Skip to content

QA Forum 2024-11-11ΒΆ

πŸ“ Meeting SummaryΒΆ

πŸš€ Proactive Quality Efforts Inspired by AlexΒΆ

At the beginning of the meeting, Alex shared his experience of identifying a security issue in the User API. This proactive approach inspired other developers to look for potential issues with similar vigilance. πŸ‘ Kudos to Alex, a true Quality Star! 🌟

πŸ’» Li's Demo on Postman WorkspaceΒΆ

Li provided an insightful session on the "Backend API Testing" Postman workspace. Developers interested in API testing joined the workspace, where Li demonstrated:
1. STEP1 and STEP2 for logging in as an existing user.
2. Sample tests, such as Mpay and Pocket tests ,etc.

To ensure consistent testing across all developers:
- It is highly recommended to modify only the current values in the Stage environment variables.
- Avoid changing the shared test collections directly. Instead, duplicate or fork them to make specific changes.

πŸ€” Questions Raised by LarsΒΆ

  1. Can we GitOps the Postman scripts?

    • βœ… Yes, this can be achieved using the Postman CLI, though it will require additional effort to implement.

  2. Can we restrict edit permissions for a specific collection?

    • βœ… Yes, this feature is available but requires a Postman Professional Plan.

  3. How do we separate variables?

    • πŸ”„ a separation between static variables and those requiring ad-hoc changes implemented during the meeting.

πŸ›  Tips and Suggestions for API TestingΒΆ

  • For creating a new user, Li recommended using the smoke test.
  • Alex mentioned he has a script to create a user.
  • Magnus inquired whether the new method in internal testing API for user creation would be helpful. The answer was a resounding yes. βœ…

πŸ•΅οΈ Penetration Tests OverviewΒΆ

The meeting concluded with a brief introduction to the penetration tests conducted last month. Li presented a slide deck covering:
- Issues found in the penetration tests.
- Key areas in penetration tests.
- Tools used during the tests.

πŸ“„ View the Slide of Penetration Tests

This session was an excellent opportunity for the team to enhance collaboration, share knowledge, and strengthen API security and testing processes. πŸ’ͺ