STARWEST 2017 - Security Testing

Critical thinking is the kind of thinking that specifically looks for problems and mistakes. Regular people don't do a lot of it. However, if you want to be a great tester, you need to be a great critical thinker. Critically-thinking testers save projects from dangerous assumptions and ultimately from disasters. The good news is that critical thinking is not just innate intelligence or a talent—it's a learnable and improvable skill you can master. Michael Bolton shares the specific techniques and heuristics of critical thinking and presents realistic testing puzzles that help you practice...

In the tradition of James Whittaker’s book series, How to Break Software, Jon Hagar applies the testing “attack” concept to mobile and embedded software systems. First, Jon defines the environments of mobile and embedded software. He then examines the issues of software product failures caused by defects found in these types of software. Next, Jon shares a set of attacks against mobile and embedded software based on common modes of failure that teams can direct against their software. Like different kinds of software design patterns, attacks are test design patterns that must be...

Influence diagrams provide a simple-to-create and easy-to-understand approach to address the complexities of real-life problems. As testers, we may want to find more bugs, but this may have an unintended consequence for developers. Developers now have more defects to debug, which affects their capacity to deliver new functionality. Isabel Evans has found that influence diagrams provide a means of understanding and managing the complexities of key interactions among testers, developers, and business stakeholders. In the past few years, Isabel has used influence diagrams as a tool to...

As testers, we know that we can define many more test cases than we will ever have time to design, execute, and report. The key problem in testing is choosing a small, “smart” subset—from the almost infinite number of tests available—that will find a large percentage of the defects. Join Lee Copeland to discover how to design test cases using formal black-box techniques, including equivalence class testing, boundary value testing, decision tables, and state-transition diagrams. Explore examples of each of these techniques in action. Don’t just pick test cases randomly. Learn to selectively...

Many organizations find that test automation does not work as well as they thought it would. In many cases, these failures are due to generic technical reasons, which can be fixed with relative ease. Solutions that have worked well for others are patterns; these test automation patterns are common to automation efforts at any level with whatever tools you are using. Dot Graham focuses on often-neglected technical issues—i.e., non-management issues—and the patterns that help solve them. These are not development or code patterns—this is a code-free tutorial. Using a set of patterns...

Have you ever worked on a project where you felt testing was thorough and complete—all features were covered and all tests passed—yet in the first week in production the software had serious issues and problems? Join Dawn Haynes to learn how to inject robustness testing into your projects to uncover those issues before release. Robustness—an important and often overlooked area of testing—is the degree to which a system operates correctly in the presence of exceptional inputs or stressful environmental conditions. Dawn shows you how—by expanding basic tests and incorporating specific...

In test automation, we must often use several tools that have been developed or acquired over time with little consideration of an overall plan or architecture and no consideration for how to integrate the tools. As a result, productivity suffers and frustrations increase. Join Mike Sowers as he shares experiences from multiple organizations in creating an integrated test automation plan and developing a test automation architecture. Mike discusses both the good (engaging the technical architecture team) and the bad (too much isolation between test automators and test designers) on...

Service virtualization provides many benefits for both development and test teams. For testers, service virtualization empowers them to work in parallel with their development counterparts and take control of their own schedules. They no longer have to wait for development to complete their work or to get access to a restricted system such as a mainframe or a third party API. Test teams can get the basic details from dev and/or use a sample request and response pair to create a virtual service themselves. With no need to wait on others to start testing, testing can start at...

Creating automated tests for your team stories, integration, or regression test cycles within agile sprints is almost every tester’s top challenge. Usually it consumes many hours and requires a great deal of effort to achieve, especially in complex and large agile projects. Teams need to deliver software as quickly as they can while producing the best possible product quality. Talal Ibdah shows how you can achieve these goals and automate your API functional and performance tests; define test environments and configuration files; make chaining requests; continuously deliver your...

Test automation, one of several key technical enablement practices, allows teams to be more successful in their agile journeys. Although there are many test practices and automation tools available for software development teams to leverage, few data-centric testing tools are targeted to data-related development and testing, leaving data warehousing and business intelligence teams thinking they can't possibly automate their tests. Cher Fox explores why test automation is important to agile data teams, discusses why they aren’t automating their tests today, and investigates the path to test...

The concept of “shifting testing left” in the software development lifecycle is not new. Shifting testing from manual to automated and then upstream into engineering is a driving factor in DevOps and agile software development. However, Michael Nauman wonders why test automation, DevOps, and agile software development still frequently fail to deliver on their promises? Aligning and hardening your DevOps and test automation—along with streamlining your agile processes—is critical to your project. Michael shares how AutoCAD’s shifting testing left enabled improvements within their...

The age of the Internet of Things (IoT) has come. IoT devices enable a new realm of services and applications—medical devices, fitness and fashion, appliances, industrial, etc. The market is expected to exceed $1.7 trillion by 2020 with more than 200 billion connected devices—and 90 percent of automobiles. Join Amir Rozenberg as he describes the ingredients to ensure quality IoT applications: IoT-enabled lab, test tools and methodologies, and compliance and test evidence. Test professionals need to expand their perspective to include IoT; new IoT dev testers need to adopt proven...

Container-based and microservices architectures have become the ideal setting for faster development cycles and more robust applications. As companies shift to these technologies, an integral part of the solution is the development of a continuous performance testing pipeline. Adopting a containerized architecture presents a variety of challenges. There are concerns about introducing additional overhead into the application performance. At the same time, a new paradigm implies defining new testing strategies, new metrics, and new tools that can better adapt to these architectures....