SlideShare a Scribd company logo

Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper

Download as PPTX, PDF
Gene Gotimer
Gene Gotimer

The continuous delivery pipeline is the process of taking new or changed features from developers, and getting features deployed into production and delivered quickly to the customer. Gene Gotimer says testing within continuous delivery pipelines should be designed so the earliest tests are the quickest and easiest to run, giving developers the fastest feedback. Successive rounds of testing lead to increased confidence that the code is a viable candidate for production and that more expensive tests—time, effort, cost—are justified. Manual testing is performed toward the end of the pipeline, leaving computers to do as much work as possible before people get involved. Although it is tempting to arrange the delivery pipeline in phases (e.g., functional tests, then acceptance tests, then load and performance tests, then security tests), this can lead to serious problems progressing far down the pipeline before they are caught. Gene shows how to arrange your tests so each round provides just enough testing to give you confidence that the next set of tests is worth the investment. He explores how to get the right types of testing into your pipeline at the right points.

Software
1 of 37
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 1@CoverosGene Agility. Security. Delivered. Gene Gotimer Senior Architect
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 2@CoverosGene About Coveros • Coveros builds security-critical applications using agile methods. • Coveros Services • Agile transformations • Agile development and testing • DevOps and continuous integration • Application security analysis • Agile & Security training • Government qualifications • DCAA approved rates and accounting • TS facility clearance Areas of Expertise
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 3@CoverosGene Select Clients
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 4@CoverosGene Delivery Pipeline Process of taking a code change from developers and getting it deployed into production or delivered to the customer • Stages along the way • Later stages lead • to higher confidence • closer to production
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 5@CoverosGene Delivery Pipeline Do we have a viable candidate for production?
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 6@CoverosGene Delivery Pipeline Requirement Code Check-in Unit Tests Deploy to Test Functional Tests Deploy to Staging Acceptance Tests Deploy to Pre-Prod Quality Gate Trigger Performance Tests Security Tests Deploy to Prod Rapid Feedback No surprises
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 7@CoverosGene Goal is to Balance Early Rapid Feedback No Late Surprises
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 8@CoverosGene Everything Can’t Be First Do just enough of each type of testing early in the pipeline to determine if further testing is justified.
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 9@CoverosGene
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 10@CoverosGene Value Stream • List out steps from developer to production • That is the delivery pipeline • whether manual or automated • Identify time for each step • execution time • wait time • Helps show • where bottlenecks are • what should be automated
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 11@CoverosGene Pipeline Stages • Not hard-and-fast stages • Gradual change in focus
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 12@CoverosGene Commit Stage Commit Stage Requirement Code Check-in Unit Tests Deploy to Test Functional Tests Deploy to Staging Acceptance Tests Deploy to Pre-Prod Performance Tests Security Tests Deploy to Prod • Code-focused • Rapid feedback • 10 minutes maximum • Developers are waiting
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 13@CoverosGene Acceptance Stage Acceptance Stage Requirement Code Check-in Unit Tests Deploy to Test Functional Tests Deploy to Staging Acceptance Tests Deploy to Pre-Prod Performance Tests Security Tests Deploy to Prod • Quality-focused • Is this is a viable candidate for production?
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 14@CoverosGene End Game End Game Requirement Code Check-in Unit Tests Deploy to Test Functional Tests Deploy to Staging Acceptance Tests Deploy to Pre-Prod Performance Tests Security Tests Deploy to Prod • Delivery-focused • Steps that only get done when we are releasing • Does not begin until you are confident there will be no surprises
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 15@CoverosGene Pipeline Steps Commit Stage • Compile • Unit tests • Static analysis Acceptance Stage • Functional tests • Regression tests • Acceptance tests • System integration • Security testing • Performance testing • Exploratory testing • Usability testing End Game • Security testing • Performance testing • Exploratory testing • Usability testing • Packaging • Printed documentation • Release announcement
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 16@CoverosGene Pipeline Steps Commit Stage • Compile • Unit tests • Static analysis Acceptance Stage • Functional tests • Regression tests • Acceptance tests • System integration • Some security testing • Performance trend • Early exploratory testing • Basic usability testing End Game • Mandated security test • Full load and performance test • Continuing exploratory testing • Focus group usability testing • Packaging • Printed documentation • Release announcement Do just enough testing to determine if further testing is justified.
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 17@CoverosGene Example: Performance Testing • Short JMeter test • On development system, no isolation • 10 concurrent users for 10,000 requests • Track the trend • Answers: “Are we getting slower or faster?” • Full load and performance test • Dedicated environment, no other traffic • Production-sized servers • 1,000 concurrent users for 4 hours • Answers: “What is the sustained capacity and throughput?”
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 18@CoverosGene Example: Security Testing • Functional tests run through OWASP ZAP proxy • During early testing • Piggy-back on existing testing • Answers: “Do we have any XSS vulnerabilities?” • OpenVAS system scanning • Weekly in test environment • Looks for open network ports • Looks for software with CVEs • Answers: “Is Nessus likely to find anything?” • HP WebInspect application security scanning • By corporate security group • Looks for black-box web vulnerabilities • Answers: “Do we have any XSS vulnerabilities?” • Nessus system scanning • By corporate security group • Looks for open network ports • Looks for software with CVEs • Answers: “Is system compliant?”
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 19@CoverosGene Advantages of Earlier Testing • Quicker feedback cycle • Easier to fix problems that are found • Developer still has context of changes • Less rework on defective product • Proactive response, not reactive
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 20@CoverosGene Code-focused
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 21@CoverosGene Testing in the Commit Stage • Code-focused • Developer-centric • Rapid feedback • Developer waits until complete • 10 minutes maximum Types of Activities • Continuous integration • Compile • Unit tests • Static analysis • Dependency analysis
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 22@CoverosGene Unit Testing • Unit testing is not QA! • Developer tool • Early confirmation of code behavior • Executable documentation • Fearless refactoring
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 23@CoverosGene Code Coverage • A tool, not a target • Measures code executed while unit tests running • NOT amount of code tested • Not covered = not tested • Covered = possibly tested
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 24@CoverosGene Mutation Testing • Reruns unit tests against modified versions of your code • If tests still pass, code isn’t tested • Tests quality of tests public int foo(int i) { i--; return i; } public int foo(int i) { i++; return i; }
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 25@CoverosGene Static Analysis • Early detection of coding issues • style issues • duplicate code blocks • declared but unused variables • confusing code • race conditions • SQL injection • resource leaks
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 26@CoverosGene Third-party Components OWASP Top 10 2013: A9-Using Components with Known Vulnerabilities Scan your third-party libraries Update proactively, not reactively
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 27@CoverosGene Quality-focused
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 28@CoverosGene Testing in the Acceptance Stage • Quality-focused • Bulk of the pipeline • Until confident that you have a viable candidate for production Types of Activities • Functional tests • Regression tests • Acceptance tests • System integration • Some security testing • Performance trend • Early exploratory testing • Basic usability testing
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 29@CoverosGene Automated Deployment • Repeatable, reliable deployments • Test that through practice • Same deploy process everywhere • You will find more reasons to deploy
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 30@CoverosGene Smoke Testing • After every deployment • Must be quick • Test the deployment, not the functionality • Focus on • basic signs of life • interfaces between systems • configuration settings
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 31@CoverosGene Delivery-focused
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 32@CoverosGene Testing in the End Game • Delivery-focused • Steps that only get done when we are releasing • Tests that are too expensive to do every build • time • resources • effort • Don’t start the End Game until you are confident you won’t be surprised Types of Activities • Non-functional tests • Mandated security testing • Full load and performance test • Continuing exploratory testing • Focus group usability testing • Packaging • Printed documentation • Release announcement
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 33@CoverosGene Non-functional Testing • Availability testing • Accessibility testing • Baseline testing • Compatibility testing • Compliance testing • Configuration testing • Documentation testing • Endurance testing • Ergonomics testing • Interoperability testing • Installation testing • Internationalization testing • Load testing • Localization testing • Maintainability testing • Operational readiness testing • Performance testing • Portability testing • Recovery testing • Reliability testing • Resilience testing • Scalability testing • Security testing • Stability testing • Stress testing • Supportability testing • Testability testing • Usability testing • Volume testing Image by Andrew Stellman via http://www.stellman-greene.com/2010/02/17/nonfunctional-requirements-qa/
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 34@CoverosGene Parallel Testing • Conduct long-running tests in parallel • Upside: less elapsed time • Downside: no feedback between tests • Should already be an expectation that these tests will pass
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 35@CoverosGene
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 36@CoverosGene Summary • Early rapid feedback vs. no late surprises • Do just enough of each type of testing early in the pipeline to determine if further testing is justified
© COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 37@CoverosGene Questions? Gene Gotimer gene.gotimer@coveros.com @CoverosGene

Recommended

Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryGene Gotimer
 
Securing Apache Web Servers
Securing Apache Web ServersSecuring Apache Web Servers
Securing Apache Web ServersInformation Technology
 
System Event Monitoring for Active Authentication
System Event Monitoring for Active AuthenticationSystem Event Monitoring for Active Authentication
System Event Monitoring for Active AuthenticationCoveros, Inc.
 
Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...
Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...
Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...Sauce Labs
 
Continuous Delivery in a Legacy Shop - One Step at a Time
Continuous Delivery in a Legacy Shop - One Step at a TimeContinuous Delivery in a Legacy Shop - One Step at a Time
Continuous Delivery in a Legacy Shop - One Step at a TimeGene Gotimer
 
DevOps in a Regulated and Embedded Environment (AgileDC)
DevOps in a Regulated and Embedded Environment (AgileDC)DevOps in a Regulated and Embedded Environment (AgileDC)
DevOps in a Regulated and Embedded Environment (AgileDC)Arjun Comar
 
Code Quality - Security
Code Quality - SecurityCode Quality - Security
Code Quality - Securitysedukull
 
Building Security in Using CI
Building Security in Using CIBuilding Security in Using CI
Building Security in Using CICoveros, Inc.
 

Recommended

Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryGene Gotimer
 
Securing Apache Web Servers
Securing Apache Web ServersSecuring Apache Web Servers
Securing Apache Web ServersInformation Technology
 
System Event Monitoring for Active Authentication
System Event Monitoring for Active AuthenticationSystem Event Monitoring for Active Authentication
System Event Monitoring for Active AuthenticationCoveros, Inc.
 
Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...
Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...
Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...Sauce Labs
 
Continuous Delivery in a Legacy Shop - One Step at a Time
Continuous Delivery in a Legacy Shop - One Step at a TimeContinuous Delivery in a Legacy Shop - One Step at a Time
Continuous Delivery in a Legacy Shop - One Step at a TimeGene Gotimer
 
DevOps in a Regulated and Embedded Environment (AgileDC)
DevOps in a Regulated and Embedded Environment (AgileDC)DevOps in a Regulated and Embedded Environment (AgileDC)
DevOps in a Regulated and Embedded Environment (AgileDC)Arjun Comar
 
Code Quality - Security
Code Quality - SecurityCode Quality - Security
Code Quality - Securitysedukull
 
Building Security in Using CI
Building Security in Using CIBuilding Security in Using CI
Building Security in Using CICoveros, Inc.
 
Integrating security into Continuous Delivery
Integrating security into Continuous DeliveryIntegrating security into Continuous Delivery
Integrating security into Continuous DeliveryTom Stiehm
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security AssuranceSec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security AssuranceAbdessamad TEMMAR
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019NotSoSecure Global Services
 
Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoWeb Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoGene Gotimer
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Christian Schneider
 
Increasing Quality with DevOps
Increasing Quality with DevOpsIncreasing Quality with DevOps
Increasing Quality with DevOpsCoveros, Inc.
 
Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRogue Wave Software
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersSecurity in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersDevOps.com
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of ITCloudPassage
 
Create Disposable Test Environments with Vagrant and Puppet
Create Disposable Test Environments with Vagrant and PuppetCreate Disposable Test Environments with Vagrant and Puppet
Create Disposable Test Environments with Vagrant and PuppetGene Gotimer
 
Why should developers care about container security?
Why should developers care about container security?Why should developers care about container security?
Why should developers care about container security?Eric Smalling
 
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavOWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavAbhay Bhargav
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCSuman Sourav
 
Test parallelization using Jenkins
Test parallelization using JenkinsTest parallelization using Jenkins
Test parallelization using JenkinsRogue Wave Software
 
Implementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsImplementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsSuman Sourav
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryTechWell
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017Suman Sourav
 
Unit testing : what are you missing for security
Unit testing : what are you missing for securityUnit testing : what are you missing for security
Unit testing : what are you missing for securitySuman Sourav
 
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISECHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISEAlexander Kravchenko
 
Tecnologia aplicada a la educacion tarea 2
Tecnologia aplicada a la educacion tarea 2Tecnologia aplicada a la educacion tarea 2
Tecnologia aplicada a la educacion tarea 2rosannyg gomez
 
Change article by DA 10-12-13
Change article by DA 10-12-13Change article by DA 10-12-13
Change article by DA 10-12-13David Aitken
 

More Related Content

What's hot

Integrating security into Continuous Delivery
Integrating security into Continuous DeliveryIntegrating security into Continuous Delivery
Integrating security into Continuous DeliveryTom Stiehm
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security AssuranceSec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security AssuranceAbdessamad TEMMAR
 
Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoWeb Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoGene Gotimer
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Christian Schneider
 
Increasing Quality with DevOps
Increasing Quality with DevOpsIncreasing Quality with DevOps
Increasing Quality with DevOpsCoveros, Inc.
 
Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRogue Wave Software
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersSecurity in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersDevOps.com
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of ITCloudPassage
 
Create Disposable Test Environments with Vagrant and Puppet
Create Disposable Test Environments with Vagrant and PuppetCreate Disposable Test Environments with Vagrant and Puppet
Create Disposable Test Environments with Vagrant and PuppetGene Gotimer
 
Why should developers care about container security?
Why should developers care about container security?Why should developers care about container security?
Why should developers care about container security?Eric Smalling
 
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavOWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavAbhay Bhargav
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCSuman Sourav
 
Test parallelization using Jenkins
Test parallelization using JenkinsTest parallelization using Jenkins
Test parallelization using JenkinsRogue Wave Software
 
Implementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsImplementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsSuman Sourav
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryTechWell
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017Suman Sourav
 
Unit testing : what are you missing for security
Unit testing : what are you missing for securityUnit testing : what are you missing for security
Unit testing : what are you missing for securitySuman Sourav
 

What's hot (19)

Integrating security into Continuous Delivery
Integrating security into Continuous DeliveryIntegrating security into Continuous Delivery
Integrating security into Continuous Delivery
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security AssuranceSec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
 
Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoWeb Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to Go
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
 
Increasing Quality with DevOps
Increasing Quality with DevOpsIncreasing Quality with DevOps
Increasing Quality with DevOps
 
Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysis
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersSecurity in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps Engineers
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
 
Create Disposable Test Environments with Vagrant and Puppet
Create Disposable Test Environments with Vagrant and PuppetCreate Disposable Test Environments with Vagrant and Puppet
Create Disposable Test Environments with Vagrant and Puppet
 
Why should developers care about container security?
Why should developers care about container security?Why should developers care about container security?
Why should developers care about container security?
 
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavOWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLC
 
Test parallelization using Jenkins
Test parallelization using JenkinsTest parallelization using Jenkins
Test parallelization using Jenkins
 
Implementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsImplementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in Jenkins
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous Delivery
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017
 
Unit testing : what are you missing for security
Unit testing : what are you missing for securityUnit testing : what are you missing for security
Unit testing : what are you missing for security
 

Viewers also liked

CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISECHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISEAlexander Kravchenko
 
Tecnologia aplicada a la educacion tarea 2
Tecnologia aplicada a la educacion tarea 2Tecnologia aplicada a la educacion tarea 2
Tecnologia aplicada a la educacion tarea 2rosannyg gomez
 
Change article by DA 10-12-13
Change article by DA 10-12-13Change article by DA 10-12-13
Change article by DA 10-12-13David Aitken
 
Trabajo de ambiente word
Trabajo de ambiente wordTrabajo de ambiente word
Trabajo de ambiente wordfelipo24
 
Disney Harvard Case Study
Disney Harvard Case StudyDisney Harvard Case Study
Disney Harvard Case StudySneha Swapnil
 
Trabajo practico numeros y viñetas
Trabajo practico numeros y viñetasTrabajo practico numeros y viñetas
Trabajo practico numeros y viñetascamila uyemas
 
Modelo del grid gerencial
Modelo del grid gerencialModelo del grid gerencial
Modelo del grid gerencialChris Enriquez
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineGene Gotimer
 
Assignment - Android App Marketing Plan
Assignment - Android App Marketing PlanAssignment - Android App Marketing Plan
Assignment - Android App Marketing PlanAkash Gupta
 
Khan arbaz ali
Khan arbaz aliKhan arbaz ali
Khan arbaz alikhan ali
 
Delivery Pipeline as Code: using Jenkins 2.0 Pipeline
Delivery Pipeline as Code: using Jenkins 2.0 PipelineDelivery Pipeline as Code: using Jenkins 2.0 Pipeline
Delivery Pipeline as Code: using Jenkins 2.0 PipelineSlawa Giterman
 

Viewers also liked (20)

CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISECHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
 
Tecnologia aplicada a la educacion tarea 2
Tecnologia aplicada a la educacion tarea 2Tecnologia aplicada a la educacion tarea 2
Tecnologia aplicada a la educacion tarea 2
 
Change article by DA 10-12-13
Change article by DA 10-12-13Change article by DA 10-12-13
Change article by DA 10-12-13
 
Trabajo de ambiente word
Trabajo de ambiente wordTrabajo de ambiente word
Trabajo de ambiente word
 
Disney Harvard Case Study
Disney Harvard Case StudyDisney Harvard Case Study
Disney Harvard Case Study
 
Ground Plan
Ground PlanGround Plan
Ground Plan
 
Convocatoria Geral 2013 1
Convocatoria Geral 2013 1Convocatoria Geral 2013 1
Convocatoria Geral 2013 1
 
Asps football 2017
Asps football 2017Asps football 2017
Asps football 2017
 
IE presentation
IE presentationIE presentation
IE presentation
 
4.planejamento de tutoria
4.planejamento de tutoria4.planejamento de tutoria
4.planejamento de tutoria
 
Trabajo practico numeros y viñetas
Trabajo practico numeros y viñetasTrabajo practico numeros y viñetas
Trabajo practico numeros y viñetas
 
Ayush Verma
Ayush VermaAyush Verma
Ayush Verma
 
Survey results
Survey resultsSurvey results
Survey results
 
Modelo del grid gerencial
Modelo del grid gerencialModelo del grid gerencial
Modelo del grid gerencial
 
Labour Market Plan
Labour Market PlanLabour Market Plan
Labour Market Plan
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery Pipeline
 
Fundamentos tecnicos del baloncesto.emilyrodriguez
Fundamentos tecnicos del baloncesto.emilyrodriguezFundamentos tecnicos del baloncesto.emilyrodriguez
Fundamentos tecnicos del baloncesto.emilyrodriguez
 
Assignment - Android App Marketing Plan
Assignment - Android App Marketing PlanAssignment - Android App Marketing Plan
Assignment - Android App Marketing Plan
 
Khan arbaz ali
Khan arbaz aliKhan arbaz ali
Khan arbaz ali
 
Delivery Pipeline as Code: using Jenkins 2.0 Pipeline
Delivery Pipeline as Code: using Jenkins 2.0 PipelineDelivery Pipeline as Code: using Jenkins 2.0 Pipeline
Delivery Pipeline as Code: using Jenkins 2.0 Pipeline
 

Similar to Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper

Experiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD ProjectExperiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD ProjectGene Gotimer
 
Tests Your Pipeline Might Be Missing
Tests Your Pipeline Might Be MissingTests Your Pipeline Might Be Missing
Tests Your Pipeline Might Be MissingGene Gotimer
 
A Better, Faster Pipeline for Software Delivery
A Better, Faster Pipeline for Software DeliveryA Better, Faster Pipeline for Software Delivery
A Better, Faster Pipeline for Software DeliveryGene Gotimer
 
A better faster pipeline for software delivery, even in the government
A better faster pipeline for software delivery, even in the governmentA better faster pipeline for software delivery, even in the government
A better faster pipeline for software delivery, even in the governmentGene Gotimer
 
Agile DevOps Transformation At HUD (AgileDC 2017)
Agile DevOps Transformation At HUD (AgileDC 2017)Agile DevOps Transformation At HUD (AgileDC 2017)
Agile DevOps Transformation At HUD (AgileDC 2017)Marco Corona
 
Continuous Testing of Cloud Applications
Continuous Testing of Cloud ApplicationsContinuous Testing of Cloud Applications
Continuous Testing of Cloud ApplicationsTechWell
 
Agile testing for embedded software development
Agile testing for embedded software developmentAgile testing for embedded software development
Agile testing for embedded software developmentTom Stiehm
 
Building the Pipeline of My Dreams
Building the Pipeline of My DreamsBuilding the Pipeline of My Dreams
Building the Pipeline of My DreamsGene Gotimer
 
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTesting in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTechWell
 
DevOps in a Regulated and Embedded Environment (AgileDC)
DevOps in a Regulated and Embedded Environment (AgileDC) DevOps in a Regulated and Embedded Environment (AgileDC)
DevOps in a Regulated and Embedded Environment (AgileDC) Coveros, Inc.
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks Ulf Mattsson
 
Continuous Integration Testing Techniques to Improve Chef Cookbook Quality
Continuous Integration Testing Techniques to Improve Chef Cookbook QualityContinuous Integration Testing Techniques to Improve Chef Cookbook Quality
Continuous Integration Testing Techniques to Improve Chef Cookbook QualityJosiah Renaudin
 
Fine-Tuning of Agile Development
Fine-Tuning of Agile DevelopmentFine-Tuning of Agile Development
Fine-Tuning of Agile DevelopmentThoughtworks
 
DevOps Patterns to Enable Success in Microservices
DevOps Patterns to Enable Success in MicroservicesDevOps Patterns to Enable Success in Microservices
DevOps Patterns to Enable Success in MicroservicesRich Mills
 
Integrating Automated Testing into DevOps
Integrating Automated Testing into DevOpsIntegrating Automated Testing into DevOps
Integrating Automated Testing into DevOpsTechWell
 
DevOps Patterns to Enable Success in Microservices
DevOps Patterns to Enable Success in MicroservicesDevOps Patterns to Enable Success in Microservices
DevOps Patterns to Enable Success in MicroservicesRich Mills
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineTechWell
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldRogue Wave Software
 

Similar to Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper (20)

Experiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD ProjectExperiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD Project
 
Tests Your Pipeline Might Be Missing
Tests Your Pipeline Might Be MissingTests Your Pipeline Might Be Missing
Tests Your Pipeline Might Be Missing
 
A Better, Faster Pipeline for Software Delivery
A Better, Faster Pipeline for Software DeliveryA Better, Faster Pipeline for Software Delivery
A Better, Faster Pipeline for Software Delivery
 
A better faster pipeline for software delivery, even in the government
A better faster pipeline for software delivery, even in the governmentA better faster pipeline for software delivery, even in the government
A better faster pipeline for software delivery, even in the government
 
Agile DevOps Transformation At HUD (AgileDC 2017)
Agile DevOps Transformation At HUD (AgileDC 2017)Agile DevOps Transformation At HUD (AgileDC 2017)
Agile DevOps Transformation At HUD (AgileDC 2017)
 
Continuous Testing of Cloud Applications
Continuous Testing of Cloud ApplicationsContinuous Testing of Cloud Applications
Continuous Testing of Cloud Applications
 
Agile testing for embedded software development
Agile testing for embedded software developmentAgile testing for embedded software development
Agile testing for embedded software development
 
Building the Pipeline of My Dreams
Building the Pipeline of My DreamsBuilding the Pipeline of My Dreams
Building the Pipeline of My Dreams
 
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTesting in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
 
DevOps in a Regulated and Embedded Environment (AgileDC)
DevOps in a Regulated and Embedded Environment (AgileDC) DevOps in a Regulated and Embedded Environment (AgileDC)
DevOps in a Regulated and Embedded Environment (AgileDC)
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks
 
Continuous Integration Testing Techniques to Improve Chef Cookbook Quality
Continuous Integration Testing Techniques to Improve Chef Cookbook QualityContinuous Integration Testing Techniques to Improve Chef Cookbook Quality
Continuous Integration Testing Techniques to Improve Chef Cookbook Quality
 
Fine-Tuning of Agile Development
Fine-Tuning of Agile DevelopmentFine-Tuning of Agile Development
Fine-Tuning of Agile Development
 
DevOps Patterns to Enable Success in Microservices
DevOps Patterns to Enable Success in MicroservicesDevOps Patterns to Enable Success in Microservices
DevOps Patterns to Enable Success in Microservices
 
Continuous testing
Continuous testing Continuous testing
Continuous testing
 
Integrating Automated Testing into DevOps
Integrating Automated Testing into DevOpsIntegrating Automated Testing into DevOps
Integrating Automated Testing into DevOps
 
Plataforma DevOps en OpenShift
Plataforma DevOps en OpenShiftPlataforma DevOps en OpenShift
Plataforma DevOps en OpenShift
 
DevOps Patterns to Enable Success in Microservices
DevOps Patterns to Enable Success in MicroservicesDevOps Patterns to Enable Success in Microservices
DevOps Patterns to Enable Success in Microservices
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery Pipeline
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT world
 

More from Gene Gotimer

A Developer’s Guide to Kubernetes Security
A Developer’s Guide to Kubernetes SecurityA Developer’s Guide to Kubernetes Security
A Developer’s Guide to Kubernetes SecurityGene Gotimer
 
How I Learned to Stop Worrying and Love Legacy Code
How I Learned to Stop Worrying and Love Legacy CodeHow I Learned to Stop Worrying and Love Legacy Code
How I Learned to Stop Worrying and Love Legacy CodeGene Gotimer
 
Ten Ways To Doom Your DevOps
Ten Ways To Doom Your DevOpsTen Ways To Doom Your DevOps
Ten Ways To Doom Your DevOpsGene Gotimer
 
Keeping Your Kubernetes Cluster Secure
Keeping Your Kubernetes Cluster SecureKeeping Your Kubernetes Cluster Secure
Keeping Your Kubernetes Cluster SecureGene Gotimer
 
Keeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureKeeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureGene Gotimer
 
Explain DevOps To Me Like I’m Five: DevOps for Managers
Explain DevOps To Me Like I’m Five: DevOps for ManagersExplain DevOps To Me Like I’m Five: DevOps for Managers
Explain DevOps To Me Like I’m Five: DevOps for ManagersGene Gotimer
 
Keeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureKeeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureGene Gotimer
 
Creative Solutions to Already Solved Problems II
Creative Solutions to Already Solved Problems IICreative Solutions to Already Solved Problems II
Creative Solutions to Already Solved Problems IIGene Gotimer
 
Creative Solutions to Already Solved Problems
Creative Solutions to Already Solved ProblemsCreative Solutions to Already Solved Problems
Creative Solutions to Already Solved ProblemsGene Gotimer
 
Get to Green: How to Safely Refactor Legacy Code
Get to Green: How to Safely Refactor Legacy CodeGet to Green: How to Safely Refactor Legacy Code
Get to Green: How to Safely Refactor Legacy CodeGene Gotimer
 
DevOps for Leadership
DevOps for LeadershipDevOps for Leadership
DevOps for LeadershipGene Gotimer
 
Pyramid Discussion: DevOps Adoption in Large, Slow Organizations
Pyramid Discussion: DevOps Adoption in Large, Slow OrganizationsPyramid Discussion: DevOps Adoption in Large, Slow Organizations
Pyramid Discussion: DevOps Adoption in Large, Slow OrganizationsGene Gotimer
 
A Definition of Done for DevSecOps
A Definition of Done for DevSecOpsA Definition of Done for DevSecOps
A Definition of Done for DevSecOpsGene Gotimer
 
Open Source Security Tools for the Pipeline
Open Source Security Tools for the PipelineOpen Source Security Tools for the Pipeline
Open Source Security Tools for the PipelineGene Gotimer
 
Which Development Metrics Should I Watch?
Which Development Metrics Should I Watch?Which Development Metrics Should I Watch?
Which Development Metrics Should I Watch?Gene Gotimer
 
Bringing CD to the DoD
Bringing CD to the DoDBringing CD to the DoD
Bringing CD to the DoDGene Gotimer
 
Tests your pipeline might be missing
Tests your pipeline might be missingTests your pipeline might be missing
Tests your pipeline might be missingGene Gotimer
 
Bringing Continuous Delivery to the Enterprise: It's all about the Mindset
Bringing Continuous Delivery to the Enterprise: It's all about the MindsetBringing Continuous Delivery to the Enterprise: It's all about the Mindset
Bringing Continuous Delivery to the Enterprise: It's all about the MindsetGene Gotimer
 

More from Gene Gotimer (18)

A Developer’s Guide to Kubernetes Security
A Developer’s Guide to Kubernetes SecurityA Developer’s Guide to Kubernetes Security
A Developer’s Guide to Kubernetes Security
 
How I Learned to Stop Worrying and Love Legacy Code
How I Learned to Stop Worrying and Love Legacy CodeHow I Learned to Stop Worrying and Love Legacy Code
How I Learned to Stop Worrying and Love Legacy Code
 
Ten Ways To Doom Your DevOps
Ten Ways To Doom Your DevOpsTen Ways To Doom Your DevOps
Ten Ways To Doom Your DevOps
 
Keeping Your Kubernetes Cluster Secure
Keeping Your Kubernetes Cluster SecureKeeping Your Kubernetes Cluster Secure
Keeping Your Kubernetes Cluster Secure
 
Keeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureKeeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster Secure
 
Explain DevOps To Me Like I’m Five: DevOps for Managers
Explain DevOps To Me Like I’m Five: DevOps for ManagersExplain DevOps To Me Like I’m Five: DevOps for Managers
Explain DevOps To Me Like I’m Five: DevOps for Managers
 
Keeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureKeeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster Secure
 
Creative Solutions to Already Solved Problems II
Creative Solutions to Already Solved Problems IICreative Solutions to Already Solved Problems II
Creative Solutions to Already Solved Problems II
 
Creative Solutions to Already Solved Problems
Creative Solutions to Already Solved ProblemsCreative Solutions to Already Solved Problems
Creative Solutions to Already Solved Problems
 
Get to Green: How to Safely Refactor Legacy Code
Get to Green: How to Safely Refactor Legacy CodeGet to Green: How to Safely Refactor Legacy Code
Get to Green: How to Safely Refactor Legacy Code
 
DevOps for Leadership
DevOps for LeadershipDevOps for Leadership
DevOps for Leadership
 
Pyramid Discussion: DevOps Adoption in Large, Slow Organizations
Pyramid Discussion: DevOps Adoption in Large, Slow OrganizationsPyramid Discussion: DevOps Adoption in Large, Slow Organizations
Pyramid Discussion: DevOps Adoption in Large, Slow Organizations
 
A Definition of Done for DevSecOps
A Definition of Done for DevSecOpsA Definition of Done for DevSecOps
A Definition of Done for DevSecOps
 
Open Source Security Tools for the Pipeline
Open Source Security Tools for the PipelineOpen Source Security Tools for the Pipeline
Open Source Security Tools for the Pipeline
 
Which Development Metrics Should I Watch?
Which Development Metrics Should I Watch?Which Development Metrics Should I Watch?
Which Development Metrics Should I Watch?
 
Bringing CD to the DoD
Bringing CD to the DoDBringing CD to the DoD
Bringing CD to the DoD
 
Tests your pipeline might be missing
Tests your pipeline might be missingTests your pipeline might be missing
Tests your pipeline might be missing
 
Bringing Continuous Delivery to the Enterprise: It's all about the Mindset
Bringing Continuous Delivery to the Enterprise: It's all about the MindsetBringing Continuous Delivery to the Enterprise: It's all about the Mindset
Bringing Continuous Delivery to the Enterprise: It's all about the Mindset
 

Recently uploaded

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....ShaimaaMohamedGalal
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 

Recently uploaded (20)

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 

Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper

  • 1. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 1@CoverosGene Agility. Security. Delivered. Gene Gotimer Senior Architect
  • 2. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 2@CoverosGene About Coveros • Coveros builds security-critical applications using agile methods. • Coveros Services • Agile transformations • Agile development and testing • DevOps and continuous integration • Application security analysis • Agile & Security training • Government qualifications • DCAA approved rates and accounting • TS facility clearance Areas of Expertise
  • 3. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 3@CoverosGene Select Clients
  • 4. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 4@CoverosGene Delivery Pipeline Process of taking a code change from developers and getting it deployed into production or delivered to the customer • Stages along the way • Later stages lead • to higher confidence • closer to production
  • 5. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 5@CoverosGene Delivery Pipeline Do we have a viable candidate for production?
  • 6. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 6@CoverosGene Delivery Pipeline Requirement Code Check-in Unit Tests Deploy to Test Functional Tests Deploy to Staging Acceptance Tests Deploy to Pre-Prod Quality Gate Trigger Performance Tests Security Tests Deploy to Prod Rapid Feedback No surprises
  • 7. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 7@CoverosGene Goal is to Balance Early Rapid Feedback No Late Surprises
  • 8. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 8@CoverosGene Everything Can’t Be First Do just enough of each type of testing early in the pipeline to determine if further testing is justified.
  • 9. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 9@CoverosGene
  • 10. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 10@CoverosGene Value Stream • List out steps from developer to production • That is the delivery pipeline • whether manual or automated • Identify time for each step • execution time • wait time • Helps show • where bottlenecks are • what should be automated
  • 11. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 11@CoverosGene Pipeline Stages • Not hard-and-fast stages • Gradual change in focus
  • 12. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 12@CoverosGene Commit Stage Commit Stage Requirement Code Check-in Unit Tests Deploy to Test Functional Tests Deploy to Staging Acceptance Tests Deploy to Pre-Prod Performance Tests Security Tests Deploy to Prod • Code-focused • Rapid feedback • 10 minutes maximum • Developers are waiting
  • 13. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 13@CoverosGene Acceptance Stage Acceptance Stage Requirement Code Check-in Unit Tests Deploy to Test Functional Tests Deploy to Staging Acceptance Tests Deploy to Pre-Prod Performance Tests Security Tests Deploy to Prod • Quality-focused • Is this is a viable candidate for production?
  • 14. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 14@CoverosGene End Game End Game Requirement Code Check-in Unit Tests Deploy to Test Functional Tests Deploy to Staging Acceptance Tests Deploy to Pre-Prod Performance Tests Security Tests Deploy to Prod • Delivery-focused • Steps that only get done when we are releasing • Does not begin until you are confident there will be no surprises
  • 15. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 15@CoverosGene Pipeline Steps Commit Stage • Compile • Unit tests • Static analysis Acceptance Stage • Functional tests • Regression tests • Acceptance tests • System integration • Security testing • Performance testing • Exploratory testing • Usability testing End Game • Security testing • Performance testing • Exploratory testing • Usability testing • Packaging • Printed documentation • Release announcement
  • 16. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 16@CoverosGene Pipeline Steps Commit Stage • Compile • Unit tests • Static analysis Acceptance Stage • Functional tests • Regression tests • Acceptance tests • System integration • Some security testing • Performance trend • Early exploratory testing • Basic usability testing End Game • Mandated security test • Full load and performance test • Continuing exploratory testing • Focus group usability testing • Packaging • Printed documentation • Release announcement Do just enough testing to determine if further testing is justified.
  • 17. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 17@CoverosGene Example: Performance Testing • Short JMeter test • On development system, no isolation • 10 concurrent users for 10,000 requests • Track the trend • Answers: “Are we getting slower or faster?” • Full load and performance test • Dedicated environment, no other traffic • Production-sized servers • 1,000 concurrent users for 4 hours • Answers: “What is the sustained capacity and throughput?”
  • 18. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 18@CoverosGene Example: Security Testing • Functional tests run through OWASP ZAP proxy • During early testing • Piggy-back on existing testing • Answers: “Do we have any XSS vulnerabilities?” • OpenVAS system scanning • Weekly in test environment • Looks for open network ports • Looks for software with CVEs • Answers: “Is Nessus likely to find anything?” • HP WebInspect application security scanning • By corporate security group • Looks for black-box web vulnerabilities • Answers: “Do we have any XSS vulnerabilities?” • Nessus system scanning • By corporate security group • Looks for open network ports • Looks for software with CVEs • Answers: “Is system compliant?”
  • 19. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 19@CoverosGene Advantages of Earlier Testing • Quicker feedback cycle • Easier to fix problems that are found • Developer still has context of changes • Less rework on defective product • Proactive response, not reactive
  • 20. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 20@CoverosGene Code-focused
  • 21. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 21@CoverosGene Testing in the Commit Stage • Code-focused • Developer-centric • Rapid feedback • Developer waits until complete • 10 minutes maximum Types of Activities • Continuous integration • Compile • Unit tests • Static analysis • Dependency analysis
  • 22. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 22@CoverosGene Unit Testing • Unit testing is not QA! • Developer tool • Early confirmation of code behavior • Executable documentation • Fearless refactoring
  • 23. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 23@CoverosGene Code Coverage • A tool, not a target • Measures code executed while unit tests running • NOT amount of code tested • Not covered = not tested • Covered = possibly tested
  • 24. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 24@CoverosGene Mutation Testing • Reruns unit tests against modified versions of your code • If tests still pass, code isn’t tested • Tests quality of tests public int foo(int i) { i--; return i; } public int foo(int i) { i++; return i; }
  • 25. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 25@CoverosGene Static Analysis • Early detection of coding issues • style issues • duplicate code blocks • declared but unused variables • confusing code • race conditions • SQL injection • resource leaks
  • 26. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 26@CoverosGene Third-party Components OWASP Top 10 2013: A9-Using Components with Known Vulnerabilities Scan your third-party libraries Update proactively, not reactively
  • 27. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 27@CoverosGene Quality-focused
  • 28. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 28@CoverosGene Testing in the Acceptance Stage • Quality-focused • Bulk of the pipeline • Until confident that you have a viable candidate for production Types of Activities • Functional tests • Regression tests • Acceptance tests • System integration • Some security testing • Performance trend • Early exploratory testing • Basic usability testing
  • 29. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 29@CoverosGene Automated Deployment • Repeatable, reliable deployments • Test that through practice • Same deploy process everywhere • You will find more reasons to deploy
  • 30. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 30@CoverosGene Smoke Testing • After every deployment • Must be quick • Test the deployment, not the functionality • Focus on • basic signs of life • interfaces between systems • configuration settings
  • 31. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 31@CoverosGene Delivery-focused
  • 32. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 32@CoverosGene Testing in the End Game • Delivery-focused • Steps that only get done when we are releasing • Tests that are too expensive to do every build • time • resources • effort • Don’t start the End Game until you are confident you won’t be surprised Types of Activities • Non-functional tests • Mandated security testing • Full load and performance test • Continuing exploratory testing • Focus group usability testing • Packaging • Printed documentation • Release announcement
  • 33. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 33@CoverosGene Non-functional Testing • Availability testing • Accessibility testing • Baseline testing • Compatibility testing • Compliance testing • Configuration testing • Documentation testing • Endurance testing • Ergonomics testing • Interoperability testing • Installation testing • Internationalization testing • Load testing • Localization testing • Maintainability testing • Operational readiness testing • Performance testing • Portability testing • Recovery testing • Reliability testing • Resilience testing • Scalability testing • Security testing • Stability testing • Stress testing • Supportability testing • Testability testing • Usability testing • Volume testing Image by Andrew Stellman via http://www.stellman-greene.com/2010/02/17/nonfunctional-requirements-qa/
  • 34. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 34@CoverosGene Parallel Testing • Conduct long-running tests in parallel • Upside: less elapsed time • Downside: no feedback between tests • Should already be an expectation that these tests will pass
  • 35. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 35@CoverosGene
  • 36. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 36@CoverosGene Summary • Early rapid feedback vs. no late surprises • Do just enough of each type of testing early in the pipeline to determine if further testing is justified
  • 37. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 37@CoverosGene Questions? Gene Gotimer gene.gotimer@coveros.com @CoverosGene

Editor's Notes

  1. Thanks for the opportunity to speak today. My name is Gene Gotimer. I’m a senior architect with Coveros, and I’m going to talk about developing your delivery pipeline. Specifically, I’m going to talk about where to put different types of testing into your process to make sure your pipeline is efficient and effective. Hopefully, this will be useful whether you are doing continuous delivery or not, whether you have a lot of automation or are doing things largely manually. The continuous delivery pipeline is the process of taking new or changed features from developers, and getting features deployed into production and delivered quickly to the customer. Gene Gotimer says testing within continuous delivery pipelines should be designed so the earliest tests are the quickest and easiest to run, giving developers the fastest feedback. Successive rounds of testing lead to increased confidence that the code is a viable candidate for production and that more expensive tests—time, effort, cost—are justified. Manual testing is performed toward the end of the pipeline, leaving computers to do as much work as possible before people get involved. Although it is tempting to arrange the delivery pipeline in phases (e.g., functional tests, then acceptance tests, then load and performance tests, then security tests), this can lead to serious problems progressing far down the pipeline before they are caught. Gene shows how to arrange your tests so each round provides just enough testing to give you confidence that the next set of tests is worth the investment. He explores how to get the right types of testing into your pipeline at the right points.
  2. Coveros is a consulting company that helps organizations build better software. We provide software development, application security, QA/testing, and software process improvement services. Coveros focuses on organizations that must build and deploy software within the constraints of significant regulatory or compliance requirements. The primary markets we serve include: DoD, Homeland Security & associated critical infrastructure companies, Healthcare providers, and Financial services institutions
  3. These are some of the organization’s our team and corporate executives have helped build better software. While many of these organization’s are large, we have significant experience helping orgs of all size address software challenges.
  4. Doesn’t have to be automated. More automated is better, but we have a delivery pipeline anyway.
  5. The goal of the delivery pipeline is to build confidence that we have a viable candidate for production.
  6. The further you get through the pipeline, the more expensive the stage gates are to pass: the tests are harder to set up and take longer to run. That means feedback take longer to get. Conversely, the closer to the front of the pipeline, the tests are quicker and easier and will be run far more often. And the feedback will be available that much quicker. Invest first in automation where it is easier and will run more often. You’ll get the most obvious payoff.
  7. Thoughtworks suggests adding all of these steps to you CI engine, even if they are manual. Then you are reminded that a manual step has to take place to move to the next step.
  8. Developer centric The automated build is critical. It has to happen so often that there is no doubt that it must be automated, no matter how easy it is to do manually. No questions asked– automate the build first. Remember, we want to get a quick level of confidence that these changes represent a viable production candidate, and that the time and effort of running further tests and checks is warranted. Code is checked in. That triggers an automated build, unit tests, static analysis, and packaging for deploy. If everything passes, deploy to test. If not, back to coding.
  9. A deploy to test triggers a smoke tests, integration tests, one or more rounds of functional tests, regression tests, possibly more deploys and smoke tests, and finally acceptance tests. The developers have not shifted modes – work on the commit stage is still going on. Since we got through the early quality gates, we are confident that running these next sets of tests is worth while even if they take more time. But we can’t stop everything just to watch if the code gets through this next round of tests. The team is generally not waiting for this stage to pass before continuing work on other features, but will still make it a priority to resolve any problems that are found during this stage.
  10. We are confident we have a viable production candidate. This includes “packaging”, maybe marketing, documentation, other non-development-type stuff. These tests might be more expensive: time, effort, manual inspection, monopolizing an environment for an extended time, could be outsourcing to cloud (e.g., LoadStorm, Sauce Labs) or bringing in specialists (e.g., security) so it could be actual money. But no surprises, so we should already expect that these tests are going to succeed.
  11. List of funny comments in source code: “When I wrote this, only God and I understood what I was doing. Now, God only knows.” ― Karl Weierstrass, German mathematician that lived in the late 1800s
  12. No sense doing any other type of testing on the deployed system if we don’t know if the deployment was successful. How many times have you found all sorts of bugs, wondered how this code ever got out of development because it just doesn’t work, only to find out that a step in the deployment was left out or a configuration setting is wrong. You wasted all that time testing a defective product. Do just enough testing to be sure that further testing is justified.
  13. Often subjective for interpretation and/or evaluation. That means manual and that means it will take time. Testing for quality characteristics that do not map to functional requirements. Other non-functional requirements need to be tested on an entire system operating on a production-like environment http://www.stellman-greene.com/blog/wp-content/uploads/2009/10/jeez.-lady.png