a1qa supports a real estate investment and management company in ensuring smooth operation of IoT-based solutions
Portfolio

a1qa supports a real estate investment and management company in ensuring smooth operation of IoT-based solutions

A real estate company turned to a1qa for professional QA support in building testing processes from the ground up and boosting the quality of IoT-based solutions.
Cybersecurity testing
Functional testing
Performance testing
Real estate
Test automation

Overview

The client is a US-based private company owning and managing a set of commercial real estate assets in the heart of New York City.

With no QA activities in place, they chose a1qa to establish QA processes from scratch and enhance the quality of IoT-based solutions designed for streamlining navigation inside the buildings and granting multi-level access to them.

Services offered

Functional testing
UI testing
Performance testing
Cybersecurity testing
Test automation

Project scope

a1qa was engaged to help ensure the top quality of an iOS and Android mobile app as well as an administrative web portal. These IT products allow end users to manage staff and client access across buildings (e.g., elevators, building entry points, meeting rooms), navigate in the building through interactive maps and track upcoming events and news. The back-end assists companies that rent offices from the client in managing employees with multi-level access to the system.

In order to enter the building, staff members can benefit from an IoT-based system and link personal IDs to their profiles through a mobile app or a QR code.

Establishing and orchestrating QA processes

The dedicated QA team started by setting up and configuring Scrum-based QA processes from scratch.

a1qa managed workload and quickly resolved emerging issues by maintaining regular communication with both the client and the developers. Utilizing typical Scrum ceremonies, such as bug triage and retrospectives, enabled them to effectively prioritize tasks and plan accurately.

They also established a reporting practice to increase process transparency and allow the client to access project status and spot drawbacks in real-time.

Inspection of the test subject systems

The core of the solution is an application that allows administration of the processes of entering the building such as setting up access permissions, monitoring and approving all arriving guests by a security team.

In order to fine-tune the integration of the building’s server side with this app, a1qa leveraged a special lab used for scanning employees’ key cards (simulating entry situations on different floors) as well as employees’ and guests’ QR codes.

As for key cards, a1qa verified that data was read and correctly displayed in the appropriate security systems to provide the relevant access.

When it came to QR codes, a1qa took several steps to test their functionality. Firstly, they automatically generated QR codes that were identical to the ones that are typically sent to guests via email or saved in their profiles upon registering in the app. Then, a1qa utilized configured QR code readers to verify the accuracy of the scanning process for these codes.

Enhancing software quality

  • Test automation

To speed up testing activities and cover the extensive smoke testing scope, a1qa brought test automation best practices to the table.

To simulate the actions of real users while processing guests’ invitations, automated tests interacted with the SDK of 3rd party systems through a protocol and sent a signal for accepting or declining the access to the building or its specific area. At the same time, the engineers checked that the corresponding message was displayed in the mobile application for end users.

The QA team also validated QR codes with the help of automated tests.

To get access to real mobile devices and run tests in browsers without developing separate infrastructure, the QA experts set up an AWS device farm for testing mobile applications.

The early introduction of test automation in the development process helped to significantly reduce the time required for conducting QA activities and free up client’s resources to focus on core business objectives.

  • Performance testing

The QA team evaluated the system behavior of a mobile app version under a certain load and increased the level over time.

They applied a user behavior approach to test the IoT-based system — scanning a QR code to simulate entering the building or a meeting room. It formed the basis for user journeys’ development simulating realistic load and further script preparation covering the major API requests and system functionality, including QR code generation and new guest registration.

Server-side testing encompassed the following types of checks:

  • Stress testing to define the upper limit of solution capacity and analyze its dependence on the number of concurrent users, requests, and transactions.
  • Load testing to determine whether the system was capable of coping with the target load for an extended period.

As a result of the performance testing, the QA team identified a range of critical flaws: long authorization and response time, errors associated with HTTP response codes 400, 502, 504, and other. So, a1qa recommended changing the structure of heavy API requests and optimizing the embedded elements on the main page to overcome this.

Client-side testing, in its turn, served to determine front-end speed, understand possible user experience problems, and report front-end elements for optimization.

Due to initial bugs in the software development process, the team marked that the product under test was highly vulnerable to cyberattacks.

To define the overall security level, the a1qa experts performed a vulnerability assessment based on OWASP Web and Mobile Security Testing Guides. In terms of the web application, they checked configuration, authentication, authorization, session, multiple injections, business logic, the download of diverse type files, including malicious data.

As for mobile applications, the team helped ensure high quality of their configuration, assessing the probability of traffic interception or software download under unconfirmed SSL certificates. The QA specialists also deconstructed the app to review the source code and analyze encryption algorithms to detect any keys, logins, or passwords visible in the code.

As a result, the team spotted a range of critical system flaws:

  • Use of default passwords for the admin panel
  • Transmission of data without encryption
  • Leaks of logins and passwords in logs or local files
  • Errors in authorization.

Upon completion of testing activities, they provided the client with a report on the security level of the solution based on the CVSS calculator (estimates figures based on objective criteria): security of the web app was assessed as low and medium for mobile systems.

For each detected vulnerability, the QA team proposed recommendations for improvement to enhance the overall security level of the system.

The client is highly satisfied with the delivered outcomes and appreciates the team’s commitment to helping bring stellar software performance and ensure high security level in the solution.

Technologies & tools

  • JIRA
  • Zephyr
  • Swagger
  • Zeplin
  • Fiddler
  • Grafana
  • Apache JMeter
  • Jenkins
  • iTools
  • Android
  • SDK Tools
  • Java

Results

  • Helped the client ensured smooth operation of IoT-based software, worked out a strong delivery practice, arrange a transparent testing ecosystem via setting up Scrum-based QA processes from scratch.
  • Reduced the time for conducting QA activities due to introducing test automation at the initial SDLC stages.
  • Increased the overall security level by conducting a vulnerability assessment and identifying critical system loopholes.
  • Assisted in boosting IT solution’s performance by carrying out server- and client-side testing.

In numbers

2
years of effective business partnership
5
QA specialists to enhance software quality during peak load
25%
of all spotted defects were of high and critical severity

Get in touch

Please fill in the required field.
Email address seems invalid.
Please fill in the required field.
We use cookies on our website to improve its functionality and to enhance your user experience. We also use cookies for analytics. If you continue to browse this website, we will assume you agree that we can place cookies on your device. For more details, please read our Privacy and Cookies Policy.