DEV Community: Yusuf Aşık The latest articles on DEV Community by Yusuf Aşık (@bugnificent). https://dev.to/bugnificent https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2968198%2F129d6b72-3697-4666-aca9-451265568734.jpeg DEV Community: Yusuf Aşık https://dev.to/bugnificent en Android/iOS Testing Perfected: 20 Appium Tricks You Need Yusuf Aşık Tue, 01 Apr 2025 20:45:18 +0000 https://dev.to/bugnificent/androidios-testing-perfected-20-appium-tricks-you-need-2n52 https://dev.to/bugnificent/androidios-testing-perfected-20-appium-tricks-you-need-2n52 <p>Appium is one of the(maybe number one) most popular open-source automation tool for testing mobile applications across iOS and Android platforms. Strong libraries, wide community and documentation support and years of experience across all the QA Enginners and most importantly Selenium-like syntax makes it top choice for Native Mobile App testing. If we know that, we should know how to make it perfect too.</p> <h2> 1. Use Appium Inspector </h2> <p>Appium Inspector helps in identifying element locators efficiently. It allows testers to inspect UI elements and retrieve attributes like <code>resource-id</code>, <code>accessibility-id</code>, <code>text</code>, and <code>class</code>.</p> <p><strong>Example:</strong></p> <ol> <li>Open Appium Inspector and connect to your running session.</li> <li>Click on elements to fetch their properties.</li> <li>Copy unique locators to use in your automation script, ensuring better test stability.</li> </ol> <h2> 2. Find Exact App Names from Play Store </h2> <p>To correctly launch an app using Appium, you need the exact package name and main activity.</p> <p><strong>Example:</strong></p> <ol> <li><p>Install the "Package Name Viewer" on an android test device.</p></li> <li><p>Use these details in your <code>capabilities</code> while setting up Appium.</p></li> </ol> <h2> 3. Advanced ADB Command for Extracting Current Activity </h2> <p>Instead of manually searching the activity name from <code>dumpsys window</code>, use the following command to extract it precisely:</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>adb shell dumpsys window | <span class="nb">grep</span> <span class="nt">-oP</span> <span class="s1">'(?&lt;=mCurrentFocus=Window{)[^}]+'</span> </code></pre> </div> <p>This command extracts only the currently focused window, making it easier to grab the package and activity for use in Appium tests.</p> <h2> 4. Explicit Waits </h2> <p>Avoid using <code>Thread.sleep()</code> as it introduces unnecessary delays. Instead, use explicit waits, which wait for an element until a specified condition is met.</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">WebDriverWait</span> <span class="n">wait</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">WebDriverWait</span><span class="o">(</span><span class="n">driver</span><span class="o">,</span> <span class="nc">Duration</span><span class="o">.</span><span class="na">ofSeconds</span><span class="o">(</span><span class="mi">10</span><span class="o">));</span> <span class="nc">WebElement</span> <span class="n">element</span> <span class="o">=</span> <span class="n">wait</span><span class="o">.</span><span class="na">until</span><span class="o">(</span><span class="nc">ExpectedConditions</span><span class="o">.</span><span class="na">visibilityOfElementLocated</span><span class="o">(</span><span class="nc">By</span><span class="o">.</span><span class="na">id</span><span class="o">(</span><span class="s">"login_button"</span><span class="o">)));</span> </code></pre> </div> <p>This ensures that your test does not proceed until the element is visible.</p> <h2> 5. Page Object Model (POM) </h2> <p>Using POM makes test scripts more structured and maintainable by separating UI elements and test logic.</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kd">public</span> <span class="kd">class</span> <span class="nc">LoginPage</span> <span class="o">{</span> <span class="nd">@FindBy</span><span class="o">(</span><span class="n">id</span> <span class="o">=</span> <span class="s">"username"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">WebElement</span> <span class="n">username</span><span class="o">;</span> <span class="nd">@FindBy</span><span class="o">(</span><span class="n">id</span> <span class="o">=</span> <span class="s">"password"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">WebElement</span> <span class="n">password</span><span class="o">;</span> <span class="nd">@FindBy</span><span class="o">(</span><span class="n">id</span> <span class="o">=</span> <span class="s">"login_button"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">WebElement</span> <span class="n">loginButton</span><span class="o">;</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">login</span><span class="o">(</span><span class="nc">String</span> <span class="n">user</span><span class="o">,</span> <span class="nc">String</span> <span class="n">pass</span><span class="o">)</span> <span class="o">{</span> <span class="n">username</span><span class="o">.</span><span class="na">sendKeys</span><span class="o">(</span><span class="n">user</span><span class="o">);</span> <span class="n">password</span><span class="o">.</span><span class="na">sendKeys</span><span class="o">(</span><span class="n">pass</span><span class="o">);</span> <span class="n">loginButton</span><span class="o">.</span><span class="na">click</span><span class="o">();</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>This makes test cases more readable and reusable.</p> <h2> 6. Prefer Accessibility IDs and Resource IDs </h2> <p><code>Accessibility ID</code> and <code>Resource ID</code> are the most reliable locators compared to XPaths, making tests more stable and faster.</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="n">driver</span><span class="o">.</span><span class="na">findElement</span><span class="o">(</span><span class="nc">MobileBy</span><span class="o">.</span><span class="na">AccessibilityId</span><span class="o">(</span><span class="s">"SubmitButton"</span><span class="o">)).</span><span class="na">click</span><span class="o">();</span> </code></pre> </div> <p>This avoids issues caused by UI structure changes.</p> <h2> 7. Relative XPaths over Absolute </h2> <p>Absolute XPaths are brittle as they depend on UI structure. Always prefer relative XPaths to improve test maintainability.</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="n">driver</span><span class="o">.</span><span class="na">findElement</span><span class="o">(</span><span class="nc">By</span><span class="o">.</span><span class="na">xpath</span><span class="o">(</span><span class="s">"//android.widget.Button[@text='Submit']"</span><span class="o">)).</span><span class="na">click</span><span class="o">();</span> </code></pre> </div> <p>This makes tests resilient to minor UI changes.</p> <h2> 8. Handle Flakiness with Retries </h2> <p>Tests may fail due to temporary issues like slow network or animations. Implement retry logic to reduce false failures.</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Test</span><span class="o">(</span><span class="n">retryAnalyzer</span> <span class="o">=</span> <span class="nc">RetryAnalyzer</span><span class="o">.</span><span class="na">class</span><span class="o">)</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">testLogin</span><span class="o">()</span> <span class="o">{</span> <span class="c1">// Test implementation</span> <span class="o">}</span> </code></pre> </div> <p>This improves test reliability.</p> <h2> 9. Disable Animations via ADB </h2> <p>Animations can slow down tests and cause flakiness. Disable them using ADB commands.</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>adb shell settings put global window_animation_scale 0 adb shell settings put global transition_animation_scale 0 adb shell settings put global animator_duration_scale 0 </code></pre> </div> <p>This speeds up UI interactions during automation.</p> <h2> 10. Parallel Test Execution </h2> <p>Run tests on multiple devices simultaneously to speed up execution.</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;suite</span> <span class="na">name=</span><span class="s">"ParallelTests"</span> <span class="na">parallel=</span><span class="s">"tests"</span> <span class="na">thread-count=</span><span class="s">"2"</span><span class="nt">&gt;</span> <span class="nt">&lt;test</span> <span class="na">name=</span><span class="s">"AndroidTest1"</span><span class="nt">&gt;</span> <span class="nt">&lt;classes&gt;</span> <span class="nt">&lt;class</span> <span class="na">name=</span><span class="s">"tests.LoginTest"</span> <span class="nt">/&gt;</span> <span class="nt">&lt;/classes&gt;</span> <span class="nt">&lt;/test&gt;</span> <span class="nt">&lt;/suite&gt;</span> </code></pre> </div> <p>This optimizes test execution time.</p> <h2> 11. Use UIAutomator2 </h2> <p>UIAutomator2 is the recommended automation engine for Android as it provides better stability and speed.</p> <p><strong>Example (Java):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="n">capabilities</span><span class="o">.</span><span class="na">setCapability</span><span class="o">(</span><span class="s">"automationName"</span><span class="o">,</span> <span class="s">"UIAutomator2"</span><span class="o">);</span> </code></pre> </div> <p>This ensures compatibility with modern Android versions.</p> <h2> 12. Network Conditioning </h2> <p>Simulate different network conditions like slow or no internet to test app behavior.</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>adb shell am broadcast <span class="nt">-a</span> com.android.intent.action.SET_NETWORK_CONDITIONS <span class="nt">--es</span> condition slow </code></pre> </div> <p>This helps validate app performance under various network conditions.</p> <h2> 13. Grant Permissions via ADB </h2> <p>Some apps require runtime permissions. Instead of manually accepting popups, grant permissions via ADB.</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>adb shell pm grant com.example android.permission.CAMERA </code></pre> </div> <p>This ensures smooth test execution without interruptions.</p> <h2> 14. Screenshots on Failure </h2> <p>Capture screenshots on test failures to debug issues effectively.</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">File</span> <span class="n">scrFile</span> <span class="o">=</span> <span class="o">((</span><span class="nc">TakesScreenshot</span><span class="o">)</span> <span class="n">driver</span><span class="o">).</span><span class="na">getScreenshotAs</span><span class="o">(</span><span class="nc">OutputType</span><span class="o">.</span><span class="na">FILE</span><span class="o">);</span> <span class="nc">FileUtils</span><span class="o">.</span><span class="na">copyFile</span><span class="o">(</span><span class="n">scrFile</span><span class="o">,</span> <span class="k">new</span> <span class="nc">File</span><span class="o">(</span><span class="s">"failure_screenshot.png"</span><span class="o">));</span> </code></pre> </div> <p>This helps in analyzing failures visually.</p> <h2> 15. Test Data Cleanup </h2> <p>Ensure a fresh app state before every test by resetting app data.</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="n">driver</span><span class="o">.</span><span class="na">resetApp</span><span class="o">();</span> </code></pre> </div> <p>This prevents stale data from affecting test results.</p> <h2> 16. Cloud Testing Services </h2> <p>Use services like BrowserStack, Sauce Labs, or Firebase Test Lab to run tests on real devices in the cloud. It will also help you if you are unable to use Mac machine to test IOS.</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="n">capabilities</span><span class="o">.</span><span class="na">setCapability</span><span class="o">(</span><span class="s">"browserstack.user"</span><span class="o">,</span> <span class="s">"your_username"</span><span class="o">);</span> <span class="n">capabilities</span><span class="o">.</span><span class="na">setCapability</span><span class="o">(</span><span class="s">"browserstack.key"</span><span class="o">,</span> <span class="s">"your_access_key"</span><span class="o">);</span> </code></pre> </div> <p>Cloud testing provides access to multiple device configurations and reduces infrastructure costs.</p> <h2> Bonus: iOS Tips </h2> <h3> Use <code>xcuitest</code> Automation Engine </h3> <p>For iOS automation, always use the <code>XCUITest</code> automation engine as it is the most stable and widely supported.</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="n">capabilities</span><span class="o">.</span><span class="na">setCapability</span><span class="o">(</span><span class="s">"automationName"</span><span class="o">,</span> <span class="s">"XCUITest"</span><span class="o">);</span> </code></pre> </div> <p>This ensures better compatibility with iOS devices.</p> <h3> Handle iOS Permissions Automatically </h3> <p>iOS apps require permissions for features like camera and location. You can pre-approve these using Appium capabilities.</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="n">capabilities</span><span class="o">.</span><span class="na">setCapability</span><span class="o">(</span><span class="s">"autoAcceptAlerts"</span><span class="o">,</span> <span class="kc">true</span><span class="o">);</span> </code></pre> </div> <p>This prevents permission popups from interrupting your tests.</p> <h3> Use Predicate Strings for Locators </h3> <p>Instead of XPaths, use <code>Predicate Strings</code> for better performance and stability.</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="n">driver</span><span class="o">.</span><span class="na">findElement</span><span class="o">(</span><span class="nc">MobileBy</span><span class="o">.</span><span class="na">iOSNsPredicateString</span><span class="o">(</span><span class="s">"label == 'Submit'"</span><span class="o">));</span> </code></pre> </div> <p>Predicate Strings execute faster and are more robust than XPath.</p> <h3> Use iosClassChain for Faster Element Finding </h3> <p>For better performance in iOS automation, prefer <code>iosClassChain</code> instead of XPath. It’s more efficient and faster for locating elements.</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="n">driver</span><span class="o">.</span><span class="na">findElement</span><span class="o">(</span><span class="nc">MobileBy</span><span class="o">.</span><span class="na">iOSClassChain</span><span class="o">(</span><span class="s">"**/XCUIElementTypeButton[`label == 'Submit'`]"</span><span class="o">)).</span><span class="na">click</span><span class="o">();</span> </code></pre> </div> <p>This improves execution speed compared to XPath and is more reliable.</p> <h2> Predicate String vs iOSClassChain </h2> <ul> <li>Use Predicate String when you need more readable and flexible conditions (e.g., filtering by label, value, or name).</li> <li>Use iosClassChain when dealing with deeply nested elements or hierarchical structures (e.g., finding a button inside a specific cell).</li> </ul> <p><strong>TL&amp;DR:</strong> Predicate String for simple queries, iosClassChain for complex UI trees.</p> <p>If performance is a concern, iosClassChain is generally faster than Predicate Strings, especially for deeply nested elements.</p> <p><strong>Following these best practices will significantly improve the stability, reliability, and efficiency of your Appium-based mobile test automation.</strong></p> <p><em>Let me know if you have other tips as well!</em></p> automation appium mobile Security Testing for SDETs: Automate Vulnerability Scans with OWASP ZAP Yusuf Aşık Mon, 24 Mar 2025 15:42:55 +0000 https://dev.to/bugnificent/security-testing-for-sdets-automate-vulnerability-scans-with-owasp-zap-2a2e https://dev.to/bugnificent/security-testing-for-sdets-automate-vulnerability-scans-with-owasp-zap-2a2e <p>As Software Development Engineers in Test (SDETs), we’re no strangers to automation. We build frameworks to validate functionality, performance, and usability. But in today’s threat landscape, <strong>security testing</strong> can no longer be an afterthought – and that’s where <em>OWASP ZAP</em> (Zed Attack Proxy) shines. Let’s explore why integrating ZAP into your automated tests matters and how it transforms your role in securing applications.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faanzzivp1n34lf4nxuib.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faanzzivp1n34lf4nxuib.png" alt="OWASP ZAP" width="741" height="417"></a></p> <h2> Why Security Testing Matters for SDETs </h2> <ol> <li><p><strong>Shift-Left Security</strong><br><br> Security vulnerabilities caught late in the SDLC cost <strong>6x more</strong> to fix than those identified early. By integrating security testing into automation, SDETs enable proactive risk mitigation.</p></li> <li><p><strong>Beyond Functional Testing</strong><br><br> Modern SDETs are guardians of quality <em>and</em> security. A feature might work perfectly but leak sensitive data or expose SQL injection points.</p></li> <li><p><strong>Compliance &amp; Reputation</strong><br><br> GDPR, PCI-DSS, and other regulations demand security rigor. Automated security tests provide auditable proof of due diligence.</p></li> </ol> <h2> OWASP ZAP: The SDET’s Security Swiss Army Knife </h2> <p>ZAP isn’t just another scanner – it’s a <strong>developer-centric toolkit</strong> designed for automation:</p> <ul> <li> <strong>Passive Scanning</strong>: Analyze traffic during functional tests</li> <li> <strong>Active Scanning</strong>: Simulate attacks (XSS, SQLi, etc.)</li> <li> <strong>API-first Design</strong>: Perfect for CI/CD pipelines</li> <li> <strong>Customizable</strong>: Addons for OAuth, GraphQL, and more</li> </ul> <h2> Integrating ZAP into Your Framework: Key Benefits </h2> <p>✅ <strong>Seamless Automation</strong><br><br> Trigger scans programmatically via ZAP’s REST API during Selenium test suites.</p> <p>✅ <strong>Context-Aware Testing</strong><br><br> Use authenticated sessions from your functional tests to scan post-login workflows.</p> <p>✅ <strong>CI/CD Friendly</strong><br><br> Fail builds automatically when ZAP detects high-risk vulnerabilities.</p> <p>✅ <strong>Allure-Ready Reports</strong><br><br> Combine ZAP’s HTML/JSON reports with Allure’s trend analysis for security metrics.</p> <h2> How to Integrate ZAP with Selenium + TestNG </h2> <h3> Architecture Overview </h3> <ol> <li> <strong>ZAP Proxy Setup</strong>: Route Selenium traffic through ZAP</li> <li> <strong>Passive Scan During Tests</strong>: Let ZAP analyze HTTP/S traffic</li> <li> <strong>Active Scan Post-Test</strong>: Trigger attacks after critical workflows</li> <li> <strong>Report Generation</strong>: Export results to Allure</li> </ol> <blockquote> <p>Note: Headless mode requires additional steps and for normal test ZAP GUI should be opened before test starts.</p> </blockquote> <h3> Example Code Snippets (Dependencies) </h3> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="c">&lt;!-- Selenium --&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.seleniumhq.selenium<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>selenium-java<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>4.30.0<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="c">&lt;!-- https://mvnrepository.com/artifact/io.cucumber/cucumber-java --&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>io.cucumber<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>cucumber-java<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>7.21.1<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="c">&lt;!-- https://mvnrepository.com/artifact/org.zaproxy/zap-clientapi --&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.zaproxy<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>zap-clientapi<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>1.16.0<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="c">&lt;!-- https://mvnrepository.com/artifact/org.testng/testng --&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.testng<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>testng<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>7.10.2<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;scope&gt;</span>test<span class="nt">&lt;/scope&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="c">&lt;!-- Allure --&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>io.qameta.allure<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>allure-cucumber7-jvm<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;scope&gt;</span>test<span class="nt">&lt;/scope&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="c">&lt;!-- https://mvnrepository.com/artifact/io.qameta.allure/allure-testng --&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>io.qameta.allure<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>allure-testng<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>2.29.1<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;/dependency&gt;</span> </code></pre> </div> <h3> Feature File </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> Feature: ZAP Security Check @sec Scenario: I need to run security check When i started security <span class="nb">test</span> </code></pre> </div> <h3> Step Definition </h3> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">package</span> <span class="nn">com.velespit.step_definitions</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">com.velespit.utilities.BrowserUtils</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">com.velespit.utilities.ConfigurationReader</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">io.qameta.allure.Allure</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">io.qameta.allure.Description</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">io.qameta.allure.testng.Tag</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.testng.annotations.Test</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.zaproxy.clientapi.core.*</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.slf4j.Logger</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.slf4j.LoggerFactory</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.zaproxy.clientapi.core.ClientApi</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.io.BufferedReader</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.io.File</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.io.InputStreamReader</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.util.HashMap</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.util.List</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.util.ArrayList</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.util.Map</span><span class="o">;</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">ZapSecurityTest</span> <span class="o">{</span> <span class="kd">private</span> <span class="kd">static</span> <span class="kd">final</span> <span class="nc">Logger</span> <span class="n">logger</span> <span class="o">=</span> <span class="nc">LoggerFactory</span><span class="o">.</span><span class="na">getLogger</span><span class="o">(</span><span class="nc">ZapSecurityTest</span><span class="o">.</span><span class="na">class</span><span class="o">);</span> <span class="kd">private</span> <span class="kd">static</span> <span class="kd">final</span> <span class="nc">String</span> <span class="no">ZAP_PROXY_HOST</span> <span class="o">=</span> <span class="s">"localhost"</span><span class="o">;</span> <span class="kd">private</span> <span class="kd">static</span> <span class="kd">final</span> <span class="kt">int</span> <span class="no">ZAP_PROXY_PORT</span> <span class="o">=</span> <span class="mi">8080</span><span class="o">;</span> <span class="kd">private</span> <span class="kd">static</span> <span class="kd">final</span> <span class="nc">String</span> <span class="no">ZAP_API_KEY</span> <span class="o">=</span> <span class="nc">ConfigurationReader</span><span class="o">.</span><span class="na">getProperty</span><span class="o">(</span><span class="s">"zap_api_key"</span><span class="o">);</span> <span class="c1">// Replace with your ZAP API key</span> <span class="kd">private</span> <span class="kd">static</span> <span class="nc">ClientApi</span> <span class="n">zapClient</span><span class="o">;</span> <span class="kd">public</span> <span class="nf">ZapSecurityTest</span><span class="o">()</span> <span class="o">{</span> <span class="n">zapClient</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ClientApi</span><span class="o">(</span><span class="no">ZAP_PROXY_HOST</span><span class="o">,</span> <span class="no">ZAP_PROXY_PORT</span><span class="o">,</span> <span class="no">ZAP_API_KEY</span><span class="o">);</span> <span class="o">}</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">startZAPHeadless</span><span class="o">()</span> <span class="o">{</span> <span class="k">try</span> <span class="o">{</span> <span class="nc">ProcessBuilder</span> <span class="n">processBuilder</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ProcessBuilder</span><span class="o">(</span> <span class="s">"cmd.exe"</span><span class="o">,</span> <span class="s">"/c"</span><span class="o">,</span> <span class="nc">ConfigurationReader</span><span class="o">.</span><span class="na">getProperty</span><span class="o">(</span><span class="s">"zap_path"</span><span class="o">),</span> <span class="s">"-daemon"</span><span class="o">,</span> <span class="s">"-port"</span><span class="o">,</span> <span class="s">"8080"</span><span class="o">,</span> <span class="s">"-host"</span><span class="o">,</span> <span class="s">"localhost"</span> <span class="o">);</span> <span class="n">processBuilder</span><span class="o">.</span><span class="na">directory</span><span class="o">(</span><span class="k">new</span> <span class="nc">File</span><span class="o">(</span><span class="nc">ConfigurationReader</span><span class="o">.</span><span class="na">getProperty</span><span class="o">(</span><span class="s">"zap_path"</span><span class="o">)));</span> <span class="n">processBuilder</span><span class="o">.</span><span class="na">redirectErrorStream</span><span class="o">(</span><span class="kc">true</span><span class="o">);</span> <span class="nc">Process</span> <span class="n">zapProcess</span> <span class="o">=</span> <span class="n">processBuilder</span><span class="o">.</span><span class="na">start</span><span class="o">();</span> <span class="n">logger</span><span class="o">.</span><span class="na">info</span><span class="o">(</span><span class="s">"ZAP started in headless mode."</span><span class="o">);</span> <span class="c1">// Wait until ZAP is fully initialized before continuing</span> <span class="n">waitForZapStartup</span><span class="o">();</span> <span class="o">}</span> <span class="k">catch</span> <span class="o">(</span><span class="nc">Exception</span> <span class="n">e</span><span class="o">)</span> <span class="o">{</span> <span class="n">logger</span><span class="o">.</span><span class="na">error</span><span class="o">(</span><span class="s">"Failed to start ZAP in headless mode."</span><span class="o">,</span> <span class="n">e</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> <span class="kd">private</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">waitForZapStartup</span><span class="o">()</span> <span class="kd">throws</span> <span class="nc">InterruptedException</span> <span class="o">{</span> <span class="n">logger</span><span class="o">.</span><span class="na">info</span><span class="o">(</span><span class="s">"Waiting for ZAP to initialize..."</span><span class="o">);</span> <span class="kt">int</span> <span class="n">retries</span> <span class="o">=</span> <span class="mi">10</span><span class="o">;</span> <span class="k">while</span> <span class="o">(</span><span class="n">retries</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="o">)</span> <span class="o">{</span> <span class="k">if</span> <span class="o">(</span><span class="n">isZapRunning</span><span class="o">())</span> <span class="o">{</span> <span class="n">logger</span><span class="o">.</span><span class="na">info</span><span class="o">(</span><span class="s">"ZAP is ready!"</span><span class="o">);</span> <span class="k">return</span><span class="o">;</span> <span class="o">}</span> <span class="nc">BrowserUtils</span><span class="o">.</span><span class="na">sleep</span><span class="o">(</span><span class="mi">5</span><span class="o">);</span> <span class="c1">// Wait 5 seconds</span> <span class="n">retries</span><span class="o">--;</span> <span class="o">}</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">RuntimeException</span><span class="o">(</span><span class="s">"ZAP did not start within the expected time!"</span><span class="o">);</span> <span class="o">}</span> <span class="kd">private</span> <span class="kd">static</span> <span class="kt">boolean</span> <span class="nf">isZapRunning</span><span class="o">()</span> <span class="o">{</span> <span class="k">try</span> <span class="o">{</span> <span class="nc">ProcessBuilder</span> <span class="n">checkProcess</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ProcessBuilder</span><span class="o">(</span><span class="s">"curl"</span><span class="o">,</span> <span class="s">"-s"</span><span class="o">,</span> <span class="s">"http://localhost:8080/"</span><span class="o">);</span> <span class="nc">Process</span> <span class="n">process</span> <span class="o">=</span> <span class="n">checkProcess</span><span class="o">.</span><span class="na">start</span><span class="o">();</span> <span class="nc">BufferedReader</span> <span class="n">reader</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">BufferedReader</span><span class="o">(</span><span class="k">new</span> <span class="nc">InputStreamReader</span><span class="o">(</span><span class="n">process</span><span class="o">.</span><span class="na">getInputStream</span><span class="o">()));</span> <span class="nc">String</span> <span class="n">response</span><span class="o">;</span> <span class="k">while</span> <span class="o">((</span><span class="n">response</span> <span class="o">=</span> <span class="n">reader</span><span class="o">.</span><span class="na">readLine</span><span class="o">())</span> <span class="o">!=</span> <span class="kc">null</span><span class="o">)</span> <span class="o">{</span> <span class="k">if</span> <span class="o">(</span><span class="n">response</span><span class="o">.</span><span class="na">contains</span><span class="o">(</span><span class="s">"ZAP"</span><span class="o">))</span> <span class="o">{</span> <span class="k">return</span> <span class="kc">true</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="k">catch</span> <span class="o">(</span><span class="nc">Exception</span> <span class="n">e</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="kc">false</span><span class="o">;</span> <span class="o">}</span> <span class="k">return</span> <span class="kc">false</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">startZapSecurityTest</span><span class="o">(</span><span class="nc">String</span> <span class="n">targetUrl</span><span class="o">)</span> <span class="o">{</span> <span class="k">try</span> <span class="o">{</span> <span class="c1">// Start a new session</span> <span class="n">zapClient</span><span class="o">.</span><span class="na">core</span><span class="o">.</span><span class="na">newSession</span><span class="o">(</span><span class="s">"ZAP Security Test"</span><span class="o">,</span> <span class="s">"true"</span><span class="o">);</span> <span class="c1">// Spider the target URL to discover links</span> <span class="n">logger</span><span class="o">.</span><span class="na">info</span><span class="o">(</span><span class="s">"Starting ZAP Spider for: {}"</span><span class="o">,</span> <span class="n">targetUrl</span><span class="o">);</span> <span class="nc">ApiResponse</span> <span class="n">spiderResponse</span> <span class="o">=</span> <span class="n">zapClient</span><span class="o">.</span><span class="na">spider</span><span class="o">.</span><span class="na">scan</span><span class="o">(</span><span class="n">targetUrl</span><span class="o">,</span> <span class="kc">null</span><span class="o">,</span> <span class="kc">null</span><span class="o">,</span> <span class="kc">null</span><span class="o">,</span> <span class="kc">null</span><span class="o">);</span> <span class="nc">String</span> <span class="n">scanId</span> <span class="o">=</span> <span class="o">((</span><span class="nc">ApiResponseElement</span><span class="o">)</span> <span class="n">spiderResponse</span><span class="o">).</span><span class="na">getValue</span><span class="o">();</span> <span class="n">waitForSpiderToComplete</span><span class="o">(</span><span class="n">scanId</span><span class="o">);</span> <span class="c1">// Active scan for vulnerabilities</span> <span class="n">logger</span><span class="o">.</span><span class="na">info</span><span class="o">(</span><span class="s">"Starting ZAP Active Scan for: {}"</span><span class="o">,</span> <span class="n">targetUrl</span><span class="o">);</span> <span class="nc">ApiResponse</span> <span class="n">activeScanResponse</span> <span class="o">=</span> <span class="n">zapClient</span><span class="o">.</span><span class="na">ascan</span><span class="o">.</span><span class="na">scan</span><span class="o">(</span><span class="n">targetUrl</span><span class="o">,</span> <span class="s">"true"</span><span class="o">,</span> <span class="s">"false"</span><span class="o">,</span> <span class="kc">null</span><span class="o">,</span> <span class="kc">null</span><span class="o">,</span> <span class="kc">null</span><span class="o">);</span> <span class="nc">String</span> <span class="n">activeScanId</span> <span class="o">=</span> <span class="o">((</span><span class="nc">ApiResponseElement</span><span class="o">)</span> <span class="n">activeScanResponse</span><span class="o">).</span><span class="na">getValue</span><span class="o">();</span> <span class="n">waitForActiveScanToComplete</span><span class="o">(</span><span class="n">activeScanId</span><span class="o">);</span> <span class="c1">// Generate and report security findings</span> <span class="n">reportSecurityFindings</span><span class="o">(</span><span class="n">targetUrl</span><span class="o">);</span> <span class="o">}</span> <span class="k">catch</span> <span class="o">(</span><span class="nc">ClientApiException</span> <span class="o">|</span> <span class="nc">InterruptedException</span> <span class="n">e</span><span class="o">)</span> <span class="o">{</span> <span class="n">logger</span><span class="o">.</span><span class="na">error</span><span class="o">(</span><span class="s">"An error occurred during ZAP security testing: "</span><span class="o">,</span> <span class="n">e</span><span class="o">);</span> <span class="nc">Allure</span><span class="o">.</span><span class="na">addAttachment</span><span class="o">(</span><span class="s">"Error"</span><span class="o">,</span> <span class="s">"text/plain"</span><span class="o">,</span> <span class="s">"An error occurred: "</span> <span class="o">+</span> <span class="n">e</span><span class="o">.</span><span class="na">getMessage</span><span class="o">());</span> <span class="o">}</span> <span class="o">}</span> <span class="kd">private</span> <span class="kt">void</span> <span class="nf">waitForSpiderToComplete</span><span class="o">(</span><span class="nc">String</span> <span class="n">scanId</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">ClientApiException</span><span class="o">,</span> <span class="nc">InterruptedException</span> <span class="o">{</span> <span class="k">while</span> <span class="o">(</span><span class="kc">true</span><span class="o">)</span> <span class="o">{</span> <span class="nc">BrowserUtils</span><span class="o">.</span><span class="na">sleep</span><span class="o">(</span><span class="mi">2</span><span class="o">);</span> <span class="c1">// Poll every 2 seconds</span> <span class="nc">ApiResponse</span> <span class="n">spiderStatus</span> <span class="o">=</span> <span class="n">zapClient</span><span class="o">.</span><span class="na">spider</span><span class="o">.</span><span class="na">status</span><span class="o">(</span><span class="n">scanId</span><span class="o">);</span> <span class="kt">int</span> <span class="n">progress</span> <span class="o">=</span> <span class="nc">Integer</span><span class="o">.</span><span class="na">parseInt</span><span class="o">(((</span><span class="nc">ApiResponseElement</span><span class="o">)</span> <span class="n">spiderStatus</span><span class="o">).</span><span class="na">getValue</span><span class="o">());</span> <span class="n">logger</span><span class="o">.</span><span class="na">info</span><span class="o">(</span><span class="s">"ZAP Spider progress: {}%"</span><span class="o">,</span> <span class="n">progress</span><span class="o">);</span> <span class="k">if</span> <span class="o">(</span><span class="n">progress</span> <span class="o">&gt;=</span> <span class="mi">100</span><span class="o">)</span> <span class="o">{</span> <span class="k">break</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> <span class="n">logger</span><span class="o">.</span><span class="na">info</span><span class="o">(</span><span class="s">"ZAP Spider completed."</span><span class="o">);</span> <span class="o">}</span> <span class="kd">private</span> <span class="kt">void</span> <span class="nf">waitForActiveScanToComplete</span><span class="o">(</span><span class="nc">String</span> <span class="n">scanId</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">ClientApiException</span><span class="o">,</span> <span class="nc">InterruptedException</span> <span class="o">{</span> <span class="k">while</span> <span class="o">(</span><span class="kc">true</span><span class="o">)</span> <span class="o">{</span> <span class="nc">BrowserUtils</span><span class="o">.</span><span class="na">sleep</span><span class="o">(</span><span class="mi">2</span><span class="o">);</span> <span class="c1">// Poll every 2 seconds</span> <span class="nc">ApiResponse</span> <span class="n">activeScanStatus</span> <span class="o">=</span> <span class="n">zapClient</span><span class="o">.</span><span class="na">ascan</span><span class="o">.</span><span class="na">status</span><span class="o">(</span><span class="n">scanId</span><span class="o">);</span> <span class="kt">int</span> <span class="n">progress</span> <span class="o">=</span> <span class="nc">Integer</span><span class="o">.</span><span class="na">parseInt</span><span class="o">(((</span><span class="nc">ApiResponseElement</span><span class="o">)</span> <span class="n">activeScanStatus</span><span class="o">).</span><span class="na">getValue</span><span class="o">());</span> <span class="n">logger</span><span class="o">.</span><span class="na">info</span><span class="o">(</span><span class="s">"ZAP Active Scan progress: {}%"</span><span class="o">,</span> <span class="n">progress</span><span class="o">);</span> <span class="k">if</span> <span class="o">(</span><span class="n">progress</span> <span class="o">&gt;=</span> <span class="mi">100</span><span class="o">)</span> <span class="o">{</span> <span class="k">break</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> <span class="n">logger</span><span class="o">.</span><span class="na">info</span><span class="o">(</span><span class="s">"ZAP Active Scan completed."</span><span class="o">);</span> <span class="o">}</span> <span class="kd">private</span> <span class="kt">void</span> <span class="nf">reportSecurityFindings</span><span class="o">(</span><span class="nc">String</span> <span class="n">targetUrl</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">ClientApiException</span> <span class="o">{</span> <span class="c1">// Get alerts (vulnerabilities) using the new API method</span> <span class="nc">ApiResponse</span> <span class="n">alertsResponse</span> <span class="o">=</span> <span class="n">zapClient</span><span class="o">.</span><span class="na">alert</span><span class="o">.</span><span class="na">alerts</span><span class="o">(</span><span class="n">targetUrl</span><span class="o">,</span> <span class="kc">null</span><span class="o">,</span> <span class="kc">null</span><span class="o">,</span> <span class="kc">null</span><span class="o">);</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">String</span><span class="o">&gt;&gt;</span> <span class="n">alerts</span> <span class="o">=</span> <span class="n">parseAlerts</span><span class="o">((</span><span class="nc">ApiResponseList</span><span class="o">)</span> <span class="n">alertsResponse</span><span class="o">);</span> <span class="k">if</span> <span class="o">(</span><span class="n">alerts</span><span class="o">.</span><span class="na">isEmpty</span><span class="o">())</span> <span class="o">{</span> <span class="nc">Allure</span><span class="o">.</span><span class="na">addAttachment</span><span class="o">(</span><span class="s">"ZAP Security Result"</span><span class="o">,</span> <span class="s">"text/plain"</span><span class="o">,</span> <span class="s">"No security issues found for: "</span> <span class="o">+</span> <span class="n">targetUrl</span><span class="o">);</span> <span class="o">}</span> <span class="k">else</span> <span class="o">{</span> <span class="nc">Allure</span><span class="o">.</span><span class="na">addAttachment</span><span class="o">(</span><span class="s">"ZAP Security Result"</span><span class="o">,</span> <span class="s">"text/plain"</span><span class="o">,</span> <span class="s">"Security Issues Found for: "</span> <span class="o">+</span> <span class="n">targetUrl</span><span class="o">);</span> <span class="k">for</span> <span class="o">(</span><span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">String</span><span class="o">&gt;</span> <span class="n">alert</span> <span class="o">:</span> <span class="n">alerts</span><span class="o">)</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">alertDetails</span> <span class="o">=</span> <span class="n">formatAlertDetails</span><span class="o">(</span><span class="n">alert</span><span class="o">);</span> <span class="k">if</span> <span class="o">(</span><span class="n">alertDetails</span> <span class="o">!=</span> <span class="kc">null</span><span class="o">)</span> <span class="o">{</span> <span class="nc">Allure</span><span class="o">.</span><span class="na">addAttachment</span><span class="o">(</span><span class="s">"Alert: "</span> <span class="o">+</span> <span class="n">alert</span><span class="o">.</span><span class="na">get</span><span class="o">(</span><span class="s">"alert"</span><span class="o">),</span> <span class="s">"text/plain"</span><span class="o">,</span> <span class="n">alertDetails</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="kd">private</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">String</span><span class="o">&gt;&gt;</span> <span class="nf">parseAlerts</span><span class="o">(</span><span class="nc">ApiResponseList</span> <span class="n">alertsResponse</span><span class="o">)</span> <span class="o">{</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">String</span><span class="o">&gt;&gt;</span> <span class="n">alerts</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ArrayList</span><span class="o">&lt;&gt;();</span> <span class="k">for</span> <span class="o">(</span><span class="nc">ApiResponse</span> <span class="n">response</span> <span class="o">:</span> <span class="n">alertsResponse</span><span class="o">.</span><span class="na">getItems</span><span class="o">())</span> <span class="o">{</span> <span class="k">if</span> <span class="o">(</span><span class="n">response</span> <span class="k">instanceof</span> <span class="nc">ApiResponseSet</span> <span class="n">alertSet</span><span class="o">)</span> <span class="o">{</span> <span class="k">if</span> <span class="o">(</span><span class="n">alertSet</span><span class="o">.</span><span class="na">getValuesMap</span><span class="o">()</span> <span class="o">!=</span> <span class="kc">null</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="n">alertSet</span><span class="o">.</span><span class="na">getValuesMap</span><span class="o">().</span><span class="na">isEmpty</span><span class="o">())</span> <span class="o">{</span> <span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">String</span><span class="o">&gt;</span> <span class="n">alertDetails</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">HashMap</span><span class="o">&lt;&gt;();</span> <span class="k">for</span> <span class="o">(</span><span class="nc">Map</span><span class="o">.</span><span class="na">Entry</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">ApiResponse</span><span class="o">&gt;</span> <span class="n">entry</span> <span class="o">:</span> <span class="n">alertSet</span><span class="o">.</span><span class="na">getValuesMap</span><span class="o">().</span><span class="na">entrySet</span><span class="o">())</span> <span class="o">{</span> <span class="k">if</span> <span class="o">(</span><span class="n">entry</span><span class="o">.</span><span class="na">getValue</span><span class="o">()</span> <span class="o">!=</span> <span class="kc">null</span><span class="o">)</span> <span class="o">{</span> <span class="n">alertDetails</span><span class="o">.</span><span class="na">put</span><span class="o">(</span><span class="n">entry</span><span class="o">.</span><span class="na">getKey</span><span class="o">(),</span> <span class="n">entry</span><span class="o">.</span><span class="na">getValue</span><span class="o">().</span><span class="na">toString</span><span class="o">());</span> <span class="o">}</span> <span class="k">else</span> <span class="o">{</span> <span class="n">alertDetails</span><span class="o">.</span><span class="na">put</span><span class="o">(</span><span class="n">entry</span><span class="o">.</span><span class="na">getKey</span><span class="o">(),</span> <span class="s">"null"</span><span class="o">);</span> <span class="c1">// null kontrolü</span> <span class="o">}</span> <span class="o">}</span> <span class="n">alerts</span><span class="o">.</span><span class="na">add</span><span class="o">(</span><span class="n">alertDetails</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="k">return</span> <span class="n">alerts</span><span class="o">;</span> <span class="o">}</span> <span class="kd">private</span> <span class="nc">String</span> <span class="nf">formatAlertDetails</span><span class="o">(</span><span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">String</span><span class="o">&gt;</span> <span class="n">alert</span><span class="o">)</span> <span class="o">{</span> <span class="k">if</span> <span class="o">(</span><span class="n">alert</span> <span class="o">==</span> <span class="kc">null</span> <span class="o">||</span> <span class="n">alert</span><span class="o">.</span><span class="na">isEmpty</span><span class="o">())</span> <span class="o">{</span> <span class="k">return</span> <span class="kc">null</span><span class="o">;</span> <span class="c1">// Return null if map is empty or null</span> <span class="o">}</span> <span class="nc">String</span> <span class="n">risk</span> <span class="o">=</span> <span class="n">alert</span><span class="o">.</span><span class="na">get</span><span class="o">(</span><span class="s">"risk"</span><span class="o">);</span> <span class="k">if</span> <span class="o">(</span><span class="n">risk</span> <span class="o">==</span> <span class="kc">null</span> <span class="o">||</span> <span class="n">risk</span><span class="o">.</span><span class="na">equals</span><span class="o">(</span><span class="s">"Low"</span><span class="o">)</span> <span class="o">||</span> <span class="n">risk</span><span class="o">.</span><span class="na">equals</span><span class="o">(</span><span class="s">"Informational"</span><span class="o">))</span> <span class="o">{</span> <span class="k">return</span> <span class="kc">null</span><span class="o">;</span> <span class="c1">// Return null if low or informational risk</span> <span class="o">}</span> <span class="c1">// Check if necessary alert keys are available</span> <span class="k">if</span> <span class="o">(!</span><span class="n">alert</span><span class="o">.</span><span class="na">containsKey</span><span class="o">(</span><span class="s">"alert"</span><span class="o">)</span> <span class="o">||</span> <span class="o">!</span><span class="n">alert</span><span class="o">.</span><span class="na">containsKey</span><span class="o">(</span><span class="s">"confidence"</span><span class="o">)</span> <span class="o">||</span> <span class="o">!</span><span class="n">alert</span><span class="o">.</span><span class="na">containsKey</span><span class="o">(</span><span class="s">"description"</span><span class="o">)</span> <span class="o">||</span> <span class="o">!</span><span class="n">alert</span><span class="o">.</span><span class="na">containsKey</span><span class="o">(</span><span class="s">"solution"</span><span class="o">)</span> <span class="o">||</span> <span class="o">!</span><span class="n">alert</span><span class="o">.</span><span class="na">containsKey</span><span class="o">(</span><span class="s">"reference"</span><span class="o">)</span> <span class="o">||</span> <span class="o">!</span><span class="n">alert</span><span class="o">.</span><span class="na">containsKey</span><span class="o">(</span><span class="s">"url"</span><span class="o">))</span> <span class="o">{</span> <span class="k">return</span> <span class="s">"Missing required alert details."</span><span class="o">;</span> <span class="c1">// Return error message if missing information</span> <span class="o">}</span> <span class="k">return</span> <span class="s">"Alert: "</span> <span class="o">+</span> <span class="n">alert</span><span class="o">.</span><span class="na">get</span><span class="o">(</span><span class="s">"alert"</span><span class="o">)</span> <span class="o">+</span> <span class="s">"\n"</span> <span class="o">+</span> <span class="s">"Risk: "</span> <span class="o">+</span> <span class="n">risk</span> <span class="o">+</span> <span class="s">"\n"</span> <span class="o">+</span> <span class="s">"Confidence: "</span> <span class="o">+</span> <span class="n">alert</span><span class="o">.</span><span class="na">get</span><span class="o">(</span><span class="s">"confidence"</span><span class="o">)</span> <span class="o">+</span> <span class="s">"\n"</span> <span class="o">+</span> <span class="s">"Description: "</span> <span class="o">+</span> <span class="n">alert</span><span class="o">.</span><span class="na">get</span><span class="o">(</span><span class="s">"description"</span><span class="o">)</span> <span class="o">+</span> <span class="s">"\n"</span> <span class="o">+</span> <span class="s">"Solution: "</span> <span class="o">+</span> <span class="n">alert</span><span class="o">.</span><span class="na">get</span><span class="o">(</span><span class="s">"solution"</span><span class="o">)</span> <span class="o">+</span> <span class="s">"\n"</span> <span class="o">+</span> <span class="s">"Reference: "</span> <span class="o">+</span> <span class="n">alert</span><span class="o">.</span><span class="na">get</span><span class="o">(</span><span class="s">"reference"</span><span class="o">)</span> <span class="o">+</span> <span class="s">"\n"</span> <span class="o">+</span> <span class="s">"URL: "</span> <span class="o">+</span> <span class="n">alert</span><span class="o">.</span><span class="na">get</span><span class="o">(</span><span class="s">"url"</span><span class="o">)</span> <span class="o">+</span> <span class="s">"\n"</span> <span class="o">+</span> <span class="s">"--------------------"</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">shutDownZAP</span><span class="o">()</span> <span class="o">{</span> <span class="c1">// Shutdown ZAP after testing</span> <span class="k">try</span> <span class="o">{</span> <span class="n">zapClient</span><span class="o">.</span><span class="na">core</span><span class="o">.</span><span class="na">shutdown</span><span class="o">();</span> <span class="n">logger</span><span class="o">.</span><span class="na">info</span><span class="o">(</span><span class="s">"ZAP has been shut down."</span><span class="o">);</span> <span class="o">}</span> <span class="k">catch</span> <span class="o">(</span><span class="nc">ClientApiException</span> <span class="n">e</span><span class="o">)</span> <span class="o">{</span> <span class="n">logger</span><span class="o">.</span><span class="na">error</span><span class="o">(</span><span class="s">"Failed to shutdown ZAP."</span><span class="o">,</span> <span class="n">e</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> <span class="nd">@Tag</span><span class="o">(</span><span class="s">"Security"</span><span class="o">)</span> <span class="nd">@Description</span><span class="o">(</span><span class="s">"Security Test with ZAP API using TestNG"</span><span class="o">)</span> <span class="nd">@Test</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">secTest</span><span class="o">()</span> <span class="o">{</span> <span class="n">startZAPHeadless</span><span class="o">();</span> <span class="n">startZapSecurityTest</span><span class="o">(</span><span class="s">"https://yusufasik.com"</span><span class="o">);</span> <span class="n">shutDownZAP</span><span class="o">();</span> <span class="o">}</span> </code></pre> </div> <h2> Challenges &amp; Best Practices </h2> <p>⚠️ <strong>Common Pitfalls</strong></p> <ul> <li><p><strong>False Positives</strong>: Always triage results</p></li> <li><p><strong>Performance</strong>: Schedule aggressive scans off-peak</p></li> <li><p><strong>Session Handling</strong>: Reuse authenticated contexts</p></li> </ul> <p>🔑 <strong>Pro Tips</strong></p> <ol> <li><p>Start with passive scans to avoid test flakiness</p></li> <li><p>Use ZAP’s @Tags to filter irrelevant vulnerabilities <em>(Or my if statement if you dont want to deal with it)</em></p></li> <li><p>Update ZAP weekly – new vulnerabilities emerge constantly</p></li> </ol> <h2> Conclusion: Security is <em>Your</em> Responsibility Now </h2> <p>SDETs are uniquely positioned to democratize security testing. By embedding ZAP into your automation framework, you:</p> <ul> <li><p>Catch vulnerabilities <strong>before they reach production</strong></p></li> <li><p>Build security into the team’s daily workflow</p></li> <li><p>Elevate your role from test author to quality architect</p></li> </ul> <p><em>Ready to try it?</em> Drop your ZAP questions below or share how you’ve integrated security testing! 👇</p> programming security selenium zap The Ultimate Guide to Web Accessibility Testing: From Screen Readers to LighthouseCI Yusuf Aşık Sun, 23 Mar 2025 12:39:49 +0000 https://dev.to/bugnificent/the-ultimate-guide-to-web-accessibility-testing-from-screen-readers-to-lighthouseci-2oa4 https://dev.to/bugnificent/the-ultimate-guide-to-web-accessibility-testing-from-screen-readers-to-lighthouseci-2oa4 <h1> Accessibility Testing </h1> <p>Accessibility testing is one of the most underrated yet critical aspects of web development. As someone who’s both a dark-mode addict and a self-proclaimed "bug magnet," I’ve come to realize that accessibility isn’t just about supporting disabled users—it’s about creating a seamless, inclusive experience for everyone.</p> <h2> What is Accessibility Testing? </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F85potok4mzds0keffmxu.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F85potok4mzds0keffmxu.jpg" alt=" " width="400" height="400"></a></p> <p>Accessibility testing ensures that web applications are usable by everyone, including individuals with visual, auditory, motor, and cognitive impairments. This process follows the Web Content Accessibility Guidelines (WCAG) to ensure web content is:</p> <ul> <li> <strong>Perceivable</strong> — Content must be presented in a way that users can experience (e.g., alternative text for images, captions for videos).</li> <li> <strong>Operable</strong> — Users should be able to navigate and interact seamlessly (e.g., keyboard accessibility, no time-based restrictions).</li> <li> <strong>Understandable</strong> — Content must be clear and predictable (e.g., user-friendly error messages, readable text).</li> <li> <strong>Robust</strong> — Web content should be compatible with assistive technologies like screen readers and voice navigation.</li> </ul> <h2> Understanding WCAG </h2> <p>The Web Content Accessibility Guidelines (WCAG), developed by the W3C (Yes! like Selenium), are international standards designed to make the web more inclusive.</p> <h3> WCAG Compliance Levels: </h3> <ul> <li> <strong>A (Basic)</strong> — Covers fundamental accessibility features (e.g., alternative text for images).</li> <li> <strong>AA (Recommended)</strong> — Addresses major barriers (e.g., proper color contrast, keyboard focus).</li> <li> <strong>AAA (Advanced)</strong> — Ensures the highest level of accessibility (e.g., sign language interpretation).</li> </ul> <h2> Manual Accessibility Testing Tools </h2> <p>While automated tools detect many issues, manual testing is crucial to ensure a truly accessible user experience.</p> <h3> Screen Readers: </h3> <ul> <li> <strong>NVDA (NonVisual Desktop Access)</strong> — Free, open-source screen reader for Windows.</li> <li> <strong>JAWS (Job Access With Speech)</strong> — Paid, widely used in corporate environments.</li> <li> <strong>VoiceOver (Mac &amp; iOS)</strong> — Built-in screen reader for Apple devices.</li> </ul> <h3> Browser Extensions: </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4kub0fjddwnlijlnpnkf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4kub0fjddwnlijlnpnkf.png" alt=" " width="799" height="319"></a></p> <ul> <li> <strong>WAVE (Web Accessibility Evaluation Tool)</strong> — Highlights accessibility errors visually.</li> <li> <strong>Axe DevTools</strong> — Detects WCAG violations and suggests code fixes.</li> <li> <strong>Accessibility Insights (Microsoft)</strong> — Assists in testing keyboard navigation, ARIA roles, and screen reader compatibility.</li> </ul> <p><a href="https://yusufasik.com/assets/files/test-results/accessibility-insight-report.html" rel="noopener noreferrer">Accessibility FastPass Report</a></p> <h3> Keyboard Navigation Testing: </h3> <ul> <li>Test your website using <code>Tab</code>, <code>Shift+Tab</code>, <code>Enter</code>, <code>Space</code>, <code>Esc</code>, and <code>Arrow</code> keys.</li> <li>Ensure focus indicators are clearly visible using <code>:focus</code> in CSS.</li> <li>Prevent keyboard traps (users should be able to exit modals using the <code>Esc</code> key).</li> </ul> <h2> Automated Accessibility Testing Tools </h2> <p>Speed up your accessibility testing by integrating automated tools into your workflow!</p> <h3> Google Lighthouse (Built into Chrome DevTools) </h3> <ul> <li>Checks accessibility, performance, and SEO in one go.</li> <li>Run via <strong>Chrome DevTools</strong> → <strong>Lighthouse Tab</strong>.</li> </ul> <h3> Pa11y (CLI Tool for Automated Testing) </h3> <ul> <li>Executes accessibility tests via the command line.</li> <li>Manual testing is possible with just a couple of commands.</li> <li>Easily integrates into CI/CD pipelines.</li> </ul> <h4> Example Pa11y Run with Custom Options from CLI: </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#bash</span> pa11y https://example.com <span class="se">\</span> <span class="nt">--runner</span> axe <span class="se">\</span> <span class="nt">--reporter</span> html <span class="o">&gt;</span> report.html <span class="se">\</span> <span class="nt">--standard</span> WCAG2AA <span class="se">\</span> <span class="nt">--timeout</span> 30000 <span class="se">\</span> <span class="nt">--hide-elements</span> <span class="s1">'#ad-banner, .popup'</span> </code></pre> </div> <h3> axe-core + Selenium/WebDriver </h3> <ul> <li>Automates accessibility tests within Selenium-based test suites.</li> <li>Ensures elements have correct labels, alt text, and keyboard focus.</li> </ul> <h4> Dependencies: </h4> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;dependencies&gt;</span> <span class="c">&lt;!-- Selenium WebDriver --&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.seleniumhq.selenium<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>selenium-java<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>4.29.0<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="c">&lt;!-- Axe-Core Selenium --&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>com.deque.html.axe-core<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>selenium<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>4.10.1<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="nt">&lt;/dependencies&gt;</span> </code></pre> </div> <h4> Selenium Example: </h4> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">import</span> <span class="nn">static</span> <span class="n">com</span><span class="o">.</span><span class="na">velespit</span><span class="o">.</span><span class="na">utilities</span><span class="o">.</span><span class="na">Driver</span><span class="o">.*;</span> <span class="kn">import</span> <span class="nn">com.deque.html.axecore.results.Results</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">com.deque.html.axecore.results.Rule</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">com.deque.html.axecore.selenium.AxeBuilder</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.junit.Test</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.openqa.selenium.JavascriptExecutor</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.net.URL</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.util.List</span><span class="o">;</span> <span class="nd">@Test</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">accessTest</span><span class="o">()</span> <span class="o">{</span> <span class="k">try</span> <span class="o">{</span> <span class="n">getDriver</span><span class="o">().</span><span class="na">get</span><span class="o">(</span><span class="s">"https://yusufasik.com"</span><span class="o">);</span> <span class="no">URL</span> <span class="n">axeScriptUrl</span> <span class="o">=</span> <span class="nc">AccessibilityTest</span><span class="o">.</span><span class="na">class</span><span class="o">.</span><span class="na">getResource</span><span class="o">(</span><span class="s">"/axe.min.js"</span><span class="o">);</span> <span class="nc">JavascriptExecutor</span> <span class="n">js</span> <span class="o">=</span> <span class="o">(</span><span class="nc">JavascriptExecutor</span><span class="o">)</span> <span class="n">getDriver</span><span class="o">();</span> <span class="n">js</span><span class="o">.</span><span class="na">executeScript</span><span class="o">(</span><span class="s">"var script = document.createElement('script');"</span> <span class="o">+</span> <span class="s">"script.src = arguments[0];"</span> <span class="o">+</span> <span class="s">"document.head.appendChild(script);"</span><span class="o">,</span> <span class="n">axeScriptUrl</span><span class="o">.</span><span class="na">toString</span><span class="o">());</span> <span class="nc">AxeBuilder</span> <span class="n">axeBuilder</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">AxeBuilder</span><span class="o">();</span> <span class="nc">Results</span> <span class="n">results</span> <span class="o">=</span> <span class="n">axeBuilder</span><span class="o">.</span><span class="na">analyze</span><span class="o">(</span><span class="n">getDriver</span><span class="o">());</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">Rule</span><span class="o">&gt;</span> <span class="n">violations</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="na">getViolations</span><span class="o">();</span> <span class="k">if</span> <span class="o">(</span><span class="n">violations</span><span class="o">.</span><span class="na">isEmpty</span><span class="o">())</span> <span class="o">{</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"No accessibility issues found."</span><span class="o">);</span> <span class="o">}</span> <span class="k">else</span> <span class="o">{</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Accessibility Issues Found:"</span><span class="o">);</span> <span class="k">for</span> <span class="o">(</span><span class="nc">Rule</span> <span class="n">violation</span> <span class="o">:</span> <span class="n">violations</span><span class="o">)</span> <span class="o">{</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Violation: "</span> <span class="o">+</span> <span class="n">violation</span><span class="o">.</span><span class="na">getId</span><span class="o">());</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Description: "</span> <span class="o">+</span> <span class="n">violation</span><span class="o">.</span><span class="na">getDescription</span><span class="o">());</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Help: "</span> <span class="o">+</span> <span class="n">violation</span><span class="o">.</span><span class="na">getHelp</span><span class="o">());</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Help URL: "</span> <span class="o">+</span> <span class="n">violation</span><span class="o">.</span><span class="na">getHelpUrl</span><span class="o">());</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Impact: "</span> <span class="o">+</span> <span class="n">violation</span><span class="o">.</span><span class="na">getImpact</span><span class="o">());</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Tags: "</span> <span class="o">+</span> <span class="n">violation</span><span class="o">.</span><span class="na">getTags</span><span class="o">());</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Nodes: "</span> <span class="o">+</span> <span class="n">violation</span><span class="o">.</span><span class="na">getNodes</span><span class="o">().</span><span class="na">size</span><span class="o">());</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"--------------------"</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="k">catch</span> <span class="o">(</span><span class="nc">Exception</span> <span class="n">e</span><span class="o">)</span> <span class="o">{</span> <span class="n">e</span><span class="o">.</span><span class="na">printStackTrace</span><span class="o">();</span> <span class="o">}</span> <span class="k">finally</span> <span class="o">{</span> <span class="n">closeDriver</span><span class="o">();</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <h2> Integrating Accessibility Testing into CI/CD Pipelines </h2> <p>Want to ensure accessibility compliance continuously? Automate it in your CI/CD workflow:</p> <h3> Lighthouse CI (Jenkins) </h3> <h4> <code>machine-setup.sh</code> </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nb">set</span> <span class="nt">-euxo</span> pipefail <span class="c"># Add Chrome's apt-key</span> <span class="nb">echo</span> <span class="s2">"deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main"</span> | <span class="nb">sudo tee</span> <span class="nt">-a</span> /etc/apt/sources.list.d/google.list wget <span class="nt">-q</span> <span class="nt">-O</span> - https://dl.google.com/linux/linux_signing_key.pub | <span class="nb">sudo </span>apt-key add - <span class="c"># Add Node's apt-key</span> curl <span class="nt">-sL</span> https://deb.nodesource.com/setup_20.x | <span class="nb">sudo</span> <span class="nt">-E</span> bash - <span class="c"># Install NodeJS and Google Chrome</span> <span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> nodejs google-chrome-stable </code></pre> </div> <h4> <code>job.sh</code> </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nb">set</span> <span class="nt">-euxo</span> pipefail npm <span class="nb">install </span>npm run build <span class="nb">export </span><span class="nv">CHROME_PATH</span><span class="o">=</span><span class="si">$(</span>which google-chrome-stable<span class="si">)</span> <span class="nb">export </span><span class="nv">LHCI_BUILD_CONTEXT__EXTERNAL_BUILD_URL</span><span class="o">=</span><span class="s2">"</span><span class="nv">$BUILD_URL</span><span class="s2">"</span> npm <span class="nb">install</span> <span class="nt">-g</span> @lhci/cli@0.14.x lhci autorun </code></pre> </div> <blockquote> <p>Make sure to check full guide in my repo:</p> </blockquote> <p><a href="https://github.com/bugnificent/ci-cd_test" rel="noopener noreferrer">GitHub Repository</a></p> <h3> Pa11y CI </h3> <ul> <li>Integrates accessibility checks into CI/CD pipelines.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpyvlmsr4kcaoya5qcd2g.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpyvlmsr4kcaoya5qcd2g.png" alt=" " width="800" height="388"></a></p> <h3> Axe CLI + Jest </h3> <ul> <li>Adds automated accessibility tests to unit testing.</li> </ul> <h2> When Should Accessibility Testing Be Performed? </h2> <ul> <li> <strong>During Development</strong> — Use linters and static analysis tools to catch accessibility issues early.</li> <li> <strong>UI Testing (System &amp; Integration Testing)</strong> — Use tools like axe, WAVE, Lighthouse.</li> <li> <strong>Before UAT (Performance &amp; Functional Testing)</strong> — Ensure accessibility features do not impact performance.</li> <li> <strong>During UAT (Final Validation Before Release)</strong> — Validate real-world usability and WCAG compliance.</li> </ul> <h2> Key Takeaways </h2> <ul> <li>Accessibility is a <strong>journey</strong>, not a checkbox.</li> <li>Manual tools (axe, NVDA) catch UX gaps; automation (Lighthouse, pa11y) <strong>scales compliance</strong>.</li> <li>Test early and often — integrate tools into your workflow with <strong>CI/CD pipelines</strong> for long-term compliance.</li> </ul> <h2> Further Reading: </h2> <ul> <li><a href="https://www.w3.org/WAI/standards-guidelines/wcag/" rel="noopener noreferrer">WCAG 2.1 Guidelines</a></li> <li><a href="https://www.deque.com/axe/" rel="noopener noreferrer">Deque’s axe Core Library</a></li> <li><a href="https://developers.google.com/accessibility" rel="noopener noreferrer">Google’s Accessibility Fundamentals</a></li> </ul> <p><em>Make accessibility a priority because the web should be for everyone!</em></p> tutorial learning automation programming