recording wizard

• Intuitive recording

• On-the-fly remarks & verifications

• No duplicate modules in a single recording

• Easy clean-up

• Fast playback

• Easy to export & import recordings

Q74) Explain the limitations of ARA?

Ans: The limitations of ARA are –

• Compatible with Tosca 13.1 & above

• Linear recording

• License required for standalone installation

• Duplicate modules get created in multiple recordings

• Challenging to modify existing tests

• Yet to be compatible with Android/iOS

Q75. What is Vision AI in Tosca?

Ans: It is going to be an advanced test automation approach to automate the test cases irrespective of the technology of the test application. This approach will be made with the help of the artificial intelligence (AI) concept while recognizing the objects through TOSCA AI Scan. Based on looks and appearances, the objects are getting identified using AI features.

Q76. From which version the Vision AI is available?

Ans: The Tricentis Tosca has introduced these features from Version 14.x.

Q77. What are the features of Vision AI in Tosca?

Ans: The major features of Vision AI are specified below –

  • AI-driven Object recognization – Tosa AI engine is capable of identifying the test objects based on the appearance and looks, without considering the technology of the application.
  • Automate Citrix-based application – We can automate the applications which are hosted in Citrix.
  • Automate under development application – The AI engine is capable of automating the application before completion of the development. Here, Tosca is able to automate based on the mockup environment or based on the designed layout diagram.
  • Automation testing can be started from the very early phases.
  • Larger varieties of applications can be automated.
  • Some modules can be re-used over different applications (having the same look and feel) irrespective of technology.
  • Reduces the maintenance efforts in vision AI.

Q78. How Tosca identifies objects using AI Engine?

Ans: The Tosca AI engine considers below aspects to steer test objects –

  • The appearance and the position of the test objects.
  • Look and feel includes color, size, etc.
  • The attached labels of the test objects.

Q79. What will happen for the existing tests which are developed through AI Engine after changing the technology, keeping the same UI?

Ans: There will be no impact on the existing test cases which are developed with an AI engine. The reason is that the AI engine does not consider the technology of the application.

Q80. Specify the different object identification methods used by Tosca AI Engine?

Ans: The Tosca AI engine follows below identification methods –

  • Identify by Properties – The properties available based on the appearances.
  • Identify by Index – Based on the repetitions of the same kind of objects.
  •  

Q81: How do you handle Test Configuration Errors in Tosca? A: Tosca test configuration errors can arise from misconfigurations in test environment settings, missing modules, or discrepancies in versions. To handle these, ensure alignment with test environment settings, verify all necessary modules and dependencies are installed, and ensure the Tosca version is compatible with all modules.


Q82: Describe a scenario where Execution Errors can occur in Tosca and how to resolve them. A: Execution Errors might occur when a UI element is modified or moved in the application under test. To resolve, re-scan the application and update the test case with the new UI element definition.


Q83: What are the benefits of ExecutionLists in Tosca? Can you schedule them? A: ExecutionLists help group, order, and execute test cases in sequence, aiding in regression testing, end-to-end processes, and ensuring dependent test cases execute in order. Yes, using the Test Execution Scheduler, you can set a specific time and frequency for ExecutionLists.


Q84: How does Tosca’s API Scan facilitate performance testing? Describe a complex scenario you automated using Tosca’s API testing features. A: While Tosca is primarily a functional testing tool, its API Scan captures API requests and responses, and you can measure response times for API calls, offering basic performance metrics. For a complex scenario, consider automating a multi-step checkout process in an e-commerce application, involving adding items to the cart, applying discounts, validating stock, and confirming payment.


Q85: How does TDS in Tosca support data-driven testing? Describe a challenge you faced while managing test data in Tosca and how you resolved it. A: TDS (Test Data Service) allows creation, management, and supply of test data to test cases. A challenge might be maintaining consistency and avoiding duplicate/outdated data. By using features like data aging and pooling in TDS, you can manage data efficiently.


Q86: Describe a scenario where Dynamic Loops are beneficial in Tosca. How would you implement Progressive Loops in a Tosca test case? A: Dynamic Loops are useful when iterations aren’t known in advance. For instance, testing a cart with variable items. For Progressive Loops, set the loop to start from a specific row in your dataset and define the step size to test every nth data set.


Q87: How does Tosca CI support DevOps pipelines? Describe a situation where Tosca CI significantly improved the testing process. A: Tosca’s CI capabilities integrate with CI/CD tools, enabling automated test execution as part of the DevOps pipeline. In situations where frequent integrations occur, integrating Tosca with a CI server can automatically trigger test suites, ensuring new code doesn’t introduce defects.


Q88: How do Control Groups enhance test case organization in Tosca? Describe a scenario where you utilized Control Groups for a UI testing challenge. A: Control Groups organize and group UI elements in a module, enhancing organization in complex UI structures. For instance, on a webpage with multiple tabs, using Control Groups can segregate controls for each tab, simplifying test creation and maintenance.


Q89: How do you configure a Cleanup Scenario in Tosca? Describe a complex recovery scenario. A: A Cleanup Scenario ensures the system returns to a known state post-test. In the TestCase design, use the “Cleanup” section for recovery actions. For a complex scenario, after creating test data and encountering a test failure, the Cleanup Scenario can delete the test data, preparing the application for the next run.


Q90: How does integrating Tosca with JIRA improve bug tracking? Describe challenges faced during integration and resolutions. A: Integration streamlines defect tracking, allowing automatic bug logging in JIRA when a test fails. Challenges might arise in mapping Tosca’s defect fields to JIRA’s custom fields, which can be resolved by ensuring a consistent field naming convention and using Tosca’s settings for correct field mapping.


Q91: Describe a scenario where the Rescan feature was crucial in updating your Tosca test cases. How does Rescan support agile development? A: Rescan is crucial when the application undergoes changes, helping update Tosca modules. In agile, with frequent changes, Rescan ensures test cases are updated with minimal effort, keeping automation relevant in rapidly evolving environments.


Q92: How do Tosca Templates facilitate test step reuse? Describe a complex scenario you automated using Tosca Templates. A: Templates create reusable test steps, promoting reusability and reducing redundancy. For complexity, in a multi-user login scenario, a template for login steps can be created and post-login validations for user types can be customized using the template.


Q93: How does associating test scenarios with requirements improve test coverage in Tosca? Describe a situation where this association identified a testing gap. A: Associating test scenarios with requirements provides traceability, indicating which requirements are tested and which are pending. If a new feature is added without test scenarios, this association would highlight the gap, prompting the creation of relevant test cases.


Q94: How does exploratory testing in Tosca support manual testing? Describe a challenge faced during exploratory testing in Tosca and resolutions. A: Tosca’s exploratory testing aids manual testers by allowing defect logging, screenshot captures, and note-making during sessions. A challenge might be reproducing a specific defect found during testing. With Tosca’s session logs and notes, providing context becomes easier.


Q95: How do you use TQL for advanced searching in Tosca? Describe a complex query you executed using TQL. A: TQL (Tricentis Query Language) enables advanced searching in Tosca. For complexity, you might use TQL to find all test cases related to a module that failed in the last run and were last modified by a specific user.


Q96: How does Tosca WebAccess facilitate remote testing? Describe a situation where it improved your testing workflow. A: Tosca WebAccess is a web-based interface for Tosca, allowing remote access without local installation. It’s beneficial for distributed teams or when testers need to access Tosca outside their usual environment, like when a critical bug is reported and needs immediate validation.


Q97: How would you debug Syntax Errors in Tosca? Describe a scenario where System Errors occurred and the resolution. A: Syntax errors arise from incorrect test scripting or TQL formulation. Using Tosca’s error messages can help pinpoint and rectify them. System errors might occur from issues with the system where Tosca runs, such as insufficient memory. The resolution might involve optimizing system resources or increasing RAM.


Q98: How would you validate API responses against expected values in Tosca? A: Tosca allows validation of API responses against expected values using assertions. You capture the expected response and use Tosca’s comparison capabilities to validate the actual response against it.


Q99: How would you handle infinite looping issues in Tosca? A: Infinite looping arises from incorrect loop configurations. Ensure loops have a clear exit criterion and regularly validate test logic.


Q100: How do you configure Tosca CI for different development environments? A: Tosca CI can be tailored for various development environments by integrating with specific CI/CD tools, configuring environment-specific variables in Tosca, and ensuring the Tosca workspace is accessible across environments.


Q101: What steps would you take to ensure the effectiveness of a Cleanup Scenario in Tosca? A: Regularly validate that the Cleanup Scenario returns the system to the desired state, execute it independently to verify its actions, and monitor logs for successful completion.


Q102: How do you manage Rescan conflicts in Tosca? A: Review each conflict to understand the change’s nature, decide on accepting the new change, retaining the existing configuration, or merging the changes. Ensure test cases are re-executed post-rescan for validation.


Q103: How would you customize Tosca Templates for complex test scenarios? A: Add custom steps or logic for unique testing needs, use parameters and variables for adaptability, and incorporate conditional logic for different test conditions.


Q104: How would you optimize TQL queries for large Tosca projects? A: Limit the scope of the search to relevant areas, use precise criteria to filter results, and regularly review and update saved queries for relevance.


Q105: How do you ensure security while accessing Tosca workspaces via WebAccess? A: Implement strong authentication and authorization measures, ensure data encryption during transmission, and regularly monitor access logs for suspicious activities.

Mobile Cloud Computing And It’s Evolution(You Must Know!)

What is Mobile Computing

Mobile Computing is one of the latest and evolving technologies that allows data transmission in the form voice, images, videos via internet-enabled or rather wireless-enabled devices without physical connection such as computers, IoT devices, etc.

Mobile Computing Components

The significant verticals of components involved in the technology of Mobile Computing or Mobile cloud computing are :

  • hardware components
  • software component
  • Communication layer

Hardware Components

The hardware components have different types, such as device components or mobile devices that provide the service of mobility. They can be classified in various segments like smartphones, portable laptops, IoT devices, tablet Pc’s, etc.

What role the hardware components play :

These hardware devices have a mini component called a receptor capable of sensing, receiving, and sending data signals. It is configured to operate in full-duplex mode, ie, sending and receiving signals at the same point of time.

Receptors operate on an existing established wireless network.

software component

The mobile component is the software application program, runs on the mobile hardware component. It is the operating system of the device.

This component ensures portability and mobility and operates on wireless communications and ensures computation that are distributed locations and not attached to any single physical location.

Mobile Communication Layer :

The communication layer represents the underlying infrastructure to ensures seamless and reliable communication. This consists of factors like protocols, services, bandwidth, and portals required to facilitate and support. This layer is based on the radio wave. The signals are carried through the air and communicate with receptors through software components.

The data format is also defined at this layer to ensures collision-free communication between existing systems that provide the same service.

History Of Mobile Computing

During the period of the 1980s:

In 1981: The Osborne Computer Corporation releases the world’s first consumer laptop, The Osborne 1, even though its main limitation was with its display pf 52 characters per line of texts with a small 5″ screen.

mobile computing

Then in 1982: HX-20 from Epson, a portable computer with a small 120 x 32 resolution monochrome LCD screen.

mobile cloud computing

In 1984: The first touchscreen system was developed on the Gavilan SC, which is the first to be marketed with the term ‘laptop.’

multiplexing in mobile computing

In 1989:The Apple Macintosh portable is one of the first to feature an active matrix 640 x 400 screen. This is Apple’s first contribution to the mobile computing movement.

history of mobile computing

During the period of 1990s:

1990: The Intel announces its 20MHz 386SL processor, and was the first CPU to be explicitly designed with mobile computing in mind, featuring power management features and sleep modes to conserve battery life.

1992: The Windows 3.1.1 is released, and then it becomes the standard operating system for laptops

UUXjFePW3tuK8Pk2dOm p5DS9dYLIoIVxmw1d2slCFu8Ghe6ruONIHTJC3t98ZCx7CTPhBrL4UYN4cR IPud7Maz48kuA4ganfKHooaDb4ih

1993: Personal digital assistant was introduced to the United States by Apple.

cnD3FSH8jQdkJsGKZYCeHmTr0cPyx4o UFtmzFmjn0klt vt8iByEgeGF9EAMwdJ loquPPRgpnpZGGQv70HkVTzzUguiTGAj6Ms1Fhj4frab1B1sQP6b1atwPIEkI52HY4GlQgl

1994: IBM’s Thinkpad 755 introduced the CD-ROM drive.

MDk FWs3z1js6YPyaGALb0n2MK3k8HpE6IVwOREdGPjUAv sAeBRG ce4ptg5TkW7AYfL5renQaTzVauaUSds EQIlm96dHosurC1U5n2MkgTDpDEHpcBRrz2J m5oLuZzbrr2iB

During the period of the 2000s and beyond:

2000: Microsoft unveils a new Operating System, which sparks the beginning of the Pocket PC era. 

image 281

2002: The Research in Motion introduces the first BlackBerry smartphone. 

2007:

  • The Apple launched its first iPhone, which integrated with the best Web-browsing experience and along with the touchscreen display

Also, that time Google unveils Android.

2009: The Motorola introduces the Droid, which was the first Android-based smartphone.

2010:

  • Apple launches the iPad, a line of tablets designed, developed, primarily as a platform for audio-visual media, including books, periodicals, movies, music, games, and web content.
  • Samsung released the Galaxy Tab, an Android-based tablet to compete with the Apple iPad.

With this path, mobile computing evolved, and there were other inventions and contributions that were done from multiple different organizations from the time it started around 1980 and till now. We still see tremendous development is these areas, and this way, mobile computing will continue its path of revolution.

Mobile Computing – Classification

Mobile computing is widely distributed in different sorts of devices that support mobile computing. It is not only limited to computer or mobile phones, as we saw in the history of Mobile computing

We can classify these mobile computing devices in the below segments :

Personal Digital Assistant (PDA)

The Personal Digital Assistant ie, PDA, is an extension or a module of the PC, not a substitute, and mainly used as an electronic organizer. This kind of device is capable of sharing data with computer systems through a process called synchronization.

In this process, both the devices will access and communicate with each other to check for any updates in the individual devices by using Bluetooth or infrared connectivity.

With PDA devices, users can access audio clips, video clips, update office documents, and many more services using internet connectivity.

Smartphones

Smartphones are a combination of PDA and Phone with the camera and other features like the execution of multiple programs concurrently.

The majorly used mobile Operating Systems (OS) are Google’s Android, Apple IOS, Nokia Symbion, RIM’s BlackBerry OS, etc.

Tablet and iPads

This kind of device is larger than a mobile phone or a PDA and also integrates touch screen and is operated using touch-sensitive motions on the net. Eg. iPad, Galaxy Tabs, Blackberry Playbooks, etc.

They provide the same functionality as portable computers and also supports mobile computing in a far superior manner and have the huge processing power.

Multiplexing in mobile computing

  • Multiplexing is a process where multiple simultaneous digital or analog signals are transmitted across a single data link channel.

It can further be distributed into four types. These are:

  • A. Space division multiplexing or SDM
  • Time-division multiplexing or TDM
  • Frequency division multiplexing or FDM
  • Code division multiplexing or CDM

Multiplexing: Frequency division multiplexing (FDM ):

  • In Frequency Division multiplexing, the frequency spectrum is diversified into smaller frequency bands. Through FDM, a number of frequency bands can work simultaneously without any time constraint.

 Advantages of FDM

  • This process is applicable to both analog signals as well as digital signals.
  • The simultaneous dimension of the signal transmission feature.

Disadvantages of FDM

  • The probability of Bandwidth wastage is high and having Less Flexibility.

Multiplexing: Time Division Multiplexing(TDM)

  • The Time Division approach is basically utilizing the whole spectrum for a period.

Advantages of TDM

  • The dedicated user at a certain point in time.
  • Flexible and less complex architecture.

E.g., Integrated Service for Digital Network telephonic service.

Multiplexing : Code Division Multiplexing(CDM)

  • In CDM techniques, a unique code is reserved for every channel so that each of these channels can use the same spectrum simultaneously at the same point in time.

Advantages of CDM

  • Highly Efficient.

Disadvantages of CDM

  • The data transmission rate is less.

Eg. : Cell Phone Spectrum Technology(2G, 3G, etc.).

Multiplexing: Space Division Multiplexing(SDM)

  • Space Division can be considered having both FDM and TDM properties. In SDM, a particular channel will be used against a certain frequency band for a certain amount of time.

Advantages of SDM

  • High Data transmission rate with the optimal Use of Frequency & time bands.

Disadvantages of SDM

  • High inference losses.

E.g., Global Service For Mobile or GSM Technology.

Mobile Cloud Computing

MCC or Mobile cloud computing utilizes cloud computing to deliver and integrate applications to mobile devices.

Using this Mobile Cloud Computing techniques, the mobile apps can be deployed remotely using speed and flexibility and by using the series of development tools.

Mobile cloud applications can be built or updated, and also the addition of a new feature to the exiting application could be achieved in a quick manner and efficiently using cloud services.

These mobile apps can be delivered to as many different devices having different operating systems, computing tasks, and data storage mechanism.

These apps in this approach require lesser device resources because they are cloud-supported architecture, and also the reliability gets improved due to the fact that the data gets backed up and stored over the cloud, which also, in turn, provides more security and robustness.

Advantages of Mobile Cloud computing :

Mobile applications which are being built based on this cloud architecture acquire the following advantages:

  • Data storage capacity and processing power enhancement.
  • Extended battery life
  • Better synchronization of data due to “store in the cloud, access it from anywhere” methodology.
  • Improved reliability and scalability and security due to safe cloud infrastructure and replicas.
  • Easy Integration

Ref: https://www.cs.odu.edu/

Important Guide For Rest API Testing & RestAssured

RestAssured 1 212x300 1

In this exhaustive Rest Assured tutorial we are going to learn the Rest API Testing in depth, API Test Automation along with Rest Assured in modularised approach

What is RestAssured and its use

Rest Assured is a very widely used open source technology for REST API Automation Testing , this is based on java based library.

Rest Assured interacts with Rest API in a headless client mode, we can enhance the same request by adding different layers to form the request and create HTTP request via different HTTPS verbs to the server .

Rest Assured built in library provides enormous methods and utilities to perform the validation of the response received from the server such as status message, status code and response body .

This complete series of Rest Assured Tutorial for REST API Automation Testing consists of the following topics :

RestAssured -The rest assured tutorial api testing
Rest Assured API Automation

Getting started: Configuration of restAssured with Build tool ie Maven/gradle

STEP 1 : If you are working with maven just add the following dependency in pom.xml (you can choose any other version as well):

To get started with REST Assured, just add the dependency to your project. 

<dependency>
    <groupId>io.rest-assured</groupId>
    <artifactId>rest-assured</artifactId>
    <version>4.3.0</version>
    <scope>test</scope>
</dependency>

If you are working with gradle just add the following in build.gradle (again you can choose any other version as well):

testCompile group: 'io.rest-assured', name: 'rest-assured', version: '4.3.0'

STEP 2 : REST Assured can be integrated and used very easily with the existing unit test frameworks ie Testng,JUnit

Here we are using testNg as per the Unit Test Framework is concerned.

Once the libraries of Rest Assured is imported then we need to add the following static imports to our test classes:

import static io.restassured.RestAssured.*;

import static org.hamcrest.Matchers.*;

NOTE : For this upcoming learning purpose , we’ll test the Ergast Developer API, which can be found here. This API provides historical data related to Formula 1 races, drivers, circuits, etc .

Familiarity with the Syntax:

Rest Assured is supports BDD format(Gherkin Syntax) to write the test scripts ie in Given/When/Then/And format ,We are assuming that you have understanding on BDD/gherkin syntax , if not then we would suggest to spend 30 minutes of time to understand what is BDD(Gherkin Syntax) and how does it work and its very basic .

T-01 : Our 1st script which is basically validating number of circuits in F1 in 2017 using this API (http://ergast.com/api/f1/2017/circuits.json)

@Test(description = "Number Of Circuits In 2017 Season Should Be 20")
public void validatingNumberOfCircuits() {
   given().when().get("http://ergast.com/api/f1/2017/circuits.json").
           then().assertThat().body("MRData.CircuitTable.Circuits.circuitId", hasSize(20));
}

Rest API response validation :

1. Captures JSON response of the API request.

2. Queries for circuitId using GPath expression “MRData.CircuitTable.Circuits.circuitId”

3. Verifies the circuitId elements collection has the size of 20

Here we are  using Hamcrest matchers for various validation such as

There are various other methods which is useful to perform certain validation.

You can furthermore refer to the Hamcrest library documentation for a full list of matchers and methods.

Validating response Code :

given().when().get("http://ergast.com/api/f1/2017/circuits.json").then().assertThat().statusCode(200);

Validation of Content Type

given().when().get("http://ergast.com/api/f1/2017/circuits.json").then().assertThat().contentType(ContentType.JSON);

Validating header “Content-Length”

given().when().get("http://ergast.com/api/f1/2017/circuits.json").then().assertThat().header("Content-Length",equalTo("4551"));

Multiple Validation in a single Tests as (By using and() methods ) :

@Test(description = "Number Of Circuits In 2017 Season Should Be 20")
    public void validatingNumberOfCircuits() {
        given().when().get("http://ergast.com/api/f1/2017/circuits.json").then().assertThat().header("Content-Length",equalTo("4551")).and().statusCode(200);
    }

Validating Response Body element/attribute :

We can use JsonPath to fetch the value of the json attributes and put assertion using TestNg

@Test(description = "Validation of series Name which is f1")
    public void validatingSeriesName() {
        //Convert ResponseBody to String
        String responseBody=given().when().get("http://ergast.com/api/f1/2017/circuits.json").getBody().asString();
        //Create JsonPath Object by Passing the Response Body as a string
        JsonPath resJson=new JsonPath(responseBody);
        //Fetch the attribute value series under MRData
        String seriesName=resJson.getString("MRData.series");
        // User TestNg Assertion
        Assert.assertEquals("f1",seriesName);
    }

In the similar fashion we could get the value of XML response using XMLPath .Here we are working with JSON hence we used here JSonPath

RESTful APIs support only two types of parameters:

A. Query parameters: Here parameters are appended at the end of the API endpoint and could be identified by the question mark and forms a key value pair such as 

https://www.google.com/search?q=https://www.wikipedia.org/

Here in the above API ‘q’ is the parameter and ‘https://www.wikipedia.org/’ is value of that parameter, if we to search ‘SOMETHING_ELSE_TEXT’ we could replace the value of the parameter ‘q’ with SOMETHING_ELSE_TEXT’ inplace of https://www.wikipedia.org/ .

B. Path parameters: These are the part of RESTful API endpoint. 

eg. endpoint that we used earlier: http://ergast.com/api/f1/2017/circuits.json, here “2017” is a path parameter value.

To get a result for the year 2016 we could replace 2017 with 2016 then the API will give the response body for 2016 .

Tests using Path Params for RestAssured

@Test(description = "Validation of number of Circuits using Path Params")
    public void testWithPathParams() {
        String seasonNumber = "2017";
       String responseBody = given().pathParam("season", seasonNumber).when().get("http://ergast.com/api/f1/{season}/circuits.json").getBody().asString();
        //Create JsonPath Object by Passing the Response Body as a string
        JsonPath resJson = new JsonPath(responseBody);
        //Fetch the attribute value series under MRData
        String seriesName = resJson.getString("MRData.series");
        // User TestNg Assertion
        Assert.assertEquals("f1", seriesName);
    }

Tests using Query Params for RestAssured

@Test(description = "Validation of Google search using Query Params")
    public void testWithPathParams() {
        String searchItem = "https://www.wikipedia.org/";
  given().queryParam("q",searchItem).when().get("https://www.google.com/search").then().assertThat().statusCode(200);
    }

Parameterizing tests:

We can do data driven testing (ie same test script will be executed multiple times with different sets of input data and provide different output data) using Rest Assured 

STEP 1 : Created a testNg Data Provider .

STEP 2 : Consume the Data Provider in Test script.

@DataProvider(name="seasonsAndRaceNumbers")
    public Object[][] testDataFeed() {
        return new Object[][] {
                {"2017",20},
                {"2016",21}
        };
    }
@Test(description = "Number Of Circuits validation in different Seasons",dataProvider = "seasonsAndRaceNumbers")
    public void circuitNumberValidation(String seasonYear,int raceNumbers) {
given().pathParam("season",seasonYear).when().get("http://ergast.com/api/f1/{season}/circuits.json").then().assertThat().body("MRData.CircuitTable.Circuits.circuitId",hasSize(raceNumbers));
    }

Working with Multi -valued parameters with RestAssured 

Multi-value parameters are those parameters which has more then one value per parameter name (i.e. a list of values per paramKey), we can address them like below :

given().param("paramKey", "paramValue1", "paramaValue2").when().get(“API URL“);

Or we could prepare a list and pass the list as the value of the paramKey like :

List<String>paramValue=new new ArrayList<String>();
paramValue.add(“paramvalue1”);
paramValue.add(“paramvalue2);
given().param("paramKey", paramValue).when().get(“API URL“);
Working with cookie with RestAssured 
given().cookie("cookieK", "cookieVal").when().get("API URL");

Or 

We can also specify a multi-value cookie here like :

given().cookie("cookieK", "cookieVal1", "cookieVal2").when().get(“API  URL”);

Working with Headers :

We can specify in a request using header/headers like :

given().header(“headerK1”,”headerValue1”).header(“headerK2”,”headerValue2”).when().get(“API URL”);

Working with contentType:

given().contentType("application/json").when().get(“API URL”);

Or 

given().contentType(ContentType.JSON).when().get();

Measure the Response Time :

long timeDurationInSeconds = get(“API URL”).timeIn(SECONDS);

Rest API Authentication

REST assured supports different auth schemes, eg OAuth, digest, certificate, form and preemptive basic authentication. We either can set authentication for each and every request 

here is a sample request using the same :

given().auth().basic("uName", "pwd").when().get(“URL “) ..

On the other hand authentication and defined in the below approach for the HTTP requests:

RestAssured.authentication = basic("uName", "pwd");

Basic AUTH Types:

There are two types of basic auth, “preemptive” and “challenged token basic authentication”.

Preemptive Basic Auth:

This will send the basic authentication credential even before the server gives an unauthorized response in certain situations along with the request being triggered, thus reducing the overhead of making an additional connection. This is typically majorly occurring situations unless we’re testing the servers ability to challenge. 

Eg.

given().auth().preemptive().basic("uName", "pwd").when().get("URL").then().statusCode(200);

Challenged Basic Authentication

On the Other hand “challenged basic authentication” REST Assured will not supply the credentials unless the server has explicitly asked for it i.e. server throws the Unauthorized Response. After that UnAuthorized response Rest-Assured sends another request to the server which is the Auth.

given().auth().basic("uName", "pwd").when().get("URL").then().statusCode(200);

Digest Authentication

As of now only “challenged digest authentication” is being considered. eg:

given().auth().digest("uName", "pwd").when().get("URL").then().statusCode(200); 

Form Authentication

We could achieve this majorly in 3 different approaches depending on the Application/Scenarios:

Form authentication is one of very popular over the internet which is an user is entering his credentials ie username & password through a web page and login in to the system.This Could be addressed using this 

given().auth().form("uName", "pWd").
when().get(" URL");
then().statusCode(200);

While this might not work as it’s optimal and it may pass or fail depending on the complexity of the webpage. A better option is to provide these details when setting up the form authentication in the below approach:

given().auth().form("uName", "pwd", new FormAuthConfig("/'mention here form action name which is part of the html page code nder the form tag'", "uName", "pwd")).when().get("URL").then().statusCode(200);

In this approach the REST Assured internally wont require to trigger additional request and parse through the webpage. 

If in case you are using the default Spring Security then a predefined FormAuthConfig is triggered .

given().auth().form("uName", "Pwd", FormAuthConfig.springSecurity()).when().get("URL").then().statusCode(200);

NOTE : If we want to send additional input data along with form auth then we could write the below:

given().auth().form("uName", "pwd", formAuthConfig().withAdditionalFields("firstInputField", "secondInputField"). ..

CSRF :

CSRF stands for Cross-site request forgery.

Nowadays it’s very common for the server to provide a CSRF token with the response to avoid the CSRF security attacks. REST Assured supports this by using and automatic parser and providing CSRF token . 

In order to achieve this REST Assured need to make an additional request and parse (few position)of the website.

We can enable CSRF support by writing the below code:

given().auth().form("uName", "pwd", formAuthConfig().withAutoDetectionOfCsrf()).when().get("URL").then().statusCode(200);

In Addition to assist REST Assured and make the parsing more flawless and robust we can supply the CSRF field name (here we assuming that we’re using Spring Security default values and we could use predefined springSecurity FormAuthConfig):

given().auth().form("uName", "pwd", springSecurity().withCsrfFieldName("_csrf")).when().get("URL").then().statusCode(200);

By default the CSRF value is passed as a form parameter with the request but we can configure to send it as a header if in case its required like below:

given().auth().form("uName", "pwd", springSecurity().withCsrfFieldName("_csrf").sendCsrfTokenAsHeader()).when().get("URL").then().statusCode(200);

OAuth 1 :

OAuth 1 requires Scribe to be in the classpath. To use oAuth 1 authentication we can do:

given().auth().oauth(..).when(). ..

OAuth 2 :

given().auth().oauth2(accessToken).when(). ..

In the above approach the OAuth2 accessToken will be considered in a header. To be more explicit we can also do:

given().auth().preemptive().oauth2(accessToken).when(). ..

Passing File, byte-array, input stream or text in Request:

When sending large amounts of data to the server it’s generally a common approach to use the multipart form data technique. Rest Assured provide methods called multiPart that allows us to specify a file, byte-array, input stream or text to upload. 

given().multiPart(new File("/File_Path")).when().post("/upload");

POST Request Creation with Rest Assured

With POST and PUT requests, we send Data to Server and its basically creation of resources/updation of resources, you can consider this as a write or update operation.

The data which is being sent to the server in a POST request is sent in the body of HTTP request/API call. 

The type of content or data which is being sent can be of different format depending on the API i.e. XML, JSON or some other format is defined by the Content-Type header. 

If POST body consists of the JSON data then the header Content-Type will be application/json.Similarly , for a POST request consisting of a XML then the header Content-Type would be of application/xml type.

Here is the below code snippet for the same:

given().contentType("application/json").param("pk","pv").when().body("JsonPAyloadString").post("url").then().assertThat().statusCode(200);

NOTE: There are different ways we can pass the payload/request body  inside the method “ body “ like String(as shown in above snippet),JsonObject,as a File etc etc,

PUT Request with Rest Assured:

given().contentType("application/json").param("pk","pv").when().body("JsonPAyloadString").put("url").then().assertThat().statusCode(200);

Delete request with Rest-Assured :

given().contentType("application/json").param("pk","pv").when().delete("url").then().assertThat().statusCode(200);

And that way we can create different Rest API call for different API verbs(GET/POST/PUT/DELETE etc)

Serialization and Deserialization in Java :

Serialization is a basically processing or converting the object state to a byte stream. On the other hand the Deserialization in Java is processing or converting the byte stream to actual Java object within memory . This mechanism is used in persistence of Object.

Below is the block diagram for the same 

1ESLuGPTk5gUs9eA5 OXkbw KyHeRnO9TdX bg OEo3 ZD7BJ9HqLY HcOaf9saeK137JSzmDj7 TY2WmrlVogzLzkgmN1gvLvyaF6cdGb6psTcv0HVH98J45L4b1a0c3ucUvJ6p

Advantages of the Serialization

A. To save/persist the state of an object.

B. To flow an object across a network.

Achieving Serialization with JAVA

To achieve a Java object serializable we need to implement the java.io.Serializable interface.

The ObjectOutputStream class which contains writeObject() method responsible for serializing an Object.

The ObjectInputStream class also contains another method called readObject() which is responsible for deserializing an object.

classes which are implementing java.io.Serializable interface, there object can only be serialized.

Serializable is just a marker interface and like other market interface it has no data member or method associated with it.which is used to “mark” java classes so that objects of these classes will get certain capabilities. Like few other marker interfaces are:- Cloneable and Remote etc.

NOTEs :

1. If a parent class has implemented a Serializable interface then child class is not required to implement the same but vice-versa is not applicable.

2. Only non-static data members are stored with the Serialization process.

3. Static data members and also the transient data members are not being stored by the Serialization .So, in case if we dont need to store store the non-static data member’s value then we can make it transient.

4. Constructor is never called when an object is deserialized.

STEP 1 : The first step is basically the creation of a class which implements the Serializable interface:

import java.io.Serializable;
public class Dummy implements Serializable {
    private int i;
    private String  data;
    public Dummy(int i, String data)
    {
        this.i = i;
        this.data = data;
    }
}

STEP 2 :Create a class to serialize it :

import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectOutputStream;
public class  Serialize {
    public static void Serialization(Object classObject, String fileName) {
        try {
            FileOutputStream fileStream = new FileOutputStream(fileName);
            ObjectOutputStream objectStream = new ObjectOutputStream(fileStream);
            objectStream.writeObject(classObject);
            objectStream.close();
            fileStream.close();
        } catch (FileNotFoundException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }
    public static void main(String[] args) {
        Dummy dummyObj = new Dummy(10, "Lambda-geeks");
        Serialization(dummyObj, "DummSerialized");
    }
}

STEP 3 : Once Step2 is completed successfully then you would get to see a file got created with some data in it ,that data is basically serialized data of the Object members.

  Deserialization with java :

Here is the below code snippet :

 public static Object DeSerialize(String fileName)
    {
        try {
            FileInputStream fileStream = new FileInputStream(new File(fileName));
            ObjectInputStream objectStream = new ObjectInputStream(fileStream);
            Object deserializeObject = objectStream.readObject();
            objectStream.close();
            fileStream.close();
            return deserializeObject;
        } catch (FileNotFoundException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
        }
        return null;
    }

Driver Code goes like this :

 public static void main(String[] args) {
      /*  Dummy dummyObj = new Dummy(10, "Lambda-geeks");
        Serialization(dummyObj, "DummSerialized");
        System.out.println("--------------------------------------------------------------------------");
      */
        Dummy deSerializedRect = (Dummy) DeSerialize("DummSerialized");
        System.out.println("Data From Serialized Object " + deSerializedRect.print());
        System.out.println("--------------------------------------------------------------------------");
    }

JSONPATH More Syntax/Query :

Lets Assume a JSON as below :

{
  "OrganizationDetails": "Dummy Details of the Organization",
  "Region": "Asia",
  "Emp-Details": [
    {
      "Org": "lambda-Geeks",
      "Information": {
        "Ph": 1234567890,
        "Add": "XYZ",
        "Age": 45
      }
    },
    {
      "Org": "lambda-Geeks-2",
      "Information": {
        "Ph": 2134561230,
        "Add": "ABC",
        "Age": 35
      }
    }
  ]
}

in the above JSON , the OrganizationDetails & Region are called as Leaf node reason being they are not having any further child nodes/elements but  as on the other hand the Emp-Details having child node , hence its not referred as Leaf node.

Here if we try get the value of  OrganizationDetails then we need to use :

$.OrganizationDetails 
This will result in :
 [
  "Dummy Details of the Organization"
]

Like Wise to get the data for region we need to write :

$.Region 

If we want to find the value of  Age for the 1st Employee then we could write :

$.Emp-Details[0].Information.Age
This will result in :
[
  45
]

For the Age of the 2nd Employee  we could write like

$.Emp-Details[1].Information.Age
This will result in : 
[
  35
]

This way we can figure out the JsonPath expression/query to fetch the data for the respective fields in the JSON.

41 Interesting Application security interview questions

Application Security Interview QA 1 212x300 1

Application security interview questions

We will discuss around Application security interview questions/Penetration testing interview questions which consists of a list of Most Frequently Asked questions about security and also covered Security Engineer Interview Questions and cyber security interview questions:

Critical || Application security interview questions

Major || Application security interview questions

Basic|| Application security interview questions

Application Security interview Questions
Application Security Interview Questions

Base Level -1 || Critical || Application security interview questions

How would an HTTP program handle state?

HTTP being a stateless protocol uses cookies to handle the web application state.HTTP can handle web application state in the below approaches and maintains session :

The data might be stored in cookies or in the web server’s session.

What do you understand by Cross Site Scripting or XSS?

Cross-site Scripting abbreviated as XSS is a client-side code injection issue where the un-authorised user aims to execute malicious scripts in user’s web browser by incorporating malicious code in a web application and hence once the user visits that web application then the malicious code gets executed resulting in the cookies, session tokens along with other sensitive information to be compromised.

What are the types of XSS?

There are majorly three different categories of XSS:

Reflected XSS: In this approach, the malicious script is not stored in the database in case of this vulnerability; instead, it comes from the current HTTP request.

Stored XSS: The suspicious scripts got stored in the Database of the web application and can get initiated from there by impacted person’s action by several ways such as comment field or discussion forums, etc.

DOM XSS: In DOM (Document Object Model)XSS, the potential issues exists within the client-side code instead of the server-side code. Here in this type, the malicious script flows in the browser and acts as a source script in DOM.

This potential impact arises when a client-side code reads data from the DOM and processes this data without filtering the input.

What are the owasp top 10 of 2021 ?

Mention the owasp risk rating methodology ?

The Owasp risk rating methodologies are segregated in the different layers , such as :

Explain how does the tracert or tracerout operates ?

Tracerout or tracert as the name suggests basically monitors and analyze the route between host machine to remote machine. it performs the below activities :

What is ICMP?

ICMP stands for Internet Control Message Protocol, located at the Network layer of the OSI model, and is an integral part of the TCP/IP.

Which port is for ICMP or pinging?

Ping doesn’t require any port and uses ICMP. It is used to identify whether the remote host is in an active status or not, and also it identifies the packet loss and round-trip delay while within the communication.

Mention the list of challenges for the successful deployment and monitoring the web intrusion detection?

Mention the risk that involves from unsecure HTTP cookies with tokens ?

Access Control Violation impact gets triggered when not flagging HTTP cookies along with secure tokens.

Mention the basic design of OWASP ESAPI?

The major OWASP ESAPI design are:

What is port scanning?

Scanning of the ports to discover that there can be some weak points in the system to which un-authorised user can target and pull some critical and sensitive data information.

Mention the different types of port scans ?

What is a honeypot?

The honeypot is a computer system that mimics likely targets of cyber issues. Honeypot basically used for detection and deflection vulnerability from a legitimate target.

Among Windows and Linux which one provides security ?

Both of the OS have their pros and cons. Still, as per the security is concerned, most of the community prefer to use Linux as it provides more flexibility & security compared to Windows, considering that many security researchers have contributed to securing Linux.

Which is mostly implemented protocol on a login page?

The TLS/SSL protocol is implemented in most of the scenarios while data is in transmission layers.This is to be done to achieve the confidentiality and integrity of user’s critical and sensitive data by using encryption in the transmission layer.

What is public-key cryptography?

Public Key Cryptography (PKC), also known as asymmetric cryptography, is a cryptography protocol which requires two separate sets of keys, ie one private and another one is public for data encryption & decryption.

State the difference between private and public-key cryptography while performing the encryption and signing content?

In the case of digital signing, the sender uses the private key to sign the data and on the other hand receiver verifies and validates the data with the public key of the sender itself.

While in encryption, the sender encrypts the data with the public key of the receiver and receiver decrypt and validates it using his/her private key.

Mention the major application of the public-key cryptography?

The major use cases of public-key cryptography are :

Discuss about the Phishing issues?

In Phishing, the fake web page is being introduced to trick the user and manipulate him to submit critical and sensitive information.

What approach you can take to defend the phishing attempts?

XSS vulnerabilities verification and validation and HTTP referer header are some mitigation approaches against the phishing.

How to defend against multiple login attempts?

There are different approaches to defend against several login attempts, such as :

What is Security Testing?

Security testing is one of the major important areas of testing to identify the possible vulnerabilities in any software (any system or web or networking or Mobile or any other devices ) based application and protect their confidential and sesitive data sets from potential risk and intruders.

What is “Vulnerability”?

Answer: Vulnerability is considered as the weakness/bug/flaw in any system through which an un-authorised user can target the system or the user who is using the application.

What is Intrusion Detection?

Answer: IDS or intrusion detection system is software or hardware application that monitors a network for unapproved activity or policy violations. Under this situations it is typically reported and resolved using security information and respective event management system.

Few Intrusion Detection systems are capable enough to respond to the detected intrusion upon discovery, known as intrusion prevention systems (IPS).

Base Level -2 || Major || Application security interview questions

What are Intrusion Detection System, type :

The IDS Detection majorly of the below types :

Along with these, there is a subset of IDS types , out of which the major variants are based on anomaly detection and signature detection

What do you know about OWASP?

OWASP is known as Open Web Application Security Project is an organisation which supports secure software development.

What potential issues arises if the session tokens has insufficient randomness across range values?

Session tampering arises from the issue with session tokens having insufficient randomness within a values of range .

What is “SQL Injection”?

Answer: SQL injection is one of the most common techniques in which a code is injected in the SQL statements via a web page input that might destroy your database and potentially expose all the data from your DB.

What do you understand by SSL session and also the SSL connections ?

Answer: SSL is known as Secured Socket Layer connection establishes the communication with peer-to-peer link having both the connection maintains SSL Session.

An SSL session represents the security contract, which in terms consists of key and algorithm agreement information that takes place over a connection between an SSL client connected to an SSL server using SSL.

An SSL session is governed by security protocols that control the SSL sessions parameter negotiations between an SSL client and SSL server.

Name the two standard approaches which are used to provide protection to a password file?

Answer: Two majorly applied approaches for password file protection are

What is IPSEC?

The IPSEC also known as IP security is an Internet Engineering Task Force (IETF) standard protocols suite among the two various communication layers across the IP network. It ensures dataset integrity, authentication and also the confidentiality. It generates the authenticated data packets with encryption, decryption.

What is the OSI model :

The OSI model also known as Open Systems Interconnection ,is a model that enables communication using standard protocols with the help of diverse communication systems. The International Organization for Standardization is creating it.

What is ISDN?

ISDN stands for Integrated Services Digital Network, a circuit-switched telephone network system. It provides packet switched networks access which allows the digital transmission of voice along with data. Over this network, the quality of data and voice is much better than an analog device/phone.

What is CHAP?

CHAP, also referred as Challenge Handshake Authentication Protocol (CHAP) which is basically a P-2-P protocol (PPP) authentication protocol where the initial startup of the link is used. Also, it performs a periodic health check of the router communicates with the host.CHAP is developed by IETF (Internet Engineering Task Force).

What is USM, and what does it perform?

USM stands for the User-based Security Model, is utilised by System Management Agent for decryption , encryption, decryption, and authentication as well for SNMPv3 packets.

Mention some factors that can cause vulnerabilities?

Answer: The majority of areas that might cause the potential vulnerabilities are :

Mention the parameters list to define SSL session connection?

Answer: The attributes which all define an SSL session connection are:

What is file enumeration?

Answer: Its a type of issues where the forceful browsing takes place by manipulating the URL where the un-authorised user exploit the URL parameters and get sensitive data.

What are the advantages of intrusion detection system?

Answer: The Intrusion detection system has the below advantages:

Base Level -3 || Basic|| Application security interview questions

What is Host Intrusion Detection System?

The (HIDSs)Host-based intrusion detection systems (HIDSs) are applications that operate on information collected from individual computer systems and serves on the existing system and compare with the previous mirror/snapshot of the system and validates for whether any data modification or manipulation has been done and generates an alert based on the output.

It can also figure out which processes and users are involved in malicious activities.

What is NNIDS?

NNIDS stands for Network Node Intrusion Detection System (NNIDS), which is like a NIDS, but it’s only applicable to one host at a single point of time, not an entire subnet.

Mention three intruders classes?

There are various intruder types, such as :

Mention the components which are used in SSL?

SSL establishes the secure connections among the clients and servers.

Disclaimer: This Application security interview questions tutorial post is for educational purpose only. We don’t promote/support any activity related to security issues/conduct. Individual is solely responsible for any illegal act if any.

Duis mattis vehicula consequat

Integer quis nisl at orci feugiat lobortis quis a odio. Etiam efficitur metus ultricies nisl lacinia malesuada. Mauris ante eros, convallis vitae eros ut, congue placerat ante. Etiam metus massa, volutpat sit amet sapien ut, condimentum ultricies dui. In mauris metus, semper eu consequat eget, porttitor sed dui. Nam eu hendrerit nibh. Mauris vulputate lectus … Read more

Curabitur lorem magna scelerisque a purus nec

Integer quis nisl at orci feugiat lobortis quis a odio. Etiam efficitur metus ultricies nisl lacinia malesuada. Mauris ante eros, convallis vitae eros ut, congue placerat ante. Etiam metus massa, volutpat sit amet sapien ut, condimentum ultricies dui. In mauris metus, semper eu consequat eget, porttitor sed dui. Nam eu hendrerit nibh. Mauris vulputate lectus … Read more

Morbi sagittis arcu vitae

Integer quis nisl at orci feugiat lobortis quis a odio. Etiam efficitur metus ultricies nisl lacinia malesuada. Mauris ante eros, convallis vitae eros ut, congue placerat ante. Etiam metus massa, volutpat sit amet sapien ut, condimentum ultricies dui. In mauris metus, semper eu consequat eget, porttitor sed dui. Nam eu hendrerit nibh. Mauris vulputate lectus … Read more

Fusce tempor mattis rutrum

Integer quis nisl at orci feugiat lobortis quis a odio. Etiam efficitur metus ultricies nisl lacinia malesuada. Mauris ante eros, convallis vitae eros ut, congue placerat ante. Etiam metus massa, volutpat sit amet sapien ut, condimentum ultricies dui. In mauris metus, semper eu consequat eget, porttitor sed dui. Nam eu hendrerit nibh. Mauris vulputate lectus … Read more

Nulla pretium eget lectus eget

Integer quis nisl at orci feugiat lobortis quis a odio. Etiam efficitur metus ultricies nisl lacinia malesuada. Mauris ante eros, convallis vitae eros ut, congue placerat ante. Etiam metus massa, volutpat sit amet sapien ut, condimentum ultricies dui. In mauris metus, semper eu consequat eget, porttitor sed dui. Nam eu hendrerit nibh. Mauris vulputate lectus … Read more