rp2 automated end to end email component testing
play

RP2: Automated end-to-end email component testing MSc. Security - PowerPoint PPT Presentation

Jun 27, 2023 •659 likes •951 views

RP2: Automated end-to-end email component testing MSc. Security & Network Engineering Kevin Csuka, Isaac Klop October 16, 2018 University of Amsterdam Supervisor: Michiel Leenaars, NLnet Intro 1 Intro E-mail software is complex

  1. RP2: Automated end-to-end email component testing MSc. Security & Network Engineering Kevin Csuka, Isaac Klop October 16, 2018 University of Amsterdam Supervisor: Michiel Leenaars, NLnet

  2. Intro 1

  3. Intro • E-mail software is complex • Large surface for human error 1

  4. Intro • E-mail software is complex • Large surface for human error • How do you know you did it right? • Anxiety around managing own mail server 1

  5. Intro • E-mail software is complex • Large surface for human error • How do you know you did it right? • Anxiety around managing own mail server • Misses an automated end-to-end test 1

  6. Research Question To what extent can we prove a mail server is properly set up via end-to-end component testing? 2

  7. Related Work • End-to-end integration testing [Paul, 2001] [1] 3

  8. Related Work • End-to-end integration testing [Paul, 2001] [1] • Internet.nl [2] • mail-tester.com [3] • MxToolbox [4] • emailsecuritycheck.net [5] 3

  9. Related Work • End-to-end integration testing [Paul, 2001] [1] • Internet.nl [2] • mail-tester.com [3] • MxToolbox [4] • emailsecuritycheck.net [5] • Not end-to-end • Not automated 3

  10. Method Divided in 3 parts: 4

  11. Method Divided in 3 parts: 1. Taxonomy 4

  12. Method Divided in 3 parts: 1. Taxonomy 2. Design tests • End-to-end testing • Black box • RFC/Specifications/Best Practices 4

  13. Method Divided in 3 parts: 1. Taxonomy 2. Design tests • End-to-end testing • Black box • RFC/Specifications/Best Practices 3. Proof of concept • Python3 • Modular • Continuous Integration / Continuous Deployment (CI/CD) 4

  14. Results - Taxonomy Figure 1: Taxonomy of the e-mail architecture 5

  15. Results - Test Design • Expected behaviour of components • Refer to the respective RFC/Specification 6

  16. Results - Test Design • Expected behaviour of components • Refer to the respective RFC/Specification • E.g. SPF [6] • HELO domain, MAIL FROM domain, IP address • Is IP address authorized for domain? • Returns result code (i.e. pass , fail , softfail etc.) • RFC guidelines for result 6

  17. Results - Test Design Figure 2: SPF test design example 7

  18. Proof of Concept • Multiple mail servers Components Implemented • Public IP address IMAP ✓ • Different configuration SMTP ✓ • Intentional flaws in configuration/DNS SMTP-AUTH ✓ records TLS ✓ • Automated via Ansible DANE ✓ SPF ✓ DKIM ✓ DMARC partial SRS ✗ Greylisting partial Spamfilter partial Sieve ✓ Table 1: Components which the test suite can 8 and cannot verify

  19. Proof of Concept - Limitations • Guidance from RFC/specification is limited • SPF softfail [6] • Greylisting [7] • Various errors • DMARC sending report • SRS • Spamfilter 9

  20. Proof of Concept Figure 3: Test suite - test run 10

  21. Conclusion • Tool assures administrator components work properly • Limitations 11

  22. Discussion • Not all test cases covered - no complete taxonomy • Opinionated (RFC often states SHOULD) • End-to-end testing vs. unit/integration testing 12

  23. Future Work • Complete topology/taxonomy of e-mail infrastructure components • Spam filter • Expand current tests, e.g. ARC [8], edge cases • Form of authentication for the test mail-servers • Comparison study 13

  24. Questions? ? 14

  25. References i R. Paul, “End-to-end integration testing,” in Quality Software, 2001. Proceedings. Second Asia-Pacific Conference on . IEEE, 2001, pp. 211–220. Dutch Internet Standards Platform, “About the email test,” https://en.internet.nl/test-mail/, Accessed, Oct. 10 2018. MailPoet & AcyMailing., “Test the Spammyness of your Emails,” https://www.mail-tester.com/, Accessed, Oct. 10 2018. MxToolbox, Inc., “MxToolbox,” https://mxtoolbox.com/SuperTool.aspx, Accessed, Oct. 10 2018. Byteplant, “Free Email Security Check,” https://www.emailsecuritycheck.net/index.html, Accessed, Oct. 15 2018. 15

  26. References ii S. Kitterman, “Sender policy framework (spf) for authorizing use of domains in email, version 1,” Internet Requests for Comments, RFC Editor, RFC 7208, April 2014, http://www.rfc-editor.org/rfc/rfc7208.txt. [Online]. Available: http://www.rfc-editor.org/rfc/rfc7208.txt M. Kucherawy and D. Crocker, “Email greylisting: An applicability statement for smtp,” Internet Requests for Comments, RFC Editor, RFC 6647, June 2012, http://www.rfc-editor.org/rfc/rfc6647.txt. [Online]. Available: http://www.rfc-editor.org/rfc/rfc6647.txt Tim Wicinski, https://datatracker.ietf.org/doc/draft-ietf-dmarc-arc-protocol/?include text=1, 2018, Accessed, Oct. 09 2018. [Online]. Available: https://datatracker.ietf.org/doc/draft-ietf-dmarc-arc-protocol/?include text=1 16

  27. SRS Figure 4: SPF breaking e-mail forwarding 17

Recommend

Automated testing for multiplayer Game AI Automated testing for multiplayer Game AI in Sea of

Automated testing for multiplayer Game AI Automated testing for multiplayer Game AI in Sea of

Automated testing for multiplayer Game AI Automated testing for multiplayer Game AI in Sea of Thieves in Sea of Thieves Robert Masella Rare - Microsoft Studios About Me About Me Senior Gameplay Engineer Worked on: Banjo Kazooie:

785 views • 55 slides
Testing Testing one two, one two! Setting up an automated testing environment for Samba on

Testing Testing one two, one two! Setting up an automated testing environment for Samba on

Testing Testing one two, one two! Setting up an automated testing environment for Samba on Gluster Sachin Prabhu Michael Adam sprabhu@redhat.com obnox@samba.org 1 Agenda Setting up of an automated testing environment for Samba on Gluster

519 views • 23 slides
Competency generates results Universal testing machines Static und portable hardness

Competency generates results Universal testing machines Static und portable hardness

Competency generates results Universal testing machines Static und portable hardness testers Component and furniture testing systems Special testing machines and fully automated solutions Dimension measurement equipment

267 views • 13 slides
Combinatorial Testing Automated testing and J.P . Galeotti - Alessandra Gorla verification

Combinatorial Testing Automated testing and J.P . Galeotti - Alessandra Gorla verification

Combinatorial Testing Automated testing and J.P . Galeotti - Alessandra Gorla verification Wednesday, November 28, 12 Combinatorial testing: Basic idea Identify distinct attributes that can be varied In the data, environment, or

1.02k views • 52 slides
Enterprise Automated Testing System Integration North American Distributor ATaaS Technology

Enterprise Automated Testing System Integration North American Distributor ATaaS Technology

ATN-Emulator Enterprise Automated Testing System Integration North American Distributor ATaaS Technology Overview ATaaS (Automated Testing as a Service) is an end-to-end automated POS (Point of Sale) testing system with a robotic arm for

155 views • 14 slides
Eiffel Testing Framework (ETF): Automated Regression & Acceptance Testing EECS3311 A & E:

Eiffel Testing Framework (ETF): Automated Regression & Acceptance Testing EECS3311 A & E:

Eiffel Testing Framework (ETF): Automated Regression & Acceptance Testing EECS3311 A & E: Software Design Fall 2020 C HEN -W EI W ANG Learning Objectives Upon completing this lecture, you are expected to understand: 1. User Interface :

775 views • 22 slides
Towards Automated Testing of Web Service Choreographies Felipe Besson, Pedro Leal, Fabio Kon and

Towards Automated Testing of Web Service Choreographies Felipe Besson, Pedro Leal, Fabio Kon and

Towards Automated Testing of Web Service Choreographies Felipe Besson, Pedro Leal, Fabio Kon and Alfredo Goldman 6th International University of So Paulo Workshop on Automated Dejan Milojicic Software Testing Hewlett Packard Laboratories

248 views • 12 slides
Structural and dataflow testing (cont.) Automated testing and J.P . Galeotti - Alessandra Gorla

Structural and dataflow testing (cont.) Automated testing and J.P . Galeotti - Alessandra Gorla

Structural and dataflow testing (cont.) Automated testing and J.P . Galeotti - Alessandra Gorla verification Thursday, January 17, 13 Structural testing Judging test suite thoroughness based on the structure of the program itself Also

944 views • 80 slides
Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad

Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad

Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad Ureche, Cristian Zamfir, George Candea School of Computer and Communication Sciences Automated Software Testing Automated Industrial Techniques

1.25k views • 59 slides
Web Applications Testing Automated testing and JP Galeotti, Alessandra Gorla verification

Web Applications Testing Automated testing and JP Galeotti, Alessandra Gorla verification

Web Applications Testing Automated testing and JP Galeotti, Alessandra Gorla verification Thursday, January 31, 13 Why are Web applications different Web 1.0: Static content Client and Server side execution Different components and

442 views • 33 slides
Integration, System and Regression Testing Automated testing and J.P .Galeotti Alessandra Gorla

Integration, System and Regression Testing Automated testing and J.P .Galeotti Alessandra Gorla

Integration, System and Regression Testing Automated testing and J.P .Galeotti Alessandra Gorla verification Thursday, January 31, 13 Actual Needs and Delivered User Acceptance (alpha, beta test) Constraints Package Review System

999 views • 69 slides
Required Tutorial Eiffel Testing Framework (ETF): Automated Regression & Acceptance Testing

Required Tutorial Eiffel Testing Framework (ETF): Automated Regression & Acceptance Testing

Required Tutorial Eiffel Testing Framework (ETF): Automated Regression & Acceptance Testing All technical details of ETF are discussed in this tutorial series: https://www.youtube.com/playlist?list=PL5dxAmCmjv_ EECS3311 A & E: Software

447 views • 6 slides
Software testing Software Testing Introduction Testing levels Automated testing Principles and

Software testing Software Testing Introduction Testing levels Automated testing Principles and

Introduction Testing levels Automated testing Principles and testability Coverage Criteria Points for thought Software testing Software Testing Introduction Testing levels Automated testing Principles and testability Coverage Criteria

892 views • 55 slides
Introduction to software testing and quality process Automated testing and J.P . Galeotti -

Introduction to software testing and quality process Automated testing and J.P . Galeotti -

Introduction to software testing and quality process Automated testing and J.P . Galeotti - Alessandra Gorla verification Engineering processes Engineering disciplines pair construction activities activities that check intermediate

801 views • 58 slides
Testing Email Invitations in Testing Email Invitations in a Nonprobability Panel p y Elizabeth

Testing Email Invitations in Testing Email Invitations in a Nonprobability Panel p y Elizabeth

Testing Email Invitations in Testing Email Invitations in a Nonprobability Panel p y Elizabeth Nichols, Ryan King and Elizabeth Nichols, Ryan King and Jennifer Childs U S C U.S. Census Bureau B This presentation is released to inform

542 views • 27 slides
Automated Transformation from Descartes Modeling Language to Palladio Component Model Jrgen

Automated Transformation from Descartes Modeling Language to Palladio Component Model Jrgen

Automated Transformation from Descartes Modeling Language to Palladio Component Model Jrgen Walter, Simon Eismann, Adrian Hildebrandt Dept. of Computer Science, University of Wrzburg Symposium on Software Performance, Nov 6 th 2015, Munich,

700 views • 20 slides
Evolution of Automated Testing for Enterprise Systems BNSF BNSF Automation Time Line Automated

Evolution of Automated Testing for Enterprise Systems BNSF BNSF Automation Time Line Automated

P R E S E N T A T I O N Presentation Bios F8 Friday, November 2, 2001 11:15 AM E VOLUTION OF A UTOMATED T ESTING FOR E NTERPRISE S YSTEMS Cherie Coles BNSF Railroad International Conference On Software Testing Analysis & Review October

348 views • 22 slides
Testing for the Unexpected: An Automated T ti f th U t d A A t t d Method of Injecting

Testing for the Unexpected: An Automated T ti f th U t d A A t t d Method of Injecting

Testing for the Unexpected: An Automated T ti f th U t d A A t t d Method of Injecting Faults for Engine Management Development M t D l t Scott James Applied Dynamics International Sh Shaun Fuller Pickering Interfaces F ll

353 views • 18 slides
Automated Software Testing with Inferred Program Properties Tao Xie Dept. of Computer Science

Automated Software Testing with Inferred Program Properties Tao Xie Dept. of Computer Science

Automated Software Testing with Inferred Program Properties Tao Xie Dept. of Computer Science & Engineering University of Washington Joint work with David Notkin July 2004 Motivation Existing automated test generation tools are

638 views • 43 slides
Automated Testing Gleb Bahmutov, VP of Engineering at Cypress Gary Schultz, Chief Marketing Officer

Automated Testing Gleb Bahmutov, VP of Engineering at Cypress Gary Schultz, Chief Marketing Officer

Automated Testing Gleb Bahmutov, VP of Engineering at Cypress Gary Schultz, Chief Marketing Officer at BrieBug What is Automated Testing? Software that automatically checks whether actual results match expected results to ensure that an

317 views • 10 slides
Automated Curses Testing Brett Lymn Introduction Curses is a terminal independent interface to a

Automated Curses Testing Brett Lymn Introduction Curses is a terminal independent interface to a

Automated Curses Testing file:///home/user/blymn/presentations/curses-test/curses-test.html Automated Curses Testing Brett Lymn Introduction Curses is a terminal independent interface to a terminal Optimises screen updates to minimise data

429 views • 3 slides
EMI Inter-component and Large Scale Testing Infrastructure Danilo Dongiovanni INFN-CNAF Outline

EMI Inter-component and Large Scale Testing Infrastructure Danilo Dongiovanni INFN-CNAF Outline

EMI Inter-component and Large Scale Testing Infrastructure Danilo Dongiovanni INFN-CNAF Outline Background on EMI certification and testing process: Role of Testing Infrastructure within Quality Assurance o Product Team (PT) centric

504 views • 19 slides
Automated Audio Testing Bernard Rodrigue Software Developer, Audiokinetic Agenda History of

Automated Audio Testing Bernard Rodrigue Software Developer, Audiokinetic Agenda History of

Automated Audio Testing Bernard Rodrigue Software Developer, Audiokinetic Agenda History of Audio Testing Optimizing human interventions RoboQA in details Other forms of testing Your game and tools History Designer Test

773 views • 45 slides
Automated Flashing and Testing for Continuous Integration Igor Stoppa Embedded Linux Conference

Automated Flashing and Testing for Continuous Integration Igor Stoppa Embedded Linux Conference

Automated Flashing and Testing for Continuous Integration Igor Stoppa Embedded Linux Conference North America 2015 1 Automated Flasher Tester AFT Tool for deploying and verifying a SW image on an appropriate target HW device. Easily

309 views • 17 slides

More recommend