Thursday, October 27, 2011
Geb: very groovy browser automation… web testing, screen scraping and more
Found this tool that allow for web browser automation via Groovy and WebDriver. It has a very good documentation for such a young project (0.6.1). Andre Steingress makes as a nice PPT here
Garmr: tool to automate security testing
Wednesday, October 26, 2011
Test Scribe for MTM 2010
http://talkabouttests.com/ talks about a power tools called Test Scribe to enhance Microsoft Test Manager 2010. Test Scribe needs to be installed on TFS:
Test Scribe is a documentation power tool designed to construct documents directly from the TFS for test plan and test run artifacts for the purpose of discussion, reporting etc.Basically, it exports your test plan to Word, which is nice when you want to communicate them to the client or a 3rd party
Tuesday, October 25, 2011
This is scary: Cautionary tale: Do you know where your customer database is?
[...]not just one, but TWO customer database files — one 4 MB .txt file and one 13 MB .bak file that was also plain text — comprised of ~11,000 users, each containing varying amounts of confidential information as noted above. From http://www.zdnet.com/blog/btl/cautionary-tale-do-you-know-where-your-customer-database-is/61811It is at once sad and scary that this kind of mistakes would still happen. Come on! Governance and professionalism anyone???
Google Advanced Search
Highly interesting article on how Google can be a better friend than it already is: http://www.zdnet.com/blog/seo/how-to-become-a-search-ninja-harnessing-the-true-power-of-google-part-1/1881
Manual penetration testing
Taken from: http://www.esecurityplanet.com/network-security/penetration-testing-shows-unlikely-vulnerabilities.html
Overall, the goal of Spider Labs penetration testing efforts weren't just about seeing how far they could get, it was aslo about seeing what organizations were able to detect. Linn stressed that persistence in penetration testing is key in order to dig deeper just like real criminals would do.
"These types of vulnerabilities are not the things that an automated scan will find," Percoco said. "The things we find commonly through the manual process ends up getting us awesome results in the end."
Agility Platform
ServiceMesh is now at 7.3 of its platform called Agility Platform. I missed a few... anyway, part of the platform is the Planner which is
Agility Planner leverages existing application and platform information sources including CMDBs, and combines this with service provider capabilities and SLA parameters, to analyze, classify, and score each workload according to a programmable criteria set. Agility Planner generates Cloud Readiness™ and Cloud Value™ scores and recommends which service providers are most appropriate for each workload by automatically comparing needs to current market offerings.http://www.servicemesh.com/agility-platform/agility-planner/
Thursday, October 13, 2011
Testing in production
http://searchsoftwarequality.techtarget.com/answer/Release-management-Software-testing-in-production raise the question of whether it is okay to test in production. Some say "never", the author is more nuanced in his answer. So far, I've never had the chance to work in projects where the pre-production or QA environment were conform replicas to the production environment and therefor I've always seen the need to test in production.
A new vulnerability is discovered in a library on the application server or the database server or IT has to make a change in the production environment, etc. There are a large number of reasons why we not only can but must test in production. It does need to be bounded by processes and communication streams more stringent than in the development environment so that tests don't triggers alarms (DoS for exemple) or don't skew the stats but planning for test in production is a must if one does not want to have very unpleasant conversation with the CSO...
A new vulnerability is discovered in a library on the application server or the database server or IT has to make a change in the production environment, etc. There are a large number of reasons why we not only can but must test in production. It does need to be bounded by processes and communication streams more stringent than in the development environment so that tests don't triggers alarms (DoS for exemple) or don't skew the stats but planning for test in production is a must if one does not want to have very unpleasant conversation with the CSO...
Add automatic test to your bug report
Selenium is a very nice tool: it's a huge benefit to the software community. A good idea is to use it during exploratory testing and, when a incident is found, register the selenium script in the report so that it is easy to recap the steps to reproduce the problem before and after the fix.
It apparently is easy to export a script in different format, such as RSpec for Ruby. Have a look here: http://www.techdarkside.com/generating-rspec-tests-with-selenium-ide
It apparently is easy to export a script in different format, such as RSpec for Ruby. Have a look here: http://www.techdarkside.com/generating-rspec-tests-with-selenium-ide
Insight into Silicon Valley
This blog (http://svstartup.com/w/Main_Page) is chuck full of information regarding the Silicon Valley, it's culture and values.
Tips for startups
Good reminder about what needs to be done setting up shop: http://www.bytestart.co.uk/content/24/24_6/ten-top-tips-successful-startup.shtml
First tip is: write a business plan. I think a business plan is mostly for ourselves, just to figure things out in a systematic approach. Could be useful with banks, not for VC and certainly not as convincing as real customer, especially, real repeat customers. Anyway, a good pointer on the subject: http://www.bytestart.co.uk/content/businessplans/30_1/writing-your-business-plan.shtml
First tip is: write a business plan. I think a business plan is mostly for ourselves, just to figure things out in a systematic approach. Could be useful with banks, not for VC and certainly not as convincing as real customer, especially, real repeat customers. Anyway, a good pointer on the subject: http://www.bytestart.co.uk/content/businessplans/30_1/writing-your-business-plan.shtml
A Conversation with Fred Wilson and Carlota Perez
A great interview very well worth watching if you have any stakes in the web industry. As a background, have a look at this power point presentation
Sunday, October 2, 2011
Agile: Where does QA fits in
QA, along with architecture, is getting back into the equation for agile development. Good Ol' pendulum is swinging back to balance. So, to this simple question of the role of QA, or testing for that matter, we get this fairly simple answer from All About Agile:
So, our answer is that good professional testers must be in the Scrum team. Ideally that means 100% allocated to one team. At a minimum, 50% allocated to one Scrum team.
Where does QA fit in? Well, usually the testers are aka QA people. Sometimes QA means truly "quality assurance" per se, in which case the QA people look at the Scrum team (and the process elsewhere as well) to see if sufficient quality is being baked in in the best possible way.
Pricing: irrational and rational mixing it up under the curve
I found this article title You're Pricing it Wrong: Software Princing Demystified
Being who I am, I never thought beyond the Demand Curve:
Being who I am, I never thought beyond the Demand Curve:
The sweet point is where the intersection forms the largest rectangle. This rectangle represents the calculation ofThe rest of the article allowed me to think a bit less rationally and find a bit of relevance for marketing.sales×price, and the biggest rectangle represents the biggest revenue.
Saturday, October 1, 2011
Release Management
This is a short article that needs to be read: http://searchsoftwarequality.techtarget.com/answer/What-tools-are-required-for-effective-release-management
What, then, are the must-haves in a technology-based, modern release management system?
- Visibility: We need to know real-time, what the status of the releases are. We need a release calendar that lets us see when things are happening so we can balance the release workload.
- Control: Every stakeholder must be able to give their electronic signature to approve, and it needs to be reportable and auditable.
- Reporting: We need to track our performance against our KPI’s and SLA’s, and we need early warning when we are out of range on these numbers.
- Vault: This should contain the master code that is destined for production: no more developers each having their own path to production, no more developers with root access.
- Deployment automation: We need a repeatable and predictable technology that consistently deploys our code and backs it out automatically if things go wrong.
Continuous Integration -->Continuous Deployment...
http://searchsoftwarequality.techtarget.com/feature/Continuous-integration-Tools-and-trends
But, according to Paul Duvall, author of Continuous Integration: Improving Software Quality and Reducing Risk,continuous deployment can go a step further. “Simply said, continuous deployment implies that you’re deploying your software to some environment, but it doesn’t mean that you’re delivering software to users,” he explains. “Delivering software to users on a frequent basis is what continuous delivery is all about. Continuous deployment could be continually delivering software to just your testing environments. This is excellent, but you haven’t necessarily gotten it to production yet. Continuous delivery implies continuous deployment, while continuous deployment does not imply continuous delivery.”
Subscribe to:
Posts (Atom)
