" We Smash You With The Information That Will Make Your Life Easier "

Our Blogs

37 views 0 comment
Study on Odoo Security by our partner firm

Charity begins from home! OdooQa started the study on its own website. Invesics.com is our business partner who handles Odoo security on our behalf and we work hand in hands! Following is the analysis where the references are taken from Odoo.com and some from wikipedia. Following are the highlights, the complete one is here.

 

Odoo is an all-in-one management software that offers a range of business applications that form a complete suite of enterprise management applications targeting companies of all sizes. - including CRM,website/e-commerce, billing, accounting, manufacturing, warehouse - and project management, and inventory.
• The prime benefit of Odoo is its extensible architecture. A large number of freelancers and organizations develop Odoo Apps or Modules and place them in the marketplace for sale or to be downloaded for free.
• The main Odoo components are the Open Object framework, about 30 core modules (also called official modules) and more than 5000 community modules. Most Odoo modules are available in OdooS.A' s marketplace where community could buy or download many modules for free.
• As per 9 July 2018, 15759 Apps or modules were found on the marketplace in different categories. Most modules are served in all active versions of 9.0, 10.0 and 11.0.
• Odoo uses Python scripting and PostgreSQL database. The software is accessed via a web browser in a one page app developed in JavaScript. The Community edition repository is on GitHub.

 

Below are the security practices done by Odoo team to ensure security on Odoo cloud:
• Backup and disaster recovery: Odoo provides full backups for its instances up to 3 months. Odoo also has effective disaster management practices, with worst case scenario where the users can lose maximum 24hours of work if data cannot be recovered and restores the last daily backup.
• Database security: Customer data is stored in a dedicated database, where data is not shared between clients. Data access control rules implement complete isolation between customer databases.
• Password security: Customer passwords are protected with industry standard PBKDF2+SHA512 encryption(salted + stretched for thousands of rounds).Odoo staff does not have user passwords. If you lose it, you have to reset it.
• Employee access: Odoo staff may access user accounts to fix support issues (with use of a staff authorization, not user password).
• System security: All Odoo online servers are running hardened Linux distributions. Only a few trusted Odoo engineers have clearance to remotely manage the servers. Firewall and intrusion countermeasures prevent unauthorized access.

Physical security: Security cameras are monitoring the physical data centres. Physical access to data centres where Odoo servers are located is restricted to data centre technicians only.
• Communications: All web connections to client instances are protected with 256 bit SSL encryption. Odoo servers are always under watch and patched against latest SSL vulnerabilities.

Some recent vulnerabilities in Odoo which got exploited:
• CVE-2017-10803:
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.
• CVE-2017-10804:
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 isused.
• CVE-2017-10805:
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuthsessions of other users.
• CVE-2017-9416:
Directory traversal vulnerability in tools.file open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by theOdoo service.

Overall, we found the following noteworthy problems:

1. Cookie Poisoning

2. Session Termination

3. Broken Access Control

4. Cross Site Access Forgery

5. Cross Site Scripting (XSS)

6. Code Injection

7. Using HTTP Connection

8. Sensitive Data Exposure

9. Clickjacking

10. Cross Frame Scripting (XFS)

1724 views 0 comment
Odoo Automation Testing-The Key Towards Right Automation Testing Strategy!

Imagine a scenario where you have developed a full-fledged Odoo application focusing on each and every feature. It is the best application that has been built keeping user-experience in mind. Technically you are satisfied with the performance and result of the application. You have performed all the necessary testing on your application. So you finally decide to proceed further to launch your Odoo application.

                                                               Odoo Automated Testing

Now as your application is launched in the market, suddenly you are welcomed with a list of issues. As a developer, you must be thinking that everything was working well so from where these issues came, right? Let me discuss some of the most common reasons that may be the cause of these issues:

  • Odoo application is not user-friendly

  • Technically it may be sound and easy for you to understand but not for end users

  • Turn-around time of your application is high

  • At some point, data breach issues may occur in absence of rigorous testing and many more.

So how to deal with this? Rather looking for a temporary solution you must think of a solution that can permanently help you in detecting such issues and help in eliminating it.

The best thing could be done is implementing right automation testing strategy. This can majorly help you in 3 ways as compared to the manual testing:

  • Cut down cost and efforts in testing process by building Odoo Test Automation Framework

  • Confirm the functionalities of Odoo application by making testing process repeatable

  • Reusing test automation framework when updated with new test cases and can be used for any other testing project.

Role of Test Automation Strategy:

  • Multifaceted testing covering entire spectrum of functionalities

  • Ensuring flawless performance of application under pressure

  • Elimination of manual testing errors

  • Confirms accurate functionalities of application with repeatable process

  • Improves overall test coverage while reducing software testing efforts

Odoo Automation Testing-Tools,Implementation & Benefits:

  • Majority of the Odoo Automation Testing tools are open source universal tools available through official Odoo communities. So it is easy to use and implement with your Odoo applications.

  • Selenium web drivers- generally used for conducting Odoo automated functional testing making it comprehensive and easy to use on web and desktop applications.

  • SahiPro- little same as Selenium offers thorough support for Odoo automated web application testing. It has important inbuilt APIs to handle complex tasks and execute tests effectively.

  • Appium with Selenium is used for Odoo automated mobile app testing, especially for the responsive devices. It usually tests native, hybrid and mobile apps.

  • JMeter tool is used to check the performance of the application by creating simultaneous multiple virtual users and test the performance.

  • With multiple regression testing, the application's performance speed-up with less investment in less time.

  • Majority of Odoo Automation Testing Tools have a strong infrastructure that helps with easy implementation, even for novices.

Summing up:

The effectiveness of any Odoo application can be easily checked through various automated testing strategies as discussed above.

So what's your take on this? Do you agree with us or not? Do let us know your feedback.

You can even try our Odoo Automated Testing services and compare the efficiency of your application. Good Luck!

3074 views 1 comment
ODOO Automation Testing- A Quick Glance At Major Testing Tools!

Quality Analysis is a term to which every software industry is used to. It plays an integral role in the better delivery of the software product. When it comes to open source platforms, most importantly Odoo / OpenERP, you can get different options for Automated Testing. Even though these tools are doing well in the market, not many people are fully aware about these tools and their performance benefits. 

     

                                                                                                                                   

ODOO as we all know is one of the most preferred ERP platform nowadays. The user-friendliness and ease of convenience to operate it are some of the best features that makes ODOO the fresh choice for technocrats. Being the most adaptive platform for the eCommerce sites, it makes the working easier while offering hassle-free user-interface. Even it offers some of the most advanced automated testing tools that makes software testing easier. 

With this post,you will get to know about different Automated Testing Tools,its related benefits and additional features.

So let us have a quick look at how ODOO plays an important role with testing, especially Automated testing. So here we go-:

Selenium :-

  • An open source tool that conducts functional testing of both web and desktop application.

  • It has no language barrier and developers/testers can use the language in which they are comfortable with.

  • It is community-based platform independent tool that is available free on the web.

  • It needs third-party framework, language bindings and other features to be fully functional.

  • It requires comprehensive in-depth knowledge from testers.

Sahi Pro :-

  • One of the best testing tools that offers thorough support required for Automation Testing.

  • It has all in-built APIs that are required by majority of the complex tasks.

  • It features multi-browser support for execution of programs.

  • The in-built Sahi Controller runs all the tests and so no need of additional tools to run and execute the tests.

  • Installation process is little complex, but once installed it performs entire tests flawlessly.

Appium :-

  • It is a test automation framework built to test native,hybrid and mobile apps.

  • The apps are designed for iOS, Android and Windows platform for real devices and simulators too.

  • Supports cross-platform apps and so it allows testing different platform-based apps using same API.

  • Allows users to choose language that has Selenium client libraries.

Jmeter :-

  • It is Java-based tool designed for load testing.

  • It tests the behavior of the application and also measures website performance.

  • It tests both Static and Dynamic Resources that includes :

                                > HTTP and HTTPS websites.

                                > Databases, FTP & Mail Servers PHP.

                                > ASP.NET and JAVA language.

                                > SOAP/REST web services.

  • It simulates and mocks load on the server for analyzing overall performance of the application or website that undergoes test. 

We strongly believe in delivering high standard quality analysis to our clients and customers while being updated with the latest tools and technologies. As a result, at ODOOQA, we perform quality analysis and testing using newest technologies and tools.

Are you also looking for Automated Testing for your web or application? You can reach us with your requirements and get your project automated tested.