SlideShare uma empresa Scribd logo

ATAGTR2017 Static and dynamic code analysis for mobile applications - Act early to find hidden test issues

Agile Testing Alliance
Agile Testing Alliance

The presentation on Static and dynamic code analysis for mobile applications - Act early to find hidden test issues was done during #ATAGTR2017, one of the largest global testing conference. All copyright belongs to the author. Author and presenter : Sumit Mundhada

Tecnologia
1 de 15
#ATAGTR2017 16th 17th March Static and Dynamic code analysis for mobile applications - Act early to find hidden test issues Sumit Mundhada
Agile Testing Alliance Global Testing Retreat 2017 Abstract Static and Dynamic analysis are the powerful techniques to find many issues before actual testing begins, If skilled testers uses this techniques during testing phase many issues can be saved in time. In this paper we are looking effective ways to use static and dynamic analysis for Android applications, Benefits on using static analysis tools. We will also see standard tools like Lint and a demo code to see how we can include this in our testing phase.
Agile Testing Alliance Global Testing Retreat 2017 Introduction Today, Android is one of the most used OS for mobile phones. Performance and Security are the major challenges for most of the android applications. Manual testing alone can not help in finding all of the issues and that is where static and dynamic analysis comes in picture. Without executing code we can find bugs using static analysis, Dynamic Analysis helps in profiling and debugging live issues. We will cover what is exactly static and dynamic analysis means and how to use it in mobile application testing.
Agile Testing Alliance Global Testing Retreat 2017 Static Vs Dynamic Analysis Static Analysis : Analysis of source code during compile-time. Static analysis tools are used while doing static analysis Memory leaks Unused variables Deadlock Security issue Performance issue Unused resources Exceptions Null pointers Dynamic Analysis : Analysis during run time in live environment Example : Assertions, Code Coverage, Testing
Agile Testing Alliance Global Testing Retreat 2017 Why Static and Dynamic Analysis • Compiler – Why we use it ? • How you will trust your code ? • Data flows if any ? • Manual testing is not sufficient • Security issues ? • Hidden issues if any • Can we test all code using manual test cases ? • Can we achieve optimization ? • Test first mindset • From good to have to must have • Time saving • Human errors if any • Performance issue • Smart testing
Agile Testing Alliance Global Testing Retreat 2017 Static Analysis • It can be done on the downloaded application • If you are using Android studio then Lint can be used • It can be done on the source code of the applications • Improve your code • Improve reliability and efficiency of your android apps • Can find potential bugs and helps in code optimization • Helps to improve performance & high level security audit Permissions Code Vulnerability SecurityWarnings Performance
Agile Testing Alliance Global Testing Retreat 2017 Dynamic Analysis • Evaluation based on program execution • Run time execution • Application execution is must • Testing is good example Verification, Assertions Testing Code Coverage
Agile Testing Alliance Global Testing Retreat 2017 Android - Overview
Agile Testing Alliance Global Testing Retreat 2017 Static Analysis - Lint • It is code scanning tool for Android applications • Work with Android studio • Problems with detail description and severity level
Agile Testing Alliance Global Testing Retreat 2017 Static Analysis - Lint • Performance problems • Unused resources, images • Junk code • Usability problems • Manifest errors • Security warnings • Memory leaks • Html report • Run with Gradle • Adjustable warnings • Spelling check • Correctness • Unused variables
Agile Testing Alliance Global Testing Retreat 2017 Xcode static analyzer • Find bugs, hidden test issues before you run your code in iOS. • Analyze from the IDE • Analyze from the command line • Analyze from Jenkins • HTML reports Memory leak Unused code, variable Null pointers Control flow, API flow Permissions Time profilers System Trace
Agile Testing Alliance Global Testing Retreat 2017 Dynamic Analysis : DroidBox • Hashes for the analyzed package • Network data check • File operations • Information leaks via the network, file and SMS • Check permissions • Android API check • Listing broadcast receivers • Sent SMS and phone calls • Intent & Activity check • Instrumentation • Testing
Agile Testing Alliance Global Testing Retreat 2017 Dynamic Analysis 1. Assertions : One good example int abc (int arg a) { assert (arg a > 2) return 1; } 2. Code Coverage : It can help a lot in checking how much code is checked Start Do A Do X Do y Do B Do Z
Agile Testing Alliance Global Testing Retreat 2017 Demo • Practical Demo • Discussions • Q&A
Agile Testing Alliance Global Testing Retreat 2017 References • https://en.wikipedia.org/wiki/Static_program_analysis • https://en.wikipedia.org/wiki/Dynamic_program_analysis • https://developer.android.com/studio/write/lint.html • https://developer.android.com/guide/platform/index.html • https://github.com/pjlantz/droidbox • http://tools.android.com/tips/lint • https://developer.apple.com/library/content/documentation/Devel operTools/Conceptual/debugging_with_xcode/chapters/static_anal yzer.html • https://developer.apple.com/xcode/features/

Recomendados

ATAGTR2017 Machine Learning telepathy for Shift Right approach of testing
ATAGTR2017 Machine Learning telepathy for Shift Right approach of testingATAGTR2017 Machine Learning telepathy for Shift Right approach of testing
ATAGTR2017 Machine Learning telepathy for Shift Right approach of testing
Agile Testing Alliance
 
ATAGTR2017 Test the REST
ATAGTR2017 Test the REST ATAGTR2017 Test the REST
ATAGTR2017 Test the REST
Agile Testing Alliance
 
ATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real World
Agile Testing Alliance
 
ATAGTR2017 Artificial Intelligence in Software Testing – Demystified
ATAGTR2017 Artificial Intelligence in Software Testing – DemystifiedATAGTR2017 Artificial Intelligence in Software Testing – Demystified
ATAGTR2017 Artificial Intelligence in Software Testing – Demystified
Agile Testing Alliance
 
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
Agile Testing Alliance
 
ATAGTR2017 Security Test Driven Development (STDD)
ATAGTR2017 Security Test Driven Development (STDD)ATAGTR2017 Security Test Driven Development (STDD)
ATAGTR2017 Security Test Driven Development (STDD)
Agile Testing Alliance
 
ATAGTR2017 Expanding test horizons with Robot Framework
ATAGTR2017 Expanding test horizons with Robot FrameworkATAGTR2017 Expanding test horizons with Robot Framework
ATAGTR2017 Expanding test horizons with Robot Framework
Agile Testing Alliance
 
ATAGTR2017 Keeping pace with Product Evolution: UI Automation Framework Guide...
ATAGTR2017 Keeping pace with Product Evolution: UI Automation Framework Guide...ATAGTR2017 Keeping pace with Product Evolution: UI Automation Framework Guide...
ATAGTR2017 Keeping pace with Product Evolution: UI Automation Framework Guide...
Agile Testing Alliance
 

Recomendados

ATAGTR2017 Machine Learning telepathy for Shift Right approach of testing
ATAGTR2017 Machine Learning telepathy for Shift Right approach of testingATAGTR2017 Machine Learning telepathy for Shift Right approach of testing
ATAGTR2017 Machine Learning telepathy for Shift Right approach of testing
Agile Testing Alliance
 
ATAGTR2017 Test the REST
ATAGTR2017 Test the REST ATAGTR2017 Test the REST
ATAGTR2017 Test the REST
Agile Testing Alliance
 
ATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real World
Agile Testing Alliance
 
ATAGTR2017 Artificial Intelligence in Software Testing – Demystified
ATAGTR2017 Artificial Intelligence in Software Testing – DemystifiedATAGTR2017 Artificial Intelligence in Software Testing – Demystified
ATAGTR2017 Artificial Intelligence in Software Testing – Demystified
Agile Testing Alliance
 
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
Agile Testing Alliance
 
ATAGTR2017 Security Test Driven Development (STDD)
ATAGTR2017 Security Test Driven Development (STDD)ATAGTR2017 Security Test Driven Development (STDD)
ATAGTR2017 Security Test Driven Development (STDD)
Agile Testing Alliance
 
ATAGTR2017 Expanding test horizons with Robot Framework
ATAGTR2017 Expanding test horizons with Robot FrameworkATAGTR2017 Expanding test horizons with Robot Framework
ATAGTR2017 Expanding test horizons with Robot Framework
Agile Testing Alliance
 
ATAGTR2017 Keeping pace with Product Evolution: UI Automation Framework Guide...
ATAGTR2017 Keeping pace with Product Evolution: UI Automation Framework Guide...ATAGTR2017 Keeping pace with Product Evolution: UI Automation Framework Guide...
ATAGTR2017 Keeping pace with Product Evolution: UI Automation Framework Guide...
Agile Testing Alliance
 
ATAGTR2017 Unified APM: The new age performance monitoring for production sys...
ATAGTR2017 Unified APM: The new age performance monitoring for production sys...ATAGTR2017 Unified APM: The new age performance monitoring for production sys...
ATAGTR2017 Unified APM: The new age performance monitoring for production sys...
Agile Testing Alliance
 
ATAGTR2017 Performance Automation in Dev-Ops
ATAGTR2017 Performance Automation in Dev-OpsATAGTR2017 Performance Automation in Dev-Ops
ATAGTR2017 Performance Automation in Dev-Ops
Agile Testing Alliance
 
ATAGTR2017 Wearable App Testing
ATAGTR2017 Wearable App TestingATAGTR2017 Wearable App Testing
ATAGTR2017 Wearable App Testing
Agile Testing Alliance
 
ATAGTR2017 Performance Testing of Big Data Application
ATAGTR2017 Performance Testing of Big Data ApplicationATAGTR2017 Performance Testing of Big Data Application
ATAGTR2017 Performance Testing of Big Data Application
Agile Testing Alliance
 
ATAGTR2017 Upgrading a mobile tester's weapons with advanced debugging
ATAGTR2017 Upgrading a mobile tester's weapons with advanced debuggingATAGTR2017 Upgrading a mobile tester's weapons with advanced debugging
ATAGTR2017 Upgrading a mobile tester's weapons with advanced debugging
Agile Testing Alliance
 
ATAGTR2017 SPEAKING EYE for differently abled people to see the web content
ATAGTR2017 SPEAKING EYE for differently abled people to see the web contentATAGTR2017 SPEAKING EYE for differently abled people to see the web content
ATAGTR2017 SPEAKING EYE for differently abled people to see the web content
Agile Testing Alliance
 
ATAGTR2017 HikeRunner: Load Test Framework
ATAGTR2017 HikeRunner: Load Test FrameworkATAGTR2017 HikeRunner: Load Test Framework
ATAGTR2017 HikeRunner: Load Test Framework
Agile Testing Alliance
 
The State of Testing 2017
The State of Testing 2017The State of Testing 2017
The State of Testing 2017
SmartBear
 
Amalgamation of BDD, parallel execution and mobile automation
Amalgamation of BDD, parallel execution and mobile automationAmalgamation of BDD, parallel execution and mobile automation
Amalgamation of BDD, parallel execution and mobile automation
Agile Testing Alliance
 
BDD along with Continuous Integration
BDD along with Continuous IntegrationBDD along with Continuous Integration
BDD along with Continuous Integration
Agile Testing Alliance
 
ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...
ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...
ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...
Agile Testing Alliance
 
ATAGTR2017 Testing in DevOps Culture
ATAGTR2017 Testing in DevOps CultureATAGTR2017 Testing in DevOps Culture
ATAGTR2017 Testing in DevOps Culture
Agile Testing Alliance
 
ATAGTR2017 An Innovative Take on Versa Test
ATAGTR2017 An Innovative Take on Versa TestATAGTR2017 An Innovative Take on Versa Test
ATAGTR2017 An Innovative Take on Versa Test
Agile Testing Alliance
 
ATAGTR2017 The way to recover the issue faced in IoT regression Testing
ATAGTR2017 The way to recover the issue faced in IoT regression TestingATAGTR2017 The way to recover the issue faced in IoT regression Testing
ATAGTR2017 The way to recover the issue faced in IoT regression Testing
Agile Testing Alliance
 
ATAGTR2017 Differentiation using Testing Tools and Automation in the BFS COTS...
ATAGTR2017 Differentiation using Testing Tools and Automation in the BFS COTS...ATAGTR2017 Differentiation using Testing Tools and Automation in the BFS COTS...
ATAGTR2017 Differentiation using Testing Tools and Automation in the BFS COTS...
Agile Testing Alliance
 
CP-SAT - Certified Professional Selenium Automation Testing
CP-SAT - Certified Professional Selenium Automation TestingCP-SAT - Certified Professional Selenium Automation Testing
CP-SAT - Certified Professional Selenium Automation Testing
Agile Testing Alliance
 
Use Automation to Assist -Not Replace- Manual Testing
Use Automation to Assist -Not Replace- Manual TestingUse Automation to Assist -Not Replace- Manual Testing
Use Automation to Assist -Not Replace- Manual Testing
SmartBear
 
From One Test To Test Framework With Rapise
From One Test To Test Framework With Rapise From One Test To Test Framework With Rapise
From One Test To Test Framework With Rapise
Inflectra
 
Kloia Quality Assurance
Kloia Quality AssuranceKloia Quality Assurance
Kloia Quality Assurance
kloia
 
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
SmartBear
 
ATAGTR2017 Estimation in Agile Testing - Not a big deal rather it's Fun
ATAGTR2017 Estimation in Agile Testing - Not a big deal rather it's FunATAGTR2017 Estimation in Agile Testing - Not a big deal rather it's Fun
ATAGTR2017 Estimation in Agile Testing - Not a big deal rather it's Fun
Agile Testing Alliance
 
ATAGTR2017 Be a User first, then a tester!
ATAGTR2017 Be a User first, then a tester! ATAGTR2017 Be a User first, then a tester!
ATAGTR2017 Be a User first, then a tester!
Agile Testing Alliance
 

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

ATAGTR2017 Unified APM: The new age performance monitoring for production sys...
ATAGTR2017 Unified APM: The new age performance monitoring for production sys...ATAGTR2017 Unified APM: The new age performance monitoring for production sys...
ATAGTR2017 Unified APM: The new age performance monitoring for production sys...
 
ATAGTR2017 Performance Automation in Dev-Ops
ATAGTR2017 Performance Automation in Dev-OpsATAGTR2017 Performance Automation in Dev-Ops
ATAGTR2017 Performance Automation in Dev-Ops
 
ATAGTR2017 Wearable App Testing
ATAGTR2017 Wearable App TestingATAGTR2017 Wearable App Testing
ATAGTR2017 Wearable App Testing
 
ATAGTR2017 Performance Testing of Big Data Application
ATAGTR2017 Performance Testing of Big Data ApplicationATAGTR2017 Performance Testing of Big Data Application
ATAGTR2017 Performance Testing of Big Data Application
 
ATAGTR2017 Upgrading a mobile tester's weapons with advanced debugging
ATAGTR2017 Upgrading a mobile tester's weapons with advanced debuggingATAGTR2017 Upgrading a mobile tester's weapons with advanced debugging
ATAGTR2017 Upgrading a mobile tester's weapons with advanced debugging
 
ATAGTR2017 SPEAKING EYE for differently abled people to see the web content
ATAGTR2017 SPEAKING EYE for differently abled people to see the web contentATAGTR2017 SPEAKING EYE for differently abled people to see the web content
ATAGTR2017 SPEAKING EYE for differently abled people to see the web content
 
ATAGTR2017 HikeRunner: Load Test Framework
ATAGTR2017 HikeRunner: Load Test FrameworkATAGTR2017 HikeRunner: Load Test Framework
ATAGTR2017 HikeRunner: Load Test Framework
 
The State of Testing 2017
The State of Testing 2017The State of Testing 2017
The State of Testing 2017
 
Amalgamation of BDD, parallel execution and mobile automation
Amalgamation of BDD, parallel execution and mobile automationAmalgamation of BDD, parallel execution and mobile automation
Amalgamation of BDD, parallel execution and mobile automation
 
BDD along with Continuous Integration
BDD along with Continuous IntegrationBDD along with Continuous Integration
BDD along with Continuous Integration
 
ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...
ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...
ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...
 
ATAGTR2017 Testing in DevOps Culture
ATAGTR2017 Testing in DevOps CultureATAGTR2017 Testing in DevOps Culture
ATAGTR2017 Testing in DevOps Culture
 
ATAGTR2017 An Innovative Take on Versa Test
ATAGTR2017 An Innovative Take on Versa TestATAGTR2017 An Innovative Take on Versa Test
ATAGTR2017 An Innovative Take on Versa Test
 
ATAGTR2017 The way to recover the issue faced in IoT regression Testing
ATAGTR2017 The way to recover the issue faced in IoT regression TestingATAGTR2017 The way to recover the issue faced in IoT regression Testing
ATAGTR2017 The way to recover the issue faced in IoT regression Testing
 
ATAGTR2017 Differentiation using Testing Tools and Automation in the BFS COTS...
ATAGTR2017 Differentiation using Testing Tools and Automation in the BFS COTS...ATAGTR2017 Differentiation using Testing Tools and Automation in the BFS COTS...
ATAGTR2017 Differentiation using Testing Tools and Automation in the BFS COTS...
 
CP-SAT - Certified Professional Selenium Automation Testing
CP-SAT - Certified Professional Selenium Automation TestingCP-SAT - Certified Professional Selenium Automation Testing
CP-SAT - Certified Professional Selenium Automation Testing
 
Use Automation to Assist -Not Replace- Manual Testing
Use Automation to Assist -Not Replace- Manual TestingUse Automation to Assist -Not Replace- Manual Testing
Use Automation to Assist -Not Replace- Manual Testing
 
From One Test To Test Framework With Rapise
From One Test To Test Framework With Rapise From One Test To Test Framework With Rapise
From One Test To Test Framework With Rapise
 
Kloia Quality Assurance
Kloia Quality AssuranceKloia Quality Assurance
Kloia Quality Assurance
 
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
 

Destaque

Destaque (8)

ATAGTR2017 Estimation in Agile Testing - Not a big deal rather it's Fun
ATAGTR2017 Estimation in Agile Testing - Not a big deal rather it's FunATAGTR2017 Estimation in Agile Testing - Not a big deal rather it's Fun
ATAGTR2017 Estimation in Agile Testing - Not a big deal rather it's Fun
 
ATAGTR2017 Be a User first, then a tester!
ATAGTR2017 Be a User first, then a tester! ATAGTR2017 Be a User first, then a tester!
ATAGTR2017 Be a User first, then a tester!
 
ATAGTR2017 Bee-Hive approach for Big Data Testing [End to End Continuous Test...
ATAGTR2017 Bee-Hive approach for Big Data Testing [End to End Continuous Test...ATAGTR2017 Bee-Hive approach for Big Data Testing [End to End Continuous Test...
ATAGTR2017 Bee-Hive approach for Big Data Testing [End to End Continuous Test...
 
ATAGTR2017 Detect Layout Bugs by Simulating Human Eye
ATAGTR2017 Detect Layout Bugs by Simulating Human EyeATAGTR2017 Detect Layout Bugs by Simulating Human Eye
ATAGTR2017 Detect Layout Bugs by Simulating Human Eye
 
ATAGTR2017 Batch Workload Modelling and Performance Optimization
ATAGTR2017 Batch Workload Modelling and Performance Optimization ATAGTR2017 Batch Workload Modelling and Performance Optimization
ATAGTR2017 Batch Workload Modelling and Performance Optimization
 
ATAGTR2017 Blockchain Based Testing
ATAGTR2017 Blockchain Based TestingATAGTR2017 Blockchain Based Testing
ATAGTR2017 Blockchain Based Testing
 
Test Engagement - Vishal Prasad
Test Engagement - Vishal PrasadTest Engagement - Vishal Prasad
Test Engagement - Vishal Prasad
 
Service Virtualization - Kalpna
Service Virtualization - KalpnaService Virtualization - Kalpna
Service Virtualization - Kalpna
 

Semelhante a ATAGTR2017 Static and dynamic code analysis for mobile applications - Act early to find hidden test issues

Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
DevOps.com
 
Automation Proposal_V1.0
Automation Proposal_V1.0Automation Proposal_V1.0
Automation Proposal_V1.0
Dao Nhỏ
 
BDD Mobile Security Testing (OWASP AppSec Bucharest 2017)
BDD Mobile Security Testing (OWASP AppSec Bucharest 2017)BDD Mobile Security Testing (OWASP AppSec Bucharest 2017)
BDD Mobile Security Testing (OWASP AppSec Bucharest 2017)
Davide Cioccia
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software Security
Anne Oikarinen
 

Semelhante a ATAGTR2017 Static and dynamic code analysis for mobile applications - Act early to find hidden test issues (20)

[India Merge World Tour] Coverity
[India Merge World Tour] Coverity[India Merge World Tour] Coverity
[India Merge World Tour] Coverity
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT world
 
Software engineering practices and software quality empirical research results
Software engineering practices and software quality empirical research resultsSoftware engineering practices and software quality empirical research results
Software engineering practices and software quality empirical research results
 
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austinDev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
 
How to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less timeHow to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less time
 
Vipin qa engineer-3.5+years_exp
Vipin qa engineer-3.5+years_expVipin qa engineer-3.5+years_exp
Vipin qa engineer-3.5+years_exp
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
 
Static Code Analysis
Static Code AnalysisStatic Code Analysis
Static Code Analysis
 
Automation Proposal_V1.0
Automation Proposal_V1.0Automation Proposal_V1.0
Automation Proposal_V1.0
 
A Complete Guide to Codeless Testing.pdf
A Complete Guide to Codeless Testing.pdfA Complete Guide to Codeless Testing.pdf
A Complete Guide to Codeless Testing.pdf
 
BDD Mobile Security Testing (OWASP AppSec Bucharest 2017)
BDD Mobile Security Testing (OWASP AppSec Bucharest 2017)BDD Mobile Security Testing (OWASP AppSec Bucharest 2017)
BDD Mobile Security Testing (OWASP AppSec Bucharest 2017)
 
AI improves software testing through test automation, test creation and test ...
AI improves software testing through test automation, test creation and test ...AI improves software testing through test automation, test creation and test ...
AI improves software testing through test automation, test creation and test ...
 
Applying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.MonateApplying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.Monate
 
2018 State of Testing Survey Results
2018 State of Testing Survey Results2018 State of Testing Survey Results
2018 State of Testing Survey Results
 
AI improves software testing to be more fault tolerant, focused and efficient
AI improves software testing to be more fault tolerant, focused and efficientAI improves software testing to be more fault tolerant, focused and efficient
AI improves software testing to be more fault tolerant, focused and efficient
 
Testing banking apps
Testing banking appsTesting banking apps
Testing banking apps
 
Testistanbul 2016 - Keynote: "Why Automated Verification Matters" by Kristian...
Testistanbul 2016 - Keynote: "Why Automated Verification Matters" by Kristian...Testistanbul 2016 - Keynote: "Why Automated Verification Matters" by Kristian...
Testistanbul 2016 - Keynote: "Why Automated Verification Matters" by Kristian...
 
End-end tests as first class citizens - SeleniumConf 2020
End-end tests as first class citizens - SeleniumConf 2020End-end tests as first class citizens - SeleniumConf 2020
End-end tests as first class citizens - SeleniumConf 2020
 
Behavior Driven Development—A Guide to Agile Practices by Josh Eastman
Behavior Driven Development—A Guide to Agile Practices by Josh EastmanBehavior Driven Development—A Guide to Agile Practices by Josh Eastman
Behavior Driven Development—A Guide to Agile Practices by Josh Eastman
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software Security
 

Mais de Agile Testing Alliance

Mais de Agile Testing Alliance (20)

#Interactive Session by Anindita Rath and Mahathee Dandibhotla, "From Good to...
#Interactive Session by Anindita Rath and Mahathee Dandibhotla, "From Good to...#Interactive Session by Anindita Rath and Mahathee Dandibhotla, "From Good to...
#Interactive Session by Anindita Rath and Mahathee Dandibhotla, "From Good to...
 
#Interactive Session by Ajay Balamurugadas, "Where Are The Real Testers In T...
#Interactive Session by Ajay Balamurugadas, "Where Are The Real Testers In T...#Interactive Session by Ajay Balamurugadas, "Where Are The Real Testers In T...
#Interactive Session by Ajay Balamurugadas, "Where Are The Real Testers In T...
 
#Interactive Session by Jishnu Nambiar and Mayur Ovhal, "Monitoring Web Per...
#Interactive Session by Jishnu Nambiar and Mayur Ovhal, "Monitoring Web Per...#Interactive Session by Jishnu Nambiar and Mayur Ovhal, "Monitoring Web Per...
#Interactive Session by Jishnu Nambiar and Mayur Ovhal, "Monitoring Web Per...
 
#Interactive Session by Pradipta Biswas and Sucheta Saurabh Chitale, "Navigat...
#Interactive Session by Pradipta Biswas and Sucheta Saurabh Chitale, "Navigat...#Interactive Session by Pradipta Biswas and Sucheta Saurabh Chitale, "Navigat...
#Interactive Session by Pradipta Biswas and Sucheta Saurabh Chitale, "Navigat...
 
#Interactive Session by Apoorva Ram, "The Art of Storytelling for Testers" at...
#Interactive Session by Apoorva Ram, "The Art of Storytelling for Testers" at...#Interactive Session by Apoorva Ram, "The Art of Storytelling for Testers" at...
#Interactive Session by Apoorva Ram, "The Art of Storytelling for Testers" at...
 
#Interactive Session by Nikhil Jain, "Catch All Mail With Graph" at #ATAGTR2023.
#Interactive Session by Nikhil Jain, "Catch All Mail With Graph" at #ATAGTR2023.#Interactive Session by Nikhil Jain, "Catch All Mail With Graph" at #ATAGTR2023.
#Interactive Session by Nikhil Jain, "Catch All Mail With Graph" at #ATAGTR2023.
 
#Interactive Session by Ashok Kumar S, "Test Data the key to robust test cove...
#Interactive Session by Ashok Kumar S, "Test Data the key to robust test cove...#Interactive Session by Ashok Kumar S, "Test Data the key to robust test cove...
#Interactive Session by Ashok Kumar S, "Test Data the key to robust test cove...
 
#Interactive Session by Seema Kohli, "Test Leadership in the Era of Artificia...
#Interactive Session by Seema Kohli, "Test Leadership in the Era of Artificia...#Interactive Session by Seema Kohli, "Test Leadership in the Era of Artificia...
#Interactive Session by Seema Kohli, "Test Leadership in the Era of Artificia...
 
#Interactive Session by Ashwini Lalit, RRR of Test Automation Maintenance" at...
#Interactive Session by Ashwini Lalit, RRR of Test Automation Maintenance" at...#Interactive Session by Ashwini Lalit, RRR of Test Automation Maintenance" at...
#Interactive Session by Ashwini Lalit, RRR of Test Automation Maintenance" at...
 
#Interactive Session by Srithanga Aishvarya T, "Machine Learning Model to aut...
#Interactive Session by Srithanga Aishvarya T, "Machine Learning Model to aut...#Interactive Session by Srithanga Aishvarya T, "Machine Learning Model to aut...
#Interactive Session by Srithanga Aishvarya T, "Machine Learning Model to aut...
 
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
 
#Interactive Session by Sudhir Upadhyay and Ashish Kumar, "Strengthening Test...
#Interactive Session by Sudhir Upadhyay and Ashish Kumar, "Strengthening Test...#Interactive Session by Sudhir Upadhyay and Ashish Kumar, "Strengthening Test...
#Interactive Session by Sudhir Upadhyay and Ashish Kumar, "Strengthening Test...
 
#Interactive Session by Sayan Deb Kundu, "Testing Gen AI Applications" at #AT...
#Interactive Session by Sayan Deb Kundu, "Testing Gen AI Applications" at #AT...#Interactive Session by Sayan Deb Kundu, "Testing Gen AI Applications" at #AT...
#Interactive Session by Sayan Deb Kundu, "Testing Gen AI Applications" at #AT...
 
#Interactive Session by Dinesh Boravke, "Zero Defects – Myth or Reality" at #...
#Interactive Session by Dinesh Boravke, "Zero Defects – Myth or Reality" at #...#Interactive Session by Dinesh Boravke, "Zero Defects – Myth or Reality" at #...
#Interactive Session by Dinesh Boravke, "Zero Defects – Myth or Reality" at #...
 
#Interactive Session by Saby Saurabh Bhardwaj, "Redefine Quality Assurance –...
#Interactive Session by Saby Saurabh Bhardwaj, "Redefine Quality Assurance –...#Interactive Session by Saby Saurabh Bhardwaj, "Redefine Quality Assurance –...
#Interactive Session by Saby Saurabh Bhardwaj, "Redefine Quality Assurance –...
 
#Keynote Session by Sanjay Kumar, "Innovation Inspired Testing!!" at #ATAGTR2...
#Keynote Session by Sanjay Kumar, "Innovation Inspired Testing!!" at #ATAGTR2...#Keynote Session by Sanjay Kumar, "Innovation Inspired Testing!!" at #ATAGTR2...
#Keynote Session by Sanjay Kumar, "Innovation Inspired Testing!!" at #ATAGTR2...
 
#Keynote Session by Schalk Cronje, "Don’t Containerize me" at #ATAGTR2023.
#Keynote Session by Schalk Cronje, "Don’t Containerize me" at #ATAGTR2023.#Keynote Session by Schalk Cronje, "Don’t Containerize me" at #ATAGTR2023.
#Keynote Session by Schalk Cronje, "Don’t Containerize me" at #ATAGTR2023.
 
#Interactive Session by Chidambaram Vetrivel and Venkatesh Belde, "Revolution...
#Interactive Session by Chidambaram Vetrivel and Venkatesh Belde, "Revolution...#Interactive Session by Chidambaram Vetrivel and Venkatesh Belde, "Revolution...
#Interactive Session by Chidambaram Vetrivel and Venkatesh Belde, "Revolution...
 
#Interactive Session by Aniket Diwakar Kadukar and Padimiti Vaidik Eswar Dat...
#Interactive Session by Aniket Diwakar Kadukar and Padimiti Vaidik Eswar Dat...#Interactive Session by Aniket Diwakar Kadukar and Padimiti Vaidik Eswar Dat...
#Interactive Session by Aniket Diwakar Kadukar and Padimiti Vaidik Eswar Dat...
 
#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functiona...
#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functiona...#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functiona...
#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functiona...
 

Último

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Último (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

ATAGTR2017 Static and dynamic code analysis for mobile applications - Act early to find hidden test issues

  • 1. #ATAGTR2017 16th 17th March Static and Dynamic code analysis for mobile applications - Act early to find hidden test issues Sumit Mundhada
  • 2. Agile Testing Alliance Global Testing Retreat 2017 Abstract Static and Dynamic analysis are the powerful techniques to find many issues before actual testing begins, If skilled testers uses this techniques during testing phase many issues can be saved in time. In this paper we are looking effective ways to use static and dynamic analysis for Android applications, Benefits on using static analysis tools. We will also see standard tools like Lint and a demo code to see how we can include this in our testing phase.
  • 3. Agile Testing Alliance Global Testing Retreat 2017 Introduction Today, Android is one of the most used OS for mobile phones. Performance and Security are the major challenges for most of the android applications. Manual testing alone can not help in finding all of the issues and that is where static and dynamic analysis comes in picture. Without executing code we can find bugs using static analysis, Dynamic Analysis helps in profiling and debugging live issues. We will cover what is exactly static and dynamic analysis means and how to use it in mobile application testing.
  • 4. Agile Testing Alliance Global Testing Retreat 2017 Static Vs Dynamic Analysis Static Analysis : Analysis of source code during compile-time. Static analysis tools are used while doing static analysis Memory leaks Unused variables Deadlock Security issue Performance issue Unused resources Exceptions Null pointers Dynamic Analysis : Analysis during run time in live environment Example : Assertions, Code Coverage, Testing
  • 5. Agile Testing Alliance Global Testing Retreat 2017 Why Static and Dynamic Analysis • Compiler – Why we use it ? • How you will trust your code ? • Data flows if any ? • Manual testing is not sufficient • Security issues ? • Hidden issues if any • Can we test all code using manual test cases ? • Can we achieve optimization ? • Test first mindset • From good to have to must have • Time saving • Human errors if any • Performance issue • Smart testing
  • 6. Agile Testing Alliance Global Testing Retreat 2017 Static Analysis • It can be done on the downloaded application • If you are using Android studio then Lint can be used • It can be done on the source code of the applications • Improve your code • Improve reliability and efficiency of your android apps • Can find potential bugs and helps in code optimization • Helps to improve performance & high level security audit Permissions Code Vulnerability SecurityWarnings Performance
  • 7. Agile Testing Alliance Global Testing Retreat 2017 Dynamic Analysis • Evaluation based on program execution • Run time execution • Application execution is must • Testing is good example Verification, Assertions Testing Code Coverage
  • 8. Agile Testing Alliance Global Testing Retreat 2017 Android - Overview
  • 9. Agile Testing Alliance Global Testing Retreat 2017 Static Analysis - Lint • It is code scanning tool for Android applications • Work with Android studio • Problems with detail description and severity level
  • 10. Agile Testing Alliance Global Testing Retreat 2017 Static Analysis - Lint • Performance problems • Unused resources, images • Junk code • Usability problems • Manifest errors • Security warnings • Memory leaks • Html report • Run with Gradle • Adjustable warnings • Spelling check • Correctness • Unused variables
  • 11. Agile Testing Alliance Global Testing Retreat 2017 Xcode static analyzer • Find bugs, hidden test issues before you run your code in iOS. • Analyze from the IDE • Analyze from the command line • Analyze from Jenkins • HTML reports Memory leak Unused code, variable Null pointers Control flow, API flow Permissions Time profilers System Trace
  • 12. Agile Testing Alliance Global Testing Retreat 2017 Dynamic Analysis : DroidBox • Hashes for the analyzed package • Network data check • File operations • Information leaks via the network, file and SMS • Check permissions • Android API check • Listing broadcast receivers • Sent SMS and phone calls • Intent & Activity check • Instrumentation • Testing
  • 13. Agile Testing Alliance Global Testing Retreat 2017 Dynamic Analysis 1. Assertions : One good example int abc (int arg a) { assert (arg a > 2) return 1; } 2. Code Coverage : It can help a lot in checking how much code is checked Start Do A Do X Do y Do B Do Z
  • 14. Agile Testing Alliance Global Testing Retreat 2017 Demo • Practical Demo • Discussions • Q&A
  • 15. Agile Testing Alliance Global Testing Retreat 2017 References • https://en.wikipedia.org/wiki/Static_program_analysis • https://en.wikipedia.org/wiki/Dynamic_program_analysis • https://developer.android.com/studio/write/lint.html • https://developer.android.com/guide/platform/index.html • https://github.com/pjlantz/droidbox • http://tools.android.com/tips/lint • https://developer.apple.com/library/content/documentation/Devel operTools/Conceptual/debugging_with_xcode/chapters/static_anal yzer.html • https://developer.apple.com/xcode/features/