Take Me Home – Project Overview

Related articles: ►CI/CD infrastructure: Choosing and setting up a server with Jenkins as Docker image Dockerizing Android SDK and Emulator for testing  ►Automated Unit- and GUI-Testing for Android in Jenkins  ►Testing a MongoDB with NodeJS, Mocha and Mongoose


During the winter term 2017/2018, we created an app called Take Me Home. The purpose of the app is to guide you home in case you are not able to find the way back home by yourself. There are several situations in (a student’s) life when this functionality can be very useful. For example, under the influence of a specific amount of alcohol even an easy and short path back home can get rather challenging. In this case one can use Take Me Home to find a fast and save way back home.
Continue reading

Android SDK and emulator in Docker for testing

Related articles: ►Take Me Home – Project Overview  ►CI/CD infrastructure: Choosing and setting up a server with Jenkins as Docker image Automated Unit- and GUI-Testing for Android in Jenkins  ►Testing a MongoDB with NodeJS, Mocha and Mongoose


During our Android development project, we had to cope with several technological and organizational challenges with regard to construct a stable CI pipeline. Due to our chosen stack of Docker containers for building and deploying we had to confront with the topic how to integrate and deploy a building and testing environment for Android in Docker.

For a better understanding of this challenge following illustration of our stack can be consulted:


Continue reading

Automated Unit- and GUI-Testing for Android in Jenkins

Related articles: ►Take Me Home – Project Overview  ►CI/CD infrastructure: Choosing and setting up a server with Jenkins as Docker image Android SDK and emulator in Docker for testing   ►Testing a MongoDB with NodeJS, Mocha and Mongoose


In this article we would like to describe, how to write unit- and gui-tests for an Android-Application in Android Studio and how-to automat these tests on Jenkins.

Tools and frameworks

We used the following tools and frameworks to write and automate our tests:

  • Android Studio
  • JUnit
  • Espresso
  • Jenkins

Unit-Tests

To test the basic functionality of your app, the best way is to run a unit-test. Continue reading

CI/CD infrastructure: Choosing and setting up a server with Jenkins as Docker image

Related articles: ►Take Me Home – Project Overview  ►Android SDK and emulator in Docker for testing  ►Automated Unit- and GUI-Testing for Android in Jenkins  ►Testing a MongoDB with NodeJS, Mocha and Mongoose


This article will run you through the motivation for a continuous integration and delivery, choosing a corresponding tool and a server to run it on. It will give you a brief overview over IBM Bluemix and kubernetes as server solution and then discuss the application for a virtual machine inside a company. There are some useful instructions (for beginners) on generating key-pairs for the server on Windows. Next there is a motivation why to run Jenkins (the CI tool of choice) as docker container and gives some instructions to get started. Finally, frequent problems are discussed which hopefully save some of your time.
Continue reading

Testing a MongoDB with NodeJS, Mocha and Mongoose

Related articles: ►Take Me Home – Project Overview  ►CI/CD infrastructure: Choosing and setting up a server with Jenkins as Docker image Android SDK and emulator in Docker for testing  ►Automated Unit- and GUI-Testing for Android in Jenkins 


Setting up the testing environment and workflow

Setup:

  • Jenkins CI Docker Container
  • MongoDB Docker Container
  • Production-MongoDB on mlab.com
  • NodeJS Web-Application, hosted on heroku.com

Regarding our database tests we wanted to achieve two things: first of all, we wanted to test any functions of our web application using mongoose which change persistent data. Secondly, we needed database tests to test if eventual model-changes are compatible with our data in the production database.
In relational database management systems one defines constraints in the database, which are tested by the database tests. Since we are using MongoDB though, we don’t really have any constraint in the database. Instead we can define any needed constraints with mongoose right in the application. Therefore, cloning the production database for testing is only required when migrating data (or when having constraints defined) but non-essential for the consistency of the as-is backend.
So alternatively when testing a MongoDB we could also use a shell-script or a “before”-function, that gets called once before starting the tests, to define our database testing environment, like creating the same collections we have in the production database and put in test data for our test cases.
Continue reading

Security in a SaaS startup and today’s security issues with DevOps

Motivation

Facing security in a company nowadays is a big job: it starts with a backup strategy ensuring the business continuation, plans for recovery after major breakdowns, ensuring physical security (entrance control, lock-pads, safes), screening of potential employees, monitoring servers, applications and workstations, training the employees in security issues and policies and does not even end with a proper patch management or in case of software development secure coding. As we see using a safe password ([10] explains safe passwords) and the hope of not being caught by the next ransom attack is not enough. Security is a combination of organizational, technical and physical measurements.
Continue reading

Vulnerable Vehicles – Connected cars and their security issues

In times of the continuing Internet-of-things- and connectivity-hype, a connected variant of “the German’s favourite toy” cannot be absent. Modern cars, SUVs and lightweight trucks come with all kinds of connected features, from smartphone interface integration up to social media in the navigation system. But what about the security of these features? Is there a way to compromise them? And what could be possible results of a remote exploitation? This blog post gives an overview about the current state of research in terms of connected car security and shows us some problems, which could be live threatening to some extent.

The automotive industry finds itself a bit between the devil and the deep blue sea at the moment. Besides record turnovers and economic success, the manufacturers are faced with some serious challenges. Dieselgate, alleged cartels, general antitrust issues and massive pressure from the governments due to legislations and the push of new drive concepts are only a short summary of the problems the whole industry has to deal with.

Continue reading

Usable Security – Users are not your enemy

Introduction

Often overlooked, usability turned out to be one of the most important aspects of security. Usable systems enable users to accomplish their goals with increased productivity, less errors and security incidents. And It stills seems to be the exception rather than the rule.

When it comes to software, many people believe there is an fundamental tradeoff between security and usability. A choice between one of them has to be done. The belief is – make it more secure – and immediately – things become harder to use.

It’s a never-ending challenge – security and usability experts arguing about which one is more important. And some more people of the engineering and marketing department get involved giving their views and trying to convince the others. Finding the right balance between security and usability is without a doubt a challenging task.

The serious problem: User experience can suffer as digital products become more secure. In other words: the more secure you make something, the less secure it becomes. Why?
Continue reading

Embedded Security using an ESP32

Ever wondered why your brand-new Philips Hue suddenly starts blinking SOS?

Or why there is an ominous Broadcast on your Samsung TV while watching your daily Desperate Housewives?

And didn’t you wear an Apple Watch a few minutes ago, and why did you buy 2 TVs in that time?

Security of smart and embedded devices is one of those topics everyone heard about – might it be good or (more likely) bad.

Let us take a journey down the rabbit hole and find out how such devices handle security today and how we can improve that. On that journey, we will visit 5 points which, in all fairness, are going to be quite technical. Continue reading