Richard Bradshaw - 23 May 2019
Yupp, you’ve guessed it, HTTP. HyperText Transfer Protocol (HTTP/HTTPS) is the go-to language for IoT devices, in that it’s the protocol used when devices talk to each other via the internet. I know what you are thinking: what about everything we’ve heard about security in the news? Surely there is nothing more important than security in IoT? Security was a close second for me when deciding the most important thing about testing, but here’s why HTTP pipped it to the finish line…
HTTP is the main language of IoT devices; it’s the protocol used for all devices that speak to one another. Turn your heating up using your smartphone; that triggers an HTTP request that ends up at your wifi enabled thermostat and the temperature increases. Open your thermostat app on your smartphone to see the temperature in your house; your thermostat will send an HTTP response to your smartphone containing the current temperature. Learning about HTTP will naturally bring security knowledge to the forefront as that critical security knowledge is built on top of understanding HTTP and how the internet itself, works.
HTTP requests/responses are the blood running through the veins of the internet, and your IoT gadgets are sending them all the time. Without these calls, your IoT devices are just things.
Aren’t API testing and IoT testing the same?
There is, of course, a tight relationship with API testing when it comes to testing IoT devices, but our framing is slightly different when it comes to focusing on the device. We aren’t really interested in how the API responds; instead, we are interested in what calls the device makes and how it handles different responses. We need to see if it’s sending the right requests, in the right order, the right number, and with the correct data. Then for the responses, we need to see if the device can handle different data, slow responses, different status codes, no responses, missing headers, and much more. Can we confuse the device with our testing and what impact does that have on its behavior?
What should I learn first?
How much do you know about HTTP? Do you understand headers? Different status codes? Do you know how to see the traffic between your IoT devices and the internet? Do you know how to manipulate that traffic to make testing easier? If not, don’t worry as it’s such a critical topic to testing, there are plenty of resources available. If you are serious about testing IoT devices, get your HTTP knowledge up to scratch, then get to grips with tools that are going to help you with your testing and HTTP manipulation, such as WireShark and proxy tools like Charles. HTTP is powering the Internet of Things: make sure you understand its power.
If you have any questions about software testing, speak directly to our resident gurus.