Automation Regression Suite creation for an insurance company in Asia-Pacific

Overview The client was undergoing a transformation from a legacy system (LIAS) to PentaISF solution in MCIS, which included all functional modules. The MZISF Core Life Insurance system implementation and existing legacy system replacement was slated to be a single delivery. MCIS was in need of an Automation Regression Pack, which would cover 60% of regression test conditions. Challenges

Though automation started 8 weeks later than the actual scheduled time, 1000 test conditions, which was part of the scope, had to be designed within the budget allocated for automation, and in the time left

Designed scripts had to have the capacity for uninterrupted execution in any environment without any modifications in the script Key Contributions

We designed a utility script which automatically created the word file containing the screen shots captured during execution, as proof of passed or failed scenarios

We enabled customer ID search in the application and its automatic creation if the same ID wasnt found in the application. This aided uninterrupted execution while creating policies

The designed scripts helped to set up the test bed for the application with large amounts of data

Automation Regression Suite creation and maintenance for a leading insurance company in India
Overview We were contracted to perform a comprehensive functional User Acceptance Test (UAT) of the business and support applications to ensure that all the functionalities requested by the company was available, and was functioning accurately as per the requirements specified in the business requirement documents. 100% of the go-live product testing had to be automated to reduce manual effort in current and future releases. Challenges

The automation test suite had to be made compatible with the performance of the application

Execution had to be synchronized due to poor performance of the application

The test suite had to be configured for execution in multiple environments

Quick solutions had to be implemented for the workarounds which were used in one environment that had permanent solutions in other environments Key Contributions

Automation helped in regression and re-testing of both go-live and current products for every release, thereby enabling the functional team to concentrate on testing of the new products

Automation also aided the preparation of pre-requisites and test bed for the regression, which relieved the functional team from the time-consuming test bed creation.

Online Functional Testing and Test Automation for an Islamic bank in the Middle East
Overview The client wanted to implement an online, robust Automation Testing Suite to regression test their internet banking application. The Automation Regression Suite was essential in order to test their periodic change request for their online application and to ensure that existing functionalities were not impacted. We were contacted by the client to develop the Automation Regression Suite and Functional Test Design pack for the online application. Challenges

Gathering of business requirements was difficult as these requirements were not managed and updated effectively

Pre-requisites for testing and creation of the test bed needed to be done with limited client resources

Support from the client was inadequate to freeze the deliverables and sign-off Key Contributions

We delivered a Functional Design pack and Automation Regression Suite, so that the client could design and execute UAT online in 20-30% of the usual time

We delivered an application-independent and keyword-driven automation framework that could be used to replicate automation of regression tests on other available applications

We deployed trained users on the testing methodology, automation testing and framework usage

Automation Regression Suite Creation and Maintenance for a prominent bank in the UK
Overview As this bank deployed at least one build into production every week, it was considered best for the bank to automate the tests to build an Automation Regression Pack. This pack will help in performing regression testing during 'Business-asUsual' and be part of the testing lifecycle for the second phase of implementation and upgrade. Challenges

To design a hybrid framework in QTP (keyword and data-driven) that will accommodate different products with varied functionalities and are developed on varied technologies

To design a robust automation framework that will enable work on different tools to achieve multiple browser test case execution Key Contributions

We designed an automation framework which was totally dynamic in handling all objects, and we handled multiple releases with base setup remaining a benchmark

We deployed sophisticated and in-detail report techniques using HTML and excel graphing methods

Scripting became a necessity only during enhancement of automation framework features and not during test design

The designed scripts helped to set up the test bed for the application with large amounts of data

Comprehensive System Integration and Acceptance Testing of the transformation program of a leading telecom operator in the KSA region
Overview One of the largest telecom operators in the KSA region had embarked on a complex transformation exercise to replace their legacy billing and CRM solution. Given the size of this critical implementation, the client chose us as the independent testing organization to ensure that System Integration and Acceptance Testing was conducted along with a structured rollout into production in a phased manner for all the proposed solutions. Challenges

Multiple code drops

High volumes of data migration from one system into another

Non-availability of technical documentation for generating test cases

Integration of the billing as well as the customer support application by multiple application vendors

Aggressive go-live plan from a business angle Key Contributions

We proposed an onsite-offshore model of test delivery as required by the client. The client had their own shared services center in India. One of the key expectations of the client was that we should bring sound capability on the applications that were being implemented in order to identify and escalate risks early

After the initial knowledge transfer phase, we established a reasonably seamless delivery process. The model also met the clients expectations on quick team ramp-up / ramp-down

The test process / methodology was fine-tuned in line with the limited baseline documentation which was available with the client

Our team took complete accountability for testing, right from the test strategy with optimized usage of test data, test planning including run plans preparation, test design including implementation of test design process, multiple rounds of test execution, and tool-based defect management

Maveric provided a comprehensive security testing solution for a non web application of a leading bank in the Middle East.
Overview There was a need to discover existing vulnerabilities in a client-server application at a leading bank in the Middle East. Maveric successfully completed two rounds of client-server application vulnerability assessment and provided the recommendation for risk mitigation. Challenges

The real challenge was to establish offshore connectivity and remote scanning without any data loss for the client application or documentation while also ensuring data security.

Key Contributions

Maverics proprietary structured test methodology was used. It involved 4 phases, viz., Threat Profiling, Test Planning, Test Execution and Reporting Threat Profiling:

This phase involved a detailed study of each application / module based on identified critical scenarios Test Planning:

Based on the threat profile, attack vectors were designed along with planning for execution Test Execution:

Test Execution was carried out on the test environment based on the sequence planned in the planning stage Reporting:

The report summarised the gaps identified along with remediation measures and recommendations Comprehensive client Application Testing covered the following key aspects based on Authentication and Authorization controls, Logical access control verification and Encryption and data confidentiality vulnerabilities. The security testing was conducted at two levels with detailed reporting on vulnerabilities with recommendations. Maveric successfully identified Twelve high-risk vulnerabilities in client application Highlight of findings included Password Stored in Client PC in Plain Text

Comprehensive Security Testing solution for an online web trading application of a leading bank in the Middle East
Overview There was a need to discover existing vulnerabilities in an online web trading application. Challenges

To establish offshore connectivity and remote scanning without any data loss for the web application

Ensure the coverage of assessment because of limited version control for the web application Key Contributions

Our proprietary, structured test methodology was used. It involved 4 phases, viz., Threat Profiling, Test Planning, Test Execution and Reporting

Comprehensive Web Application Testing carried out covered the following key aspects based on the OWASP guidelines using automated scanners and thorough manual validation focusing on Authentication, Authorization, Cookie Management, Data / Input Validation, Error Handling / Information leakage, Cryptography and Session Management vulnerabilities

The security testing was conducted at two levels with detailed reporting on vulnerabilities with recommendations

Maveric successfully identified:

o o

Critical vulnerabilities which, if not detected, would be exploited by hackers

High risk vulnerabilities in the web application such as: o SQL Injection o Cross Site Scripting (XSS)

o Broken Authentication and Session Management o Insecure Direct Object References o Cross Site Request Forgery(CSRF) o Security Misconfiguration The entire activity was carried out in our offshore facility, which helped the client to reduce their project expenses by a significant amount.