STAREAST 2019 - Security Testing
Monday, April 29
Blockchain Quality: Securing Trust in a Digital Age
NewBlockchain technology introduces decentralized, distributed, cryptographically linked digital structures that record information across many computers. Due to its highly secure structure, blockchain is growing at a rapid pace in the financial and automotive industries, and adoption is starting in other industries. We are also witnessing the rise of the smart contract, a set of immutable programmatic auto-enforcing rules that live on the blockchain. However, although there are many benefits, blockchain introduces a unique set of testing and quality concerns. For example, race conditions and...
Tuesday, April 30
Web Security Testing: The Basics and More
Web applications are often security critical or serve as front-ends for security critical applications, making web testing for vulnerabilities an essential part of software testing. Unfortunately, most software testers have not been taught how to identify web security issues while testing applications. Join Jeffery Payne as he shares what you need to know to security test web-based applications as part of your overall testing process. Learn about the most common web security vulnerabilities and how they are introduced into web code and exploited by hackers. Explore test techniques for...
Wednesday, May 1
Cutting through the Hype around Continuous Testing
There is a lot of hype around continuous testing these days. It seems like every product vendor has a continuous testing product and every consulting company has a continuous testing practice. But what exactly is continuous testing? And how is it different from what we've been doing in testing for the past several decades? Join Jeffrey Payne as he discusses what continuous testing is all about and how today's organizations are leveraging it to improve their quality. Learn what tools and techniques enable continuous testing, and examine the pros and cons of moving toward a more continuous...
Automated Security Scanning for Your Delivery Pipeline
Agile development and DevOps depend on an automated pipeline to build, test, and deploy code quickly. Security is all too often viewed as a manual task that is too difficult to automate and is left for later—not a good decision! Matt Grasberger says that by leveraging automated security scans with open source scanners, you can reduce the risk of security vulnerabilities, get the most out of your pipeline, and increase software quality. Matt will thoroughly explain and demonstrate several ways to implement automated security scans. Discover how to quickly test endpoints against SQL...
Excuse-Free Testing: An Open Source Tool for Simpler CI Integration
PreviewThe goal of continuous testing is to find defects earlier in the development lifecycle and release software faster to the market. This can be achieved by integrating open source functional and performance testing tools in the early stages of your software delivery lifecycle. Klaus Neuhold will explain how to integrate the open source test automation framework Taurus, and other tools such as JMeter and Selenium, as a CI step in Jenkins pipelines, so that these tools can be triggered as part of everyday code commits or builds. Taurus can run a large variety of tests and has reporting...
Thursday, May 2
The Era of Intelligent Testing
Existing QA solutions were built for a world where software changed infrequently. Highly adopted tools such as Selenium, Appium, and JUnit require a specialized skill set and too much maintenance, once you start factoring in the brittle nature of tests and the infrastructure required to run tests at scale. But there is still hope for QA in machine intelligence. Next-generation AI tools are here to help QA keep up with the agility of modern software delivery practices in two ways: by enabling manual testers who don't know how to code to automate, and by easily automating repetitive tasks so...
Security Partners or Security Police?
It’s often said that with great power comes great responsibility. As technology becomes more powerful, security becomes a great responsibility. You’ve read all the books, followed the latest updates on all the blogs and forums, or maybe you just have a gut feeling that there’s a potential for disaster. As software testers, is it our job to be the security police? If you don’t protect the public, who will? Then there is the business—who is going to protect them from themselves? You go into meetings ready to save the day only to be shot down or, even worse, ignored. What went wrong? Why were...
Lessons Learned Automating Cloud and Infrastructure Testing
As organizations embrace DevOps and IT value chain automation, we are seeing the explosive growth of infrastructure-as-code capabilities, fueled by cloud scripting technology. As infrastructure-as-code capabilities evolve, what role does testing play? Especially for continuous testing, when it comes to infrastructure provisioning and configuration? How does this approach integrate with other traditional forms of testing, such as unit, integration, and systems testing? Join Joseph Ours as he presents what he's learned about infrastructure-as-code and provides live demonstrations for...