April Meetup - Symbolic execution, Unity automation and working with legacy code

This time, we have the top floor sauna room booked at F-Secure, so bring a towel if you want to enjoy sauna as well! We will have some fruit for everyone, but if you’d like to have anything else please either bring it or plan to order it to F-Secure (via Wolt or so). Also, please bring your favorite drink if you want to enjoy it in the sauna.

We will meet in the reception area at F-Secure. The door closes at 17:00 but we will be waiting for you there to let you in. If you are late, please call
one of us:
Ru: [masked]
Maaret: [masked]

Agenda:
17:30 - Welcome
17:45 - 18:15 - Symbolic Execution for Code verification - Thaís Moreira Hamasaki aka Barbie, F-Secure
18:15- 18:30 - Questions/Discussions/Break
18:30 - 19:00 - Unity Game Automation Using Appium - Ru Cindrea, Altom
19:00 - 19:15 - Questions/Discussions/Break
19:15 - 19:45 - Getting Existing Code Under Tests - Maaret Pyhäjärvi, F-Secure
19:45 - 21:00 - Sauna + discussions

Descriptions of the talks:

1. Symbolic Execution for Code verification - Thaís Moreira Hamasaki aka Barbie, F-Secure
The modern world depends and relies on the security (and safety!) of software. To protect privacy, intellectual property, customer data and even national security are goals for most of us. Analysis tools can help us to get new insights that can be used to secure software and hardware by identifying vulnerabilities and issues, before they cause harm downstream. In this talk, Barbie is focussing on using logic to automate bug detection, automate the exploit generation provided by symbolic execution engines based on SMT solvers and automated constraint solving and automate the payload generation.

2. Unity Game Automation Using Appium - Ru Cindrea, Altom
Ru will introduce the problem of testing Unity games and apps on real mobile devices and the approaches she's tried to address it. She'll also introduce an open source tool she's built for UI automation with Appium for Unity games and apps.

3. Getting Existing Code Under Tests

You have an inventory update system, code without tests and you’re asked to extend its functionality: “Feel free to make any changes and add any new code as long as everything still works correctly”. This is where Gilded Rose Kata starts. In this talk, we take Gilded Rose Kata by Emily Bache and bring it under tests using Code Coverage and ApprovalTests. The talk shows, with a demo, how we can approach legacy code with “works in production”, locking existing functionality to build the safety net that allows us to change it. We’ll also look at our other option: testing the application from its documented requirements. From the demo, we come to understand coverage from four perspectives, and how developers and testers are inclined to cover different aspects. How would *you* test this?

About the speakers:

Thaís Moreira Hamasaki is a malware researcher, who focuses on static analysis, reverse engineering and logical programming. Thaís started her career within the anti-virus industry working on data and malware analysis, where she developed her knowledge on threat protection systems. She won the “best rookie speaker” award from BSides London for her first talk about “Using SMT solvers to deobfuscate malware binaries”.

Ru Cindrea is a Senior Test Consultant and Managing Partner at Altom Consulting. With more than ten years of experience in software testing, she is particularly interested in mobile testing and test automation with a special interest in mobile games.

Maaret Pyhäjärvi is a software professional with testing emphasis. She identifies as an empirical technologist, a tester and a programmer, a catalyst for improvement and a speaker. Her day job is working with a software product development team as a hands-on testing specialist. On the side, she teaches exploratory testing and makes a point of adding new, relevant feedback for test-automation heavy projects through skilled exploratory testing.