SlideShare a Scribd company logo

Software Testing with Caipirinhas and Stroopwafels

Download as PPTX, PDF
Maurício Aniche
Maurício Aniche

In this presentation, I talk about different ways of testing your software that go beyond testing. Log analytics and DevOps, static analysis tools, automated test generation, mistakes in web API integration, and challenges in software testing education. I gave this talk to several Brazilian companies in December/2017.

Technology
1 of 84
Maurício Aniche m.f.aniche@tudelft.nl @mauricioaniche Software testing with caipirinhas and stroopwafels
🇳🇱 Jeroen Castelein 🇮🇷 Mozhan Soltani 🇮🇹 Annibale Panichella 🇳🇱 Joop Aué 🇳🇱 Maikel Lobbezoo 🇳🇱 Rick Wieman 🇳🇱 Sicco Verwer 🇳🇱 Felienne Hermans 🇮🇹 Davide Spadini🇮🇹 🇨🇭 Alberto Bacchelli 🇳🇱 Arie van DeursenKristín Fjóla 🇳🇱 Peter Evers
How to make sure your software works? Software testing! More: • Log analytics • Static analysis And more: • Test generation • Code review • Test code quality • Production code quality
Context: Payments Payment Provider
DEV OPS
One Billion Log Lines a Day: Monitoring using the ELK Stack • Logstash: Unify different logging sources • Elastic Search: Search and filter large log data • Kibana: Visual interactive dashboard Image credit: www.neteye-blog.com
Poll: Java Exceptions in a Payment System Your payment system in production generates 1 billion log lines per day. How many errors / warnings with exceptions do you expect to see? A. None. “We have a zero exception policy.” B. 1 Thousand. “Some exceptions are unavoidable.” C. 1 Million. “Most exceptions are harmless.” D. 1 Billion. “We only log errors and exceptions.” Adyen, Nov 2016: ~1,000,000 per day
Logness: Extract, Cluster, Tag • Extract features: • application name, class name, exception • Remove details: • literal numbers, (encryption) hashes • Cluster: • Same payment identifier in 15min window • Same features • longest common substring above threshold • Tag as severe, known (monitored, bug), and unknown Peter Evers, Maurício Aniche, Arie van Deursen, Maikel Lobbezoo. Finding Relevant Errors in Massive Payment Log Data. TU Delft, 2017, in preparation. 1,000,000 err log lines --> 250 exception clusters
Issues Found in Research Period First credit cards starting with 95 and with 19 digits: long overflow! Merchant configuration error. All payments stalled. Discovered before being noticed by merchant Firewall configuration problem: Server unreachable. Discovered before merchants were assigned to this server Server update incompatible with legacy point of sale terminals. Customer could buy, but merchant received no money. IOException triggered.
Complex API Integration • Payment APIs are complex • Integration faults are easily made • Merchant needs assistance with API usage • Merchant may not notice mistakes • 2.5M http error responses per month • What can we learn from them? 12
2.5M Errors to 69 Fault Cases FC12 Contract not found Replication latency. FC24 iDEAL communication error FC42 Invalid paRes from issuer FC1 ApplePay token amount-mismatch FC5 Billing address problem (Country 0) FC62 Unable to decrypt data FC14 Could not read XML stream. FC15 Couldn’t parse expiry year Joop Aué, Maurício Aniche, Arie van Deursen, Maikel Lobbezoo An Exploratory Study on Faults in Web API Integration in a Large-Scale Payment Company . TU Delft, 2017. Submitted.
11 Common Causes for API Error Reponses Integrators are definitely the main responsible for API integration problems!
API Integration Recommendations • API Consumer: • Actually handle all error codes returned by provider • API Producer: • Document which error codes can be returned under what circumstances • Offer easy-to-use test harness for integrations created by consumers • Make explicit which error codes are ‘retriable’ • Enrich returned error codes with actionable info (for consumer or end user) • Offer Error Dashboard for API consumer offering live insight in error handling • API Researcher: • Rethink API usability in this context
Payment Terminals Payment Provider
Point of sale terminal variability • Card brands • Card entry modes (chip, swipe, contactless) • Currency conversion • Loyalty points • Validation type (pin, signature) • Issuer responses (declined, insufficient balance) • Cancellations (shopper, merchant)
Passive learning Identifying system behavior from observations, and representing it in the smallest possible model. 20170101160001 Adyen version: ****** 20170101160002 Starting TX/amt=10001/currency=978 20170101160003 Starting EMV 20170101160004 EMV started 20170101160005 Magswipe opened 20170101160006 CTLS started 20170101160007 Transaction initialised 20170101160008 Run TX as EMV transaction 20170101160009 Application selected app:****** 20170101160010 read_application_data succeeded 20170101160011 data_authentication succeeded 20170101160012 validate 0 20170101160013 DCC rejected 20170101160014 terminal_risk_management succeeded 20170101160015 verify_card_holder succeeded 20170101160016 generate_first_ac succeeded 20170101160017 Authorizing online 20170101160018 Data returned by the host succeeded 20170101160019 Transaction authorized by card 20170101160020 Approved receipt printed 20170101160021 pos_result_code:APPROVED 20170101160022 Final status: Approved 20170101160001 Adyen version: ****** 20170101160002 Starting TX/amt=10001/currency=978 20170101160003 Starting EMV 20170101160004 EMV started 20170101160005 Magswipe opened 20170101160006 CTLS started 20170101160007 Transaction initialised 20170101160008 Run TX as EMV transaction 20170101160009 Application selected app:****** 20170101160010 read_application_data succeeded 20170101160011 data_authentication succeeded 20170101160012 validate 0 20170101160013 DCC rejected 20170101160014 terminal_risk_management succeeded 20170101160015 verify_card_holder succeeded 20170101160016 generate_first_ac succeeded 20170101160017 Authorizing online 20170101160018 Data returned by the host succeeded 20170101160019 Transaction authorized by card 20170101160020 Approved receipt printed 20170101160021 pos_result_code:APPROVED 20170101160022 Final status: Approved 20170101160001 Adyen version: ****** 20170101160002 Starting TX/amt=10001/currency=978 20170101160003 Starting EMV 20170101160004 EMV started 20170101160005 Magswipe opened 20170101160006 CTLS started 20170101160007 Transaction initialised 20170101160008 Run TX as EMV transaction 20170101160009 Application selected app:****** 20170101160010 read_application_data succeeded 20170101160011 data_authentication succeeded 20170101160012 validate 0 20170101160013 DCC rejected 20170101160014 terminal_risk_management succeeded 20170101160015 verify_card_holder succeeded 20170101160016 generate_first_ac succeeded 20170101160017 Authorizing online 20170101160018 Data returned by the host succeeded 20170101160019 Transaction authorized by card 20170101160020 Approved receipt printed 20170101160021 pos_result_code:APPROVED 20170101160022 Final status: Approved 20170101160001 Adyen version: ****** 20170101160002 Starting TX/amt=10001/currency=978 20170101160003 Starting EMV 20170101160004 EMV started 20170101160005 Magswipe opened 20170101160006 CTLS started 20170101160007 Transaction initialised 20170101160008 Run TX as EMV transaction 20170101160009 Application selected app:****** 20170101160010 read_application_data succeeded 20170101160011 data_authentication succeeded 20170101160012 validate 0 20170101160013 DCC rejected 20170101160014 terminal_risk_management succeeded 20170101160015 verify_card_holder succeeded 20170101160016 generate_first_ac succeeded 20170101160017 Authorizing online 20170101160018 Data returned by the host succeeded 20170101160019 Transaction authorized by card 20170101160020 Approved receipt printed 20170101160021 pos_result_code:APPROVED 20170101160022 Final status: Approved 20170101160001 Adyen version: ****** 20170101160002 Starting TX/amt=10001/currency=978 20170101160003 Starting EMV 20170101160004 EMV started 20170101160005 Magswipe opened 20170101160006 CTLS started 20170101160007 Transaction initialised 20170101160008 Run TX as EMV transaction 20170101160009 Application selected app:****** 20170101160010 read_application_data succeeded 20170101160011 data_authentication succeeded 20170101160012 validate 0 20170101160013 DCC rejected 20170101160014 terminal_risk_management succeeded 20170101160015 verify_card_holder succeeded 20170101160016 generate_first_ac succeeded 20170101160017 Authorizing online 20170101160018 Data returned by the host succeeded 20170101160019 Transaction authorized by card 20170101160020 Approved receipt printed 20170101160021 pos_result_code:APPROVED 20170101160022 Final status: Approved Rick Wieman, Maurício Aniche, Willem Lobbezoo, Sicco Verwer and Arie van Deursen. An Experience Report on Applying Passive Learning in a Large-Scale Payment Company. ICSME Industry Track, 2017 https://automatonlearning.net/ DFASAT / FlexFringe Heule & Verwer, ICGI 2010
Use Inferred Models to Analyze: Bugs in Test Phase • Terminal asked for PIN • AND asked for signature • Domain expert noted this unwanted behavior in inferred model. • Fixed before it went into production
Use Inferred Models to Analyze: Differences Between Card Brands Twice as many chip errors Informed merchant about issue.
Use Inferred Models to Analyze: Time out problems Timeout Improved performance under network instability by adding targeted retry mechanism
Log Analysis in Research 1. Abstraction Seeing the bigger picture 2. Detection Finding errors and anomalies 3. Enhancing More effective logging practices 4. Parsing Extracting message templates 5. Modeling Message ordering and protocols 6. Scaling Dealing with many many logs 7. Visualizing Put the eyes to use Joop Aué, Maurício Aniche, Arie van Deursen. Log Analysis from A-Z: A Literature Survey. TU Delft, 2017, in preparation. Identified 73 core papers. Venues: SIGOPS SOSP ACM TOCS Usenix WASL Usenix OSDI IEEE ISSRE ICSE
Testing can be hard… • Lack of testability. • Hard to think about all the corner cases. • You never know if your tests are good enough.
Fraser, Gordon, and Andrea Arcuri. "Evosuite: automatic test suite generation for object-oriented software." Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering. ACM, 2011.
SQL Query SELECT Name FROM Product WHERE Price > 20 Name Price Towel 15 Lawn mower 40 1kg Caviar 900 Coffee cup 1 Name Price Towel 15 Lawn mower 40 1kg Caviar 900 Coffee cup 1 Database Table: Product Output Name Lawn mower 1kg Caviar
Testing SQL Query SELECT Name FROM Product WHERE Price > 20 Name Price - 19 - 20 - 21 Test Database Table: Product Coverage Criterion 1. False Price = 19 2. Boundary Price = 20 3. True Price = 21
Testing SQL Query SELECT * FROM `account` LEFT JOIN `user` AS `assignedUser` ON account.assigned_user_id = assigneduser.id LEFT JOIN `user` AS `modifiedBy` ON account.modified_by_id = modifiedby.id LEFT JOIN `user` AS `createdBy` ON account.created_by_id = createdby.id LEFT JOIN `entity_email_address` AS `emailAddressesMiddle` ON account.id = emailaddressesmiddle.entity_id AND emailaddressesmiddle.deleted = '0' AND emailaddressesmiddle.primary = '1' AND emailaddressesmiddle.entity_type = 'Account' LEFT JOIN `email_address` AS `emailAddresses` ON emailaddresses.id = emailaddressesmiddle.email_address_id AND emailaddresses.deleted = '0' LEFT JOIN `entity_phone_number` AS `phoneNumbersMiddle` ON account.id = phonenumbersmiddle.entity_id AND phonenumbersmiddle.deleted = '0' AND phonenumbersmiddle.primary = '1' AND phonenumbersmiddle.entity_type = 'Account' LEFT JOIN `phone_number` AS `phoneNumbers` ON phonenumbers.id = phonenumbersmiddle.phone_number_id AND phonenumbers.deleted = '0' WHERE (( account.name LIKE 'Besha%' OR account.id IN (SELECT entity_id FROM entity_email_address JOIN email_address ON email_address.id = entity_email_address.email_address_id WHERE entity_email_address.deleted = 0 AND entity_email_address.entity_type = 'Account' AND email_address.deleted = 0 AND email_address.name LIKE 'Besha%') )) AND account.deleted = '0' x 42 Coverage Rules 
Other Approaches Coverage Rule Query SELECT Name FROM Product WHERE Price = 20 Column Constraints Name - Price = 20 Constraint Satisfaction Problem Coverage Rule Query SELECT Name FROM Product WHERE Price > 50 AND Price < 100 Column Constraints Name - Price > 50 and < 100 Constraint Satisfaction Problem
Limitations Subqueries SELECT Name FROM Product WHERE Price < (SELECT MAX(Price) FROM UserPrice WHERE UserId = 1) String Constraints SELECT Price FROM Product WHERE Name = ‘Towel’ OR Name LIKE ‘%Caviar%’ 84% of our evaluation
Using a Database Query ”detailed execution” log
Using a Database Target Query SELECT Name FROM Product WHERE Price = 20 Name Price Towel 15 Coffee 4 Table: Product Dataset 1 Name Price Caviar 900 Table: Product Dataset 2 Fitness value: 5 880 > 20 - 15 900 - 20
Using a Database Target Query SELECT Name FROM Product WHERE Price = 20 Name Price Towel 20 Coffee 4 Table: Product Dataset 1 Fitness value: 0 20 - 20
Using a Database LEFT JOIN RIGHT JOIN INNER JOIN GROUP BY EXISTS HAVING WHERE LIKE MAX SUM IN NOT >= <> <= OR COUNT
MC/DC Coverage on SQL Queries Javier Tuya, Maria Suarez-Cabal and Claudio de la Riva. Full predicate coverage for testing SQL database queries. Software Testing, Verification and Reliability, 2010.
Genetic Algorithm Initialization Fitness Calculations Terminate? Selection Crossover Mutation Elitism Yes No
Initialization Coverage Rule Query SELECT Name FROM Product WHERE Price = 20 Name Price af08u4 -5461 1ruhaev 491 Table: Product Random Individual Name Price af08u4 20 1ruhaev 491 Table: Product Seeded Individual
Crossover Name Price Towel 15Parent 1 Name Cat Coffee Drinks Name Price Coffee 4 Parent 2 Name Cat Glass Food T1 T2 T1 T2 Name Price Towel 15Offspring 1 Name Cat Coffee Drinks Name Price Coffee 4 Offspring 2 Name Cat Glass Food T1 T2 T1 T2
Mutation – Add Name Price Towel 15 Caviar 400 Table: Product Name Price Towel 15 Caviar 400 Nail -23 Table: Product
Mutation – Duplicate Name Price Towel 15 Caviar 400 Table: Product Name Price Towel 15 Caviar 400 Towel 15 Table: Product
Mutation – Remove Name Price Towel 15 Caviar 400 Table: Product Name Price Towel 15 Table: Product
Mutation – Change Name Price Towel 15 Caviar 400 Table: Product Name Price Towul 15 Caviar 400 Table: Product
Mutation – Seeded Change Name Price Towel 15 Caviar 400 Table: Product Name Price Coffee 15 Caviar 400 Table: Product Coverage Rule Query SELECT Price FROM Product WHERE Name = ‘Coffee’
EvoSQL EvoSQL SQLFpc Test Data Query Database Schema Coverage Rules Jeroen Castelein, Maurício Aniche, Mozhan Soltani, Annibale Panicchella, Arie Van Deursen Search-Based Test Data Generation for SQL Queries. ICSE 2018.
Study Context 2,135 queries / 4 systems: • Alura, e-learning platform • EspoCRM, open source software for customer relations • SuiteCRM, open source software for customer relations • ERPNext, open source resource planning software for enterprises.
Study Context Coverage Rules 1-2 3-4 5-6 7-8 9-10 11-15 16-20 21+ # Queries 656 382 408 346 114 107 51 71 84%
EvoSQL Evaluation Outcomes • 100% of targets covered for 98% of the queries • On average 86% covered for the remaining 2% • Usually within seconds • Outperforms biased and random alternatives: • Biased random can handle 90% of simple queries (< 10 rules) • Biased random often finds no solution for complex queries (10+ rules)
Developers love and hate linters!
Configurations ESLint output
oWhat do developers expect from such tools? Why do they use them? oHow do they configure such flexible tools? oWhat challenges do developer face? Kristín Fjóla Tómasdóttir, Maurício Aniche, Arie Van Deursen. Why and How JavaScript Developers Use Linters. ASE 2017. The Adoption of JavaScript Linters. TU Delft. In preparation.
Interviewing Developers Goal - Reasons for using a linter - Methods to configure a linter - Challenges Method - Grounded Theory - 13 questions Data - 15 developers - Top 120 JS GitHub projects 52
Data - 86,366 JavaScript projects - 9,548 ESLint configuration files Analyzing Configuration Files Goal - Prevalence of configurations - Most common rules Method - GHTorrent & Google BigQuery - Tool to parse files
Surveying Developers Goal - Reasons for using a linter - Methods to configure - Most important rules - Challenges Method - Questionnaire - Open and closed questions - Distributed in JS communities Data - 337 responses - Reddit, Echo JS, Facebook, Twitter
Why Developers Use Linters
Importance of the different rules 1. Stylistic Issues 2. Best Practices 3. Variables 4. Possible Errors 5. Node.js & CommonJS 6. ECMAScript 6 7. Strict Mode 1. Possible Errors 92.5% 2. Best Practices 89% 3. ECMAScript 6 86.7% 4. Variables 86,4% 5. Stylistic Issues 78.2% 6. Node.js & CommonJS 62.6% 7. Strict Mode 57.8%
Stylistic Issues quotes 60.6% semi 48.1% indent 43.3% How Developers Configure Linters
Possible Errors no-dupe-keys 39.2% no-unreachable 37.2% How Developers Configure Linters
Best Practices eqeqeq 42.7% no-eval 36.9% How Developers Configure Linters
How Developers Configure Linters Variables no-undef 40.6% no-unused-vars 40.3%
What Challenges Developers Face
To Mock or Not To Mock?
http://www.mauricioaniche.com/2014/06/mockar-ou-nao-mockar/
When to mock? • Infrastructure is often mocked. • There was no clear trend on domain objects. • Complicated classes are mocked. • Classes that are too coupled are mocked. Davide Spadini, M. Finavaro Aniche, Magiel Bruntink, Alberto Bacchelli. To Mock or Not To Mock? An Empirical Study on Mocking Practices. MSR 2017. Mock Objects For Testing Java Systems: Why and How Developers Use Them, and How They Evolve. EMSE. In submission.
Mocks are introduced from the very beginning of the test class! Davide Spadini, M. Finavaro Aniche, Magiel Bruntink, Alberto Bacchelli. To Mock or Not To Mock? An Empirical Study on Mocking Practices. MSR 2017. Mock Objects For Testing Java Systems: Why and How Developers Use Them, and How They Evolve. EMSE. In submission.
Challenges • Dealing with coupling • Mocking in legacy systems • Non-testable/Hard-to-test classes • Untestable dependencies Davide Spadini, M. Finavaro Aniche, Magiel Bruntink, Alberto Bacchelli. To Mock or Not To Mock? An Empirical Study on Mocking Practices. MSR 2017. Mock Objects For Testing Java Systems: Why and How Developers Use Them, and How They Evolve. EMSE. In submission.
50% of changes in a mock occur because the production code changed! Coupling is strong! Davide Spadini, M. Finavaro Aniche, Magiel Bruntink, Alberto Bacchelli. To Mock or Not To Mock? An Empirical Study on Mocking Practices. MSR 2017. Mock Objects For Testing Java Systems: Why and How Developers Use Them, and How They Evolve. EMSE. In submission.
ATTENTION: THE MOST IMPORTANT LESSON ABOUT WRITING AUTOMATED UNIT TESTS IS ABOUT TO COME!
There’s a correlation between a complex code and a hard-to-test code. Aniche, M., Gerosa, M. “Does test-driven development improve class design? A qualitative study on developers’ perceptions”. Journal of the Brazilian Computer Society.2015, 21:15. Bruntink, Magiel, and Arie Van Deursen. "Predicting class testability using object-oriented metrics." Fourth IEEE International Workshop on Source Code Analysis and Manipulation, 2004.
https://www.facebook.com/notes/kent-beck/unit-tests/1726369154062608/
How I (Maurício) do the trade-off Unit tests Integration tests System tests Manual All business rules should be tested here. Avoid at all cost. But do it when needed. Complex integrations with external services. Main/Risky flow of the app tested. You will come up with your own way of thinking!
It’s your job to decide the best test to write!
A catalogue of patterns For Web Testing Fixture API ID in HTML Move Fast, Move Slow … Aniche, M., Guerra, E., Gerosa, M. “A Set of Patterns to Improve Code Quality of Automated Functional Tests of Web Applications”. 21th Conference on Pattern Languages of Programs. 2014.
Code review in test files! Test files are almost 2 times less likely to be discussed during code review when reviewed together with production files!! Davide Spadini, Maurício Aniche, Magiel Bruntink, Margaret-Anne Storey, Alberto Bacchelli. When Testing Meets Code Review: Why and How Developers Review Tests. ICSE 2018.
Code review in test files! Little on finding more bugs! Davide Spadini, Maurício Aniche, Magiel Bruntink, Margaret-Anne Storey, Alberto Bacchelli. When Testing Meets Code Review: Why and How Developers Review Tests. ICSE 2018.
A main concern of reviewers is understanding whether the test covers all the paths of the production code and to ensure tests’ maintainability and readability. Lack of good tooling support!
Learn software testing is challenging!
Common mistakes Maurício Aniche, Felienne Hermans, Arie van Deursen. An Exploratory Study on Challenges in Software Testing Education. TU Delft. In submission. • Test coverage (20.87%) • Maintainability of test code (20.42%) • Understanding test concepts (15.35%) • Boundary testing (12.95%) • State-based testing (12.39%) • Assertions (8.93%) • Mock Objects (5.87%) • Tools (4.21%)
Difficult topics Maurício Aniche, Felienne Hermans, Arie van Deursen. An Exploratory Study on Challenges in Software Testing Education. TU Delft. In submission.
How to Learn? Maurício Aniche, Felienne Hermans, Arie van Deursen. An Exploratory Study on Challenges in Software Testing Education. TU Delft. In submission. Peopledonotlikebooksandpapers…
Challenges Maurício Aniche, Felienne Hermans, Arie van Deursen. An Exploratory Study on Challenges in Software Testing Education. TU Delft. In submission. • Apply tools and techniques for the first time. • How, what, and how much to test. • Understanding the system under test. • Motivation and experience. • Software testing theory. • Testability mindset.
The majority of projects and users [from 416 participants and 1,337,872 intervals] do not practice testing actively. We should change it. Moritz Beller, Georgios Gousios, Annibale Panichella, Andy Zaidman. When, How, and Why Developers (Do Not) Test in Their IDEs. FSE 2015.
Topics we discussed today! • Log Analytics and DevOps • Web API integration mistakes • Testing SQL queries • To Mock or Not To Mock? • Code review in test files • Challenges in learning software testing Maurício Aniche (m.f.aniche@tudelft.nl / @mauricioaniche)

Recommended

Paypal Tutorial: How to Open and Set- Up Your Account
Paypal Tutorial: How to Open and Set- Up Your AccountPaypal Tutorial: How to Open and Set- Up Your Account
Paypal Tutorial: How to Open and Set- Up Your AccountRea A.
 
Payment card for dummies sddc presentation @buet
Payment card for dummies sddc presentation @buetPayment card for dummies sddc presentation @buet
Payment card for dummies sddc presentation @buetSaidur Sujon
 
Tracing Back Log Data to its Log Statement: From Research to Practice
Tracing Back Log Data to its Log Statement: From Research to PracticeTracing Back Log Data to its Log Statement: From Research to Practice
Tracing Back Log Data to its Log Statement: From Research to PracticeMaurício Aniche
 
KPIs & Metrics - Innlab RM 2013
KPIs & Metrics - Innlab RM 2013KPIs & Metrics - Innlab RM 2013
KPIs & Metrics - Innlab RM 2013matteopanfilo
 
Safex pay wl-pg-presentation
Safex pay wl-pg-presentationSafex pay wl-pg-presentation
Safex pay wl-pg-presentationNeha Sahay
 
Best Cash Application Automation Software for Europe, Process, Benefits | Emagia
Best Cash Application Automation Software for Europe, Process, Benefits | EmagiaBest Cash Application Automation Software for Europe, Process, Benefits | Emagia
Best Cash Application Automation Software for Europe, Process, Benefits | EmagiaEmagia
 
figo Banking API: A Banking Service Provider for FinTech Startups
figo Banking API: A Banking Service Provider for FinTech Startupsfigo Banking API: A Banking Service Provider for FinTech Startups
figo Banking API: A Banking Service Provider for FinTech StartupsLars Markull
 
INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17
INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17 INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17
INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17 Alessandra Gambrill - Guion
 

Recommended

Paypal Tutorial: How to Open and Set- Up Your Account
Paypal Tutorial: How to Open and Set- Up Your AccountPaypal Tutorial: How to Open and Set- Up Your Account
Paypal Tutorial: How to Open and Set- Up Your AccountRea A.
 
Payment card for dummies sddc presentation @buet
Payment card for dummies sddc presentation @buetPayment card for dummies sddc presentation @buet
Payment card for dummies sddc presentation @buetSaidur Sujon
 
Tracing Back Log Data to its Log Statement: From Research to Practice
Tracing Back Log Data to its Log Statement: From Research to PracticeTracing Back Log Data to its Log Statement: From Research to Practice
Tracing Back Log Data to its Log Statement: From Research to PracticeMaurício Aniche
 
KPIs & Metrics - Innlab RM 2013
KPIs & Metrics - Innlab RM 2013KPIs & Metrics - Innlab RM 2013
KPIs & Metrics - Innlab RM 2013matteopanfilo
 
Safex pay wl-pg-presentation
Safex pay wl-pg-presentationSafex pay wl-pg-presentation
Safex pay wl-pg-presentationNeha Sahay
 
Best Cash Application Automation Software for Europe, Process, Benefits | Emagia
Best Cash Application Automation Software for Europe, Process, Benefits | EmagiaBest Cash Application Automation Software for Europe, Process, Benefits | Emagia
Best Cash Application Automation Software for Europe, Process, Benefits | EmagiaEmagia
 
figo Banking API: A Banking Service Provider for FinTech Startups
figo Banking API: A Banking Service Provider for FinTech Startupsfigo Banking API: A Banking Service Provider for FinTech Startups
figo Banking API: A Banking Service Provider for FinTech StartupsLars Markull
 
INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17
INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17 INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17
INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17 Alessandra Gambrill - Guion
 
Online payments and Security Gateways
Online payments and Security Gateways Online payments and Security Gateways
Online payments and Security Gateways Sarujan Chandrakumaran
 
Successful Cashless Societies and how the rest are set to Emulate this Model ...
Successful Cashless Societies and how the rest are set to Emulate this Model ...Successful Cashless Societies and how the rest are set to Emulate this Model ...
Successful Cashless Societies and how the rest are set to Emulate this Model ...Shift Conference
 
Reducing complexity of cash app in europe with ai
Reducing complexity of cash app in europe with aiReducing complexity of cash app in europe with ai
Reducing complexity of cash app in europe with aiEmagia
 
eDocs for Brokers Presentation
eDocs for Brokers PresentationeDocs for Brokers Presentation
eDocs for Brokers PresentationWendy Watson
 
An Experience Report on Applying Passive Learning in a Large-Scale Payment Co...
An Experience Report on Applying Passive Learning in a Large-Scale Payment Co...An Experience Report on Applying Passive Learning in a Large-Scale Payment Co...
An Experience Report on Applying Passive Learning in a Large-Scale Payment Co...Rick Wieman
 
Know The Reason Why eCheck Payment Processing Is Rising
Know The Reason Why eCheck Payment Processing Is RisingKnow The Reason Why eCheck Payment Processing Is Rising
Know The Reason Why eCheck Payment Processing Is RisingPaycron
 
Supplier Payment Optimization Part 2
Supplier Payment Optimization Part 2Supplier Payment Optimization Part 2
Supplier Payment Optimization Part 2EML Payments
 
Mobile Convention Brussels 2014 - Filip Gossele
Mobile Convention Brussels 2014 - Filip GosseleMobile Convention Brussels 2014 - Filip Gossele
Mobile Convention Brussels 2014 - Filip GosseleMobile Convention
 
Reduce lockbox fees with data capture ai
Reduce lockbox fees with data capture aiReduce lockbox fees with data capture ai
Reduce lockbox fees with data capture aiEmagia
 
Deliver solutions cv_vebtech
Deliver solutions cv_vebtechDeliver solutions cv_vebtech
Deliver solutions cv_vebtechSvetlanaUsikava
 
Safex pay avantgarde -presentation
Safex pay avantgarde -presentationSafex pay avantgarde -presentation
Safex pay avantgarde -presentationNeha Sahay
 
INTERFACE, by apidays - The UK Open Banking Story
INTERFACE, by apidays - The UK Open Banking StoryINTERFACE, by apidays - The UK Open Banking Story
INTERFACE, by apidays - The UK Open Banking Storyapidays
 
Tenant Online Payments
Tenant Online Payments Tenant Online Payments
Tenant Online Payments AppFolio
 
Microix Requisition Module for Abila MIP
Microix Requisition Module for Abila MIPMicroix Requisition Module for Abila MIP
Microix Requisition Module for Abila MIPNet at Work
 
Core4voip Billing Android
Core4voip Billing AndroidCore4voip Billing Android
Core4voip Billing AndroidRaiful Hasan
 
Dmtm --final
Dmtm --finalDmtm --final
Dmtm --finalRima Dave
 
Modernizing cash application with the 3A's automation analytics and AI
Modernizing cash application with the 3A's automation analytics and AIModernizing cash application with the 3A's automation analytics and AI
Modernizing cash application with the 3A's automation analytics and AIEmagia
 
7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / Webinar7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / WebinarIngenico Group
 
Security and Authentication at a Low Cost
Security and Authentication at a Low CostSecurity and Authentication at a Low Cost
Security and Authentication at a Low CostDonald Malloy
 
IBM Payments Gateway
IBM Payments GatewayIBM Payments Gateway
IBM Payments GatewayKillian Delaney
 
Can ML help software developers? (TEQnation 2022)
Can ML help software developers? (TEQnation 2022)Can ML help software developers? (TEQnation 2022)
Can ML help software developers? (TEQnation 2022)Maurício Aniche
 
Pragmatic software testing education - SIGCSE 2019
Pragmatic software testing education - SIGCSE 2019Pragmatic software testing education - SIGCSE 2019
Pragmatic software testing education - SIGCSE 2019Maurício Aniche
 

More Related Content

Similar to Software Testing with Caipirinhas and Stroopwafels

Online payments and Security Gateways
Online payments and Security Gateways Online payments and Security Gateways
Online payments and Security Gateways Sarujan Chandrakumaran
 
Successful Cashless Societies and how the rest are set to Emulate this Model ...
Successful Cashless Societies and how the rest are set to Emulate this Model ...Successful Cashless Societies and how the rest are set to Emulate this Model ...
Successful Cashless Societies and how the rest are set to Emulate this Model ...Shift Conference
 
Reducing complexity of cash app in europe with ai
Reducing complexity of cash app in europe with aiReducing complexity of cash app in europe with ai
Reducing complexity of cash app in europe with aiEmagia
 
eDocs for Brokers Presentation
eDocs for Brokers PresentationeDocs for Brokers Presentation
eDocs for Brokers PresentationWendy Watson
 
An Experience Report on Applying Passive Learning in a Large-Scale Payment Co...
An Experience Report on Applying Passive Learning in a Large-Scale Payment Co...An Experience Report on Applying Passive Learning in a Large-Scale Payment Co...
An Experience Report on Applying Passive Learning in a Large-Scale Payment Co...Rick Wieman
 
Know The Reason Why eCheck Payment Processing Is Rising
Know The Reason Why eCheck Payment Processing Is RisingKnow The Reason Why eCheck Payment Processing Is Rising
Know The Reason Why eCheck Payment Processing Is RisingPaycron
 
Supplier Payment Optimization Part 2
Supplier Payment Optimization Part 2Supplier Payment Optimization Part 2
Supplier Payment Optimization Part 2EML Payments
 
Mobile Convention Brussels 2014 - Filip Gossele
Mobile Convention Brussels 2014 - Filip GosseleMobile Convention Brussels 2014 - Filip Gossele
Mobile Convention Brussels 2014 - Filip GosseleMobile Convention
 
Reduce lockbox fees with data capture ai
Reduce lockbox fees with data capture aiReduce lockbox fees with data capture ai
Reduce lockbox fees with data capture aiEmagia
 
Deliver solutions cv_vebtech
Deliver solutions cv_vebtechDeliver solutions cv_vebtech
Deliver solutions cv_vebtechSvetlanaUsikava
 
Safex pay avantgarde -presentation
Safex pay avantgarde -presentationSafex pay avantgarde -presentation
Safex pay avantgarde -presentationNeha Sahay
 
INTERFACE, by apidays - The UK Open Banking Story
INTERFACE, by apidays - The UK Open Banking StoryINTERFACE, by apidays - The UK Open Banking Story
INTERFACE, by apidays - The UK Open Banking Storyapidays
 
Tenant Online Payments
Tenant Online Payments Tenant Online Payments
Tenant Online Payments AppFolio
 
Microix Requisition Module for Abila MIP
Microix Requisition Module for Abila MIPMicroix Requisition Module for Abila MIP
Microix Requisition Module for Abila MIPNet at Work
 
Core4voip Billing Android
Core4voip Billing AndroidCore4voip Billing Android
Core4voip Billing AndroidRaiful Hasan
 
Dmtm --final
Dmtm --finalDmtm --final
Dmtm --finalRima Dave
 
Modernizing cash application with the 3A's automation analytics and AI
Modernizing cash application with the 3A's automation analytics and AIModernizing cash application with the 3A's automation analytics and AI
Modernizing cash application with the 3A's automation analytics and AIEmagia
 
7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / Webinar7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / WebinarIngenico Group
 
Security and Authentication at a Low Cost
Security and Authentication at a Low CostSecurity and Authentication at a Low Cost
Security and Authentication at a Low CostDonald Malloy
 

Similar to Software Testing with Caipirinhas and Stroopwafels (20)

Online payments and Security Gateways
Online payments and Security Gateways Online payments and Security Gateways
Online payments and Security Gateways
 
Successful Cashless Societies and how the rest are set to Emulate this Model ...
Successful Cashless Societies and how the rest are set to Emulate this Model ...Successful Cashless Societies and how the rest are set to Emulate this Model ...
Successful Cashless Societies and how the rest are set to Emulate this Model ...
 
Reducing complexity of cash app in europe with ai
Reducing complexity of cash app in europe with aiReducing complexity of cash app in europe with ai
Reducing complexity of cash app in europe with ai
 
eDocs for Brokers Presentation
eDocs for Brokers PresentationeDocs for Brokers Presentation
eDocs for Brokers Presentation
 
An Experience Report on Applying Passive Learning in a Large-Scale Payment Co...
An Experience Report on Applying Passive Learning in a Large-Scale Payment Co...An Experience Report on Applying Passive Learning in a Large-Scale Payment Co...
An Experience Report on Applying Passive Learning in a Large-Scale Payment Co...
 
Know The Reason Why eCheck Payment Processing Is Rising
Know The Reason Why eCheck Payment Processing Is RisingKnow The Reason Why eCheck Payment Processing Is Rising
Know The Reason Why eCheck Payment Processing Is Rising
 
Supplier Payment Optimization Part 2
Supplier Payment Optimization Part 2Supplier Payment Optimization Part 2
Supplier Payment Optimization Part 2
 
Mobile Convention Brussels 2014 - Filip Gossele
Mobile Convention Brussels 2014 - Filip GosseleMobile Convention Brussels 2014 - Filip Gossele
Mobile Convention Brussels 2014 - Filip Gossele
 
Reduce lockbox fees with data capture ai
Reduce lockbox fees with data capture aiReduce lockbox fees with data capture ai
Reduce lockbox fees with data capture ai
 
Deliver solutions cv_vebtech
Deliver solutions cv_vebtechDeliver solutions cv_vebtech
Deliver solutions cv_vebtech
 
Safex pay avantgarde -presentation
Safex pay avantgarde -presentationSafex pay avantgarde -presentation
Safex pay avantgarde -presentation
 
INTERFACE, by apidays - The UK Open Banking Story
INTERFACE, by apidays - The UK Open Banking StoryINTERFACE, by apidays - The UK Open Banking Story
INTERFACE, by apidays - The UK Open Banking Story
 
Tenant Online Payments
Tenant Online Payments Tenant Online Payments
Tenant Online Payments
 
Microix Requisition Module for Abila MIP
Microix Requisition Module for Abila MIPMicroix Requisition Module for Abila MIP
Microix Requisition Module for Abila MIP
 
Core4voip Billing Android
Core4voip Billing AndroidCore4voip Billing Android
Core4voip Billing Android
 
Dmtm --final
Dmtm --finalDmtm --final
Dmtm --final
 
Modernizing cash application with the 3A's automation analytics and AI
Modernizing cash application with the 3A's automation analytics and AIModernizing cash application with the 3A's automation analytics and AI
Modernizing cash application with the 3A's automation analytics and AI
 
7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / Webinar7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / Webinar
 
Security and Authentication at a Low Cost
Security and Authentication at a Low CostSecurity and Authentication at a Low Cost
Security and Authentication at a Low Cost
 
IBM Payments Gateway
IBM Payments GatewayIBM Payments Gateway
IBM Payments Gateway
 

More from Maurício Aniche

Can ML help software developers? (TEQnation 2022)
Can ML help software developers? (TEQnation 2022)Can ML help software developers? (TEQnation 2022)
Can ML help software developers? (TEQnation 2022)Maurício Aniche
 
Pragmatic software testing education - SIGCSE 2019
Pragmatic software testing education - SIGCSE 2019Pragmatic software testing education - SIGCSE 2019
Pragmatic software testing education - SIGCSE 2019Maurício Aniche
 
Code smells in MVC applications (Dutch Spring meetup)
Code smells in MVC applications (Dutch Spring meetup)Code smells in MVC applications (Dutch Spring meetup)
Code smells in MVC applications (Dutch Spring meetup)Maurício Aniche
 
A Collaborative Approach to Teach Software Architecture - SIGCSE 2017
A Collaborative Approach to Teach Software Architecture - SIGCSE 2017A Collaborative Approach to Teach Software Architecture - SIGCSE 2017
A Collaborative Approach to Teach Software Architecture - SIGCSE 2017Maurício Aniche
 
Code quality in MVC systems - BENEVOL 2016
Code quality in MVC systems - BENEVOL 2016Code quality in MVC systems - BENEVOL 2016
Code quality in MVC systems - BENEVOL 2016Maurício Aniche
 
A Validated Set of Smells for MVC Architectures - ICSME 2016
A Validated Set of Smells for MVC Architectures - ICSME 2016A Validated Set of Smells for MVC Architectures - ICSME 2016
A Validated Set of Smells for MVC Architectures - ICSME 2016Maurício Aniche
 
SATT: Tailoring Code Metric Thresholds for Different Software Architectures (...
SATT: Tailoring Code Metric Thresholds for Different Software Architectures (...SATT: Tailoring Code Metric Thresholds for Different Software Architectures (...
SATT: Tailoring Code Metric Thresholds for Different Software Architectures (...Maurício Aniche
 
DNAD 2015 - Métricas de código, pra que te quero?
DNAD 2015 - Métricas de código, pra que te quero?DNAD 2015 - Métricas de código, pra que te quero?
DNAD 2015 - Métricas de código, pra que te quero?Maurício Aniche
 
Como eu aprendi que testar software é importante?
Como eu aprendi que testar software é importante?Como eu aprendi que testar software é importante?
Como eu aprendi que testar software é importante?Maurício Aniche
 
Proposta: Métricas e Heurísticas para Detecção de Problemas em Aplicações Web
Proposta: Métricas e Heurísticas para Detecção de Problemas em Aplicações WebProposta: Métricas e Heurísticas para Detecção de Problemas em Aplicações Web
Proposta: Métricas e Heurísticas para Detecção de Problemas em Aplicações WebMaurício Aniche
 
Efeitos da Prática de Revisão de Código na Caelum: Um Estudo Preliminar em Du...
Efeitos da Prática de Revisão de Código na Caelum: Um Estudo Preliminar em Du...Efeitos da Prática de Revisão de Código na Caelum: Um Estudo Preliminar em Du...
Efeitos da Prática de Revisão de Código na Caelum: Um Estudo Preliminar em Du...Maurício Aniche
 
Test-Driven Development serve pra mim?
Test-Driven Development serve pra mim?Test-Driven Development serve pra mim?
Test-Driven Development serve pra mim?Maurício Aniche
 
O que estamos temos feito com mineração de repositório de código no IME?
O que estamos temos feito com mineração de repositório de código no IME?O que estamos temos feito com mineração de repositório de código no IME?
O que estamos temos feito com mineração de repositório de código no IME?Maurício Aniche
 
MetricMiner: Supporting Researchers in Mining Software Repositories - SCAM 2013
MetricMiner: Supporting Researchers in Mining Software Repositories - SCAM 2013MetricMiner: Supporting Researchers in Mining Software Repositories - SCAM 2013
MetricMiner: Supporting Researchers in Mining Software Repositories - SCAM 2013Maurício Aniche
 
Does the Act of Refactoring Really Make Code Simpler? A Preliminary Study - W...
Does the Act of Refactoring Really Make Code Simpler? A Preliminary Study - W...Does the Act of Refactoring Really Make Code Simpler? A Preliminary Study - W...
Does the Act of Refactoring Really Make Code Simpler? A Preliminary Study - W...Maurício Aniche
 
Minicurso sobre Evolução de Software no CBSoft 2011
Minicurso sobre Evolução de Software no CBSoft 2011Minicurso sobre Evolução de Software no CBSoft 2011
Minicurso sobre Evolução de Software no CBSoft 2011Maurício Aniche
 
MTD2014 - Are The Methods In Your DAOs in the Right Place? A Preliminary Study
MTD2014 - Are The Methods In Your DAOs in the Right Place? A Preliminary StudyMTD2014 - Are The Methods In Your DAOs in the Right Place? A Preliminary Study
MTD2014 - Are The Methods In Your DAOs in the Right Place? A Preliminary StudyMaurício Aniche
 
[TDC 2014] Métricas de código, pra que te quero?
[TDC 2014] Métricas de código, pra que te quero?[TDC 2014] Métricas de código, pra que te quero?
[TDC 2014] Métricas de código, pra que te quero?Maurício Aniche
 
Code coverage for MSR Researches [Work in Progress]
Code coverage for MSR Researches [Work in Progress]Code coverage for MSR Researches [Work in Progress]
Code coverage for MSR Researches [Work in Progress]Maurício Aniche
 

More from Maurício Aniche (20)

Can ML help software developers? (TEQnation 2022)
Can ML help software developers? (TEQnation 2022)Can ML help software developers? (TEQnation 2022)
Can ML help software developers? (TEQnation 2022)
 
Pragmatic software testing education - SIGCSE 2019
Pragmatic software testing education - SIGCSE 2019Pragmatic software testing education - SIGCSE 2019
Pragmatic software testing education - SIGCSE 2019
 
Test Automation Day 2018
Test Automation Day 2018Test Automation Day 2018
Test Automation Day 2018
 
Code smells in MVC applications (Dutch Spring meetup)
Code smells in MVC applications (Dutch Spring meetup)Code smells in MVC applications (Dutch Spring meetup)
Code smells in MVC applications (Dutch Spring meetup)
 
A Collaborative Approach to Teach Software Architecture - SIGCSE 2017
A Collaborative Approach to Teach Software Architecture - SIGCSE 2017A Collaborative Approach to Teach Software Architecture - SIGCSE 2017
A Collaborative Approach to Teach Software Architecture - SIGCSE 2017
 
Code quality in MVC systems - BENEVOL 2016
Code quality in MVC systems - BENEVOL 2016Code quality in MVC systems - BENEVOL 2016
Code quality in MVC systems - BENEVOL 2016
 
A Validated Set of Smells for MVC Architectures - ICSME 2016
A Validated Set of Smells for MVC Architectures - ICSME 2016A Validated Set of Smells for MVC Architectures - ICSME 2016
A Validated Set of Smells for MVC Architectures - ICSME 2016
 
SATT: Tailoring Code Metric Thresholds for Different Software Architectures (...
SATT: Tailoring Code Metric Thresholds for Different Software Architectures (...SATT: Tailoring Code Metric Thresholds for Different Software Architectures (...
SATT: Tailoring Code Metric Thresholds for Different Software Architectures (...
 
DNAD 2015 - Métricas de código, pra que te quero?
DNAD 2015 - Métricas de código, pra que te quero?DNAD 2015 - Métricas de código, pra que te quero?
DNAD 2015 - Métricas de código, pra que te quero?
 
Como eu aprendi que testar software é importante?
Como eu aprendi que testar software é importante?Como eu aprendi que testar software é importante?
Como eu aprendi que testar software é importante?
 
Proposta: Métricas e Heurísticas para Detecção de Problemas em Aplicações Web
Proposta: Métricas e Heurísticas para Detecção de Problemas em Aplicações WebProposta: Métricas e Heurísticas para Detecção de Problemas em Aplicações Web
Proposta: Métricas e Heurísticas para Detecção de Problemas em Aplicações Web
 
Efeitos da Prática de Revisão de Código na Caelum: Um Estudo Preliminar em Du...
Efeitos da Prática de Revisão de Código na Caelum: Um Estudo Preliminar em Du...Efeitos da Prática de Revisão de Código na Caelum: Um Estudo Preliminar em Du...
Efeitos da Prática de Revisão de Código na Caelum: Um Estudo Preliminar em Du...
 
Test-Driven Development serve pra mim?
Test-Driven Development serve pra mim?Test-Driven Development serve pra mim?
Test-Driven Development serve pra mim?
 
O que estamos temos feito com mineração de repositório de código no IME?
O que estamos temos feito com mineração de repositório de código no IME?O que estamos temos feito com mineração de repositório de código no IME?
O que estamos temos feito com mineração de repositório de código no IME?
 
MetricMiner: Supporting Researchers in Mining Software Repositories - SCAM 2013
MetricMiner: Supporting Researchers in Mining Software Repositories - SCAM 2013MetricMiner: Supporting Researchers in Mining Software Repositories - SCAM 2013
MetricMiner: Supporting Researchers in Mining Software Repositories - SCAM 2013
 
Does the Act of Refactoring Really Make Code Simpler? A Preliminary Study - W...
Does the Act of Refactoring Really Make Code Simpler? A Preliminary Study - W...Does the Act of Refactoring Really Make Code Simpler? A Preliminary Study - W...
Does the Act of Refactoring Really Make Code Simpler? A Preliminary Study - W...
 
Minicurso sobre Evolução de Software no CBSoft 2011
Minicurso sobre Evolução de Software no CBSoft 2011Minicurso sobre Evolução de Software no CBSoft 2011
Minicurso sobre Evolução de Software no CBSoft 2011
 
MTD2014 - Are The Methods In Your DAOs in the Right Place? A Preliminary Study
MTD2014 - Are The Methods In Your DAOs in the Right Place? A Preliminary StudyMTD2014 - Are The Methods In Your DAOs in the Right Place? A Preliminary Study
MTD2014 - Are The Methods In Your DAOs in the Right Place? A Preliminary Study
 
[TDC 2014] Métricas de código, pra que te quero?
[TDC 2014] Métricas de código, pra que te quero?[TDC 2014] Métricas de código, pra que te quero?
[TDC 2014] Métricas de código, pra que te quero?
 
Code coverage for MSR Researches [Work in Progress]
Code coverage for MSR Researches [Work in Progress]Code coverage for MSR Researches [Work in Progress]
Code coverage for MSR Researches [Work in Progress]
 

Recently uploaded

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 

Recently uploaded (20)

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 

Software Testing with Caipirinhas and Stroopwafels

  • 2.
  • 3.
  • 4. 🇳🇱 Jeroen Castelein 🇮🇷 Mozhan Soltani 🇮🇹 Annibale Panichella 🇳🇱 Joop Aué 🇳🇱 Maikel Lobbezoo 🇳🇱 Rick Wieman 🇳🇱 Sicco Verwer 🇳🇱 Felienne Hermans 🇮🇹 Davide Spadini🇮🇹 🇨🇭 Alberto Bacchelli 🇳🇱 Arie van DeursenKristín Fjóla 🇳🇱 Peter Evers
  • 5. How to make sure your software works? Software testing! More: • Log analytics • Static analysis And more: • Test generation • Code review • Test code quality • Production code quality
  • 8. One Billion Log Lines a Day: Monitoring using the ELK Stack • Logstash: Unify different logging sources • Elastic Search: Search and filter large log data • Kibana: Visual interactive dashboard Image credit: www.neteye-blog.com
  • 9. Poll: Java Exceptions in a Payment System Your payment system in production generates 1 billion log lines per day. How many errors / warnings with exceptions do you expect to see? A. None. “We have a zero exception policy.” B. 1 Thousand. “Some exceptions are unavoidable.” C. 1 Million. “Most exceptions are harmless.” D. 1 Billion. “We only log errors and exceptions.” Adyen, Nov 2016: ~1,000,000 per day
  • 10. Logness: Extract, Cluster, Tag • Extract features: • application name, class name, exception • Remove details: • literal numbers, (encryption) hashes • Cluster: • Same payment identifier in 15min window • Same features • longest common substring above threshold • Tag as severe, known (monitored, bug), and unknown Peter Evers, Maurício Aniche, Arie van Deursen, Maikel Lobbezoo. Finding Relevant Errors in Massive Payment Log Data. TU Delft, 2017, in preparation. 1,000,000 err log lines --> 250 exception clusters
  • 11. Issues Found in Research Period First credit cards starting with 95 and with 19 digits: long overflow! Merchant configuration error. All payments stalled. Discovered before being noticed by merchant Firewall configuration problem: Server unreachable. Discovered before merchants were assigned to this server Server update incompatible with legacy point of sale terminals. Customer could buy, but merchant received no money. IOException triggered.
  • 12. Complex API Integration • Payment APIs are complex • Integration faults are easily made • Merchant needs assistance with API usage • Merchant may not notice mistakes • 2.5M http error responses per month • What can we learn from them? 12
  • 13. 2.5M Errors to 69 Fault Cases FC12 Contract not found Replication latency. FC24 iDEAL communication error FC42 Invalid paRes from issuer FC1 ApplePay token amount-mismatch FC5 Billing address problem (Country 0) FC62 Unable to decrypt data FC14 Could not read XML stream. FC15 Couldn’t parse expiry year Joop Aué, Maurício Aniche, Arie van Deursen, Maikel Lobbezoo An Exploratory Study on Faults in Web API Integration in a Large-Scale Payment Company . TU Delft, 2017. Submitted.
  • 14. 11 Common Causes for API Error Reponses Integrators are definitely the main responsible for API integration problems!
  • 15. API Integration Recommendations • API Consumer: • Actually handle all error codes returned by provider • API Producer: • Document which error codes can be returned under what circumstances • Offer easy-to-use test harness for integrations created by consumers • Make explicit which error codes are ‘retriable’ • Enrich returned error codes with actionable info (for consumer or end user) • Offer Error Dashboard for API consumer offering live insight in error handling • API Researcher: • Rethink API usability in this context
  • 17. Point of sale terminal variability • Card brands • Card entry modes (chip, swipe, contactless) • Currency conversion • Loyalty points • Validation type (pin, signature) • Issuer responses (declined, insufficient balance) • Cancellations (shopper, merchant)
  • 18. Passive learning Identifying system behavior from observations, and representing it in the smallest possible model. 20170101160001 Adyen version: ****** 20170101160002 Starting TX/amt=10001/currency=978 20170101160003 Starting EMV 20170101160004 EMV started 20170101160005 Magswipe opened 20170101160006 CTLS started 20170101160007 Transaction initialised 20170101160008 Run TX as EMV transaction 20170101160009 Application selected app:****** 20170101160010 read_application_data succeeded 20170101160011 data_authentication succeeded 20170101160012 validate 0 20170101160013 DCC rejected 20170101160014 terminal_risk_management succeeded 20170101160015 verify_card_holder succeeded 20170101160016 generate_first_ac succeeded 20170101160017 Authorizing online 20170101160018 Data returned by the host succeeded 20170101160019 Transaction authorized by card 20170101160020 Approved receipt printed 20170101160021 pos_result_code:APPROVED 20170101160022 Final status: Approved 20170101160001 Adyen version: ****** 20170101160002 Starting TX/amt=10001/currency=978 20170101160003 Starting EMV 20170101160004 EMV started 20170101160005 Magswipe opened 20170101160006 CTLS started 20170101160007 Transaction initialised 20170101160008 Run TX as EMV transaction 20170101160009 Application selected app:****** 20170101160010 read_application_data succeeded 20170101160011 data_authentication succeeded 20170101160012 validate 0 20170101160013 DCC rejected 20170101160014 terminal_risk_management succeeded 20170101160015 verify_card_holder succeeded 20170101160016 generate_first_ac succeeded 20170101160017 Authorizing online 20170101160018 Data returned by the host succeeded 20170101160019 Transaction authorized by card 20170101160020 Approved receipt printed 20170101160021 pos_result_code:APPROVED 20170101160022 Final status: Approved 20170101160001 Adyen version: ****** 20170101160002 Starting TX/amt=10001/currency=978 20170101160003 Starting EMV 20170101160004 EMV started 20170101160005 Magswipe opened 20170101160006 CTLS started 20170101160007 Transaction initialised 20170101160008 Run TX as EMV transaction 20170101160009 Application selected app:****** 20170101160010 read_application_data succeeded 20170101160011 data_authentication succeeded 20170101160012 validate 0 20170101160013 DCC rejected 20170101160014 terminal_risk_management succeeded 20170101160015 verify_card_holder succeeded 20170101160016 generate_first_ac succeeded 20170101160017 Authorizing online 20170101160018 Data returned by the host succeeded 20170101160019 Transaction authorized by card 20170101160020 Approved receipt printed 20170101160021 pos_result_code:APPROVED 20170101160022 Final status: Approved 20170101160001 Adyen version: ****** 20170101160002 Starting TX/amt=10001/currency=978 20170101160003 Starting EMV 20170101160004 EMV started 20170101160005 Magswipe opened 20170101160006 CTLS started 20170101160007 Transaction initialised 20170101160008 Run TX as EMV transaction 20170101160009 Application selected app:****** 20170101160010 read_application_data succeeded 20170101160011 data_authentication succeeded 20170101160012 validate 0 20170101160013 DCC rejected 20170101160014 terminal_risk_management succeeded 20170101160015 verify_card_holder succeeded 20170101160016 generate_first_ac succeeded 20170101160017 Authorizing online 20170101160018 Data returned by the host succeeded 20170101160019 Transaction authorized by card 20170101160020 Approved receipt printed 20170101160021 pos_result_code:APPROVED 20170101160022 Final status: Approved 20170101160001 Adyen version: ****** 20170101160002 Starting TX/amt=10001/currency=978 20170101160003 Starting EMV 20170101160004 EMV started 20170101160005 Magswipe opened 20170101160006 CTLS started 20170101160007 Transaction initialised 20170101160008 Run TX as EMV transaction 20170101160009 Application selected app:****** 20170101160010 read_application_data succeeded 20170101160011 data_authentication succeeded 20170101160012 validate 0 20170101160013 DCC rejected 20170101160014 terminal_risk_management succeeded 20170101160015 verify_card_holder succeeded 20170101160016 generate_first_ac succeeded 20170101160017 Authorizing online 20170101160018 Data returned by the host succeeded 20170101160019 Transaction authorized by card 20170101160020 Approved receipt printed 20170101160021 pos_result_code:APPROVED 20170101160022 Final status: Approved Rick Wieman, Maurício Aniche, Willem Lobbezoo, Sicco Verwer and Arie van Deursen. An Experience Report on Applying Passive Learning in a Large-Scale Payment Company. ICSME Industry Track, 2017 https://automatonlearning.net/ DFASAT / FlexFringe Heule & Verwer, ICGI 2010
  • 19. Use Inferred Models to Analyze: Bugs in Test Phase • Terminal asked for PIN • AND asked for signature • Domain expert noted this unwanted behavior in inferred model. • Fixed before it went into production
  • 20. Use Inferred Models to Analyze: Differences Between Card Brands Twice as many chip errors Informed merchant about issue.
  • 21. Use Inferred Models to Analyze: Time out problems Timeout Improved performance under network instability by adding targeted retry mechanism
  • 22.
  • 23. Log Analysis in Research 1. Abstraction Seeing the bigger picture 2. Detection Finding errors and anomalies 3. Enhancing More effective logging practices 4. Parsing Extracting message templates 5. Modeling Message ordering and protocols 6. Scaling Dealing with many many logs 7. Visualizing Put the eyes to use Joop Aué, Maurício Aniche, Arie van Deursen. Log Analysis from A-Z: A Literature Survey. TU Delft, 2017, in preparation. Identified 73 core papers. Venues: SIGOPS SOSP ACM TOCS Usenix WASL Usenix OSDI IEEE ISSRE ICSE
  • 24. Testing can be hard… • Lack of testability. • Hard to think about all the corner cases. • You never know if your tests are good enough.
  • 25. Fraser, Gordon, and Andrea Arcuri. "Evosuite: automatic test suite generation for object-oriented software." Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering. ACM, 2011.
  • 26. SQL Query SELECT Name FROM Product WHERE Price > 20 Name Price Towel 15 Lawn mower 40 1kg Caviar 900 Coffee cup 1 Name Price Towel 15 Lawn mower 40 1kg Caviar 900 Coffee cup 1 Database Table: Product Output Name Lawn mower 1kg Caviar
  • 27. Testing SQL Query SELECT Name FROM Product WHERE Price > 20 Name Price - 19 - 20 - 21 Test Database Table: Product Coverage Criterion 1. False Price = 19 2. Boundary Price = 20 3. True Price = 21
  • 28. Testing SQL Query SELECT * FROM `account` LEFT JOIN `user` AS `assignedUser` ON account.assigned_user_id = assigneduser.id LEFT JOIN `user` AS `modifiedBy` ON account.modified_by_id = modifiedby.id LEFT JOIN `user` AS `createdBy` ON account.created_by_id = createdby.id LEFT JOIN `entity_email_address` AS `emailAddressesMiddle` ON account.id = emailaddressesmiddle.entity_id AND emailaddressesmiddle.deleted = '0' AND emailaddressesmiddle.primary = '1' AND emailaddressesmiddle.entity_type = 'Account' LEFT JOIN `email_address` AS `emailAddresses` ON emailaddresses.id = emailaddressesmiddle.email_address_id AND emailaddresses.deleted = '0' LEFT JOIN `entity_phone_number` AS `phoneNumbersMiddle` ON account.id = phonenumbersmiddle.entity_id AND phonenumbersmiddle.deleted = '0' AND phonenumbersmiddle.primary = '1' AND phonenumbersmiddle.entity_type = 'Account' LEFT JOIN `phone_number` AS `phoneNumbers` ON phonenumbers.id = phonenumbersmiddle.phone_number_id AND phonenumbers.deleted = '0' WHERE (( account.name LIKE 'Besha%' OR account.id IN (SELECT entity_id FROM entity_email_address JOIN email_address ON email_address.id = entity_email_address.email_address_id WHERE entity_email_address.deleted = 0 AND entity_email_address.entity_type = 'Account' AND email_address.deleted = 0 AND email_address.name LIKE 'Besha%') )) AND account.deleted = '0' x 42 Coverage Rules 
  • 29. Other Approaches Coverage Rule Query SELECT Name FROM Product WHERE Price = 20 Column Constraints Name - Price = 20 Constraint Satisfaction Problem Coverage Rule Query SELECT Name FROM Product WHERE Price > 50 AND Price < 100 Column Constraints Name - Price > 50 and < 100 Constraint Satisfaction Problem
  • 30. Limitations Subqueries SELECT Name FROM Product WHERE Price < (SELECT MAX(Price) FROM UserPrice WHERE UserId = 1) String Constraints SELECT Price FROM Product WHERE Name = ‘Towel’ OR Name LIKE ‘%Caviar%’ 84% of our evaluation
  • 32. Using a Database Target Query SELECT Name FROM Product WHERE Price = 20 Name Price Towel 15 Coffee 4 Table: Product Dataset 1 Name Price Caviar 900 Table: Product Dataset 2 Fitness value: 5 880 > 20 - 15 900 - 20
  • 33. Using a Database Target Query SELECT Name FROM Product WHERE Price = 20 Name Price Towel 20 Coffee 4 Table: Product Dataset 1 Fitness value: 0 20 - 20
  • 34. Using a Database LEFT JOIN RIGHT JOIN INNER JOIN GROUP BY EXISTS HAVING WHERE LIKE MAX SUM IN NOT >= <> <= OR COUNT
  • 35. MC/DC Coverage on SQL Queries Javier Tuya, Maria Suarez-Cabal and Claudio de la Riva. Full predicate coverage for testing SQL database queries. Software Testing, Verification and Reliability, 2010.
  • 37. Initialization Coverage Rule Query SELECT Name FROM Product WHERE Price = 20 Name Price af08u4 -5461 1ruhaev 491 Table: Product Random Individual Name Price af08u4 20 1ruhaev 491 Table: Product Seeded Individual
  • 38. Crossover Name Price Towel 15Parent 1 Name Cat Coffee Drinks Name Price Coffee 4 Parent 2 Name Cat Glass Food T1 T2 T1 T2 Name Price Towel 15Offspring 1 Name Cat Coffee Drinks Name Price Coffee 4 Offspring 2 Name Cat Glass Food T1 T2 T1 T2
  • 39. Mutation – Add Name Price Towel 15 Caviar 400 Table: Product Name Price Towel 15 Caviar 400 Nail -23 Table: Product
  • 40. Mutation – Duplicate Name Price Towel 15 Caviar 400 Table: Product Name Price Towel 15 Caviar 400 Towel 15 Table: Product
  • 41. Mutation – Remove Name Price Towel 15 Caviar 400 Table: Product Name Price Towel 15 Table: Product
  • 42. Mutation – Change Name Price Towel 15 Caviar 400 Table: Product Name Price Towul 15 Caviar 400 Table: Product
  • 43. Mutation – Seeded Change Name Price Towel 15 Caviar 400 Table: Product Name Price Coffee 15 Caviar 400 Table: Product Coverage Rule Query SELECT Price FROM Product WHERE Name = ‘Coffee’
  • 44. EvoSQL EvoSQL SQLFpc Test Data Query Database Schema Coverage Rules Jeroen Castelein, Maurício Aniche, Mozhan Soltani, Annibale Panicchella, Arie Van Deursen Search-Based Test Data Generation for SQL Queries. ICSE 2018.
  • 45. Study Context 2,135 queries / 4 systems: • Alura, e-learning platform • EspoCRM, open source software for customer relations • SuiteCRM, open source software for customer relations • ERPNext, open source resource planning software for enterprises.
  • 46. Study Context Coverage Rules 1-2 3-4 5-6 7-8 9-10 11-15 16-20 21+ # Queries 656 382 408 346 114 107 51 71 84%
  • 47. EvoSQL Evaluation Outcomes • 100% of targets covered for 98% of the queries • On average 86% covered for the remaining 2% • Usually within seconds • Outperforms biased and random alternatives: • Biased random can handle 90% of simple queries (< 10 rules) • Biased random often finds no solution for complex queries (10+ rules)
  • 48. Developers love and hate linters!
  • 49.
  • 51. oWhat do developers expect from such tools? Why do they use them? oHow do they configure such flexible tools? oWhat challenges do developer face? Kristín Fjóla Tómasdóttir, Maurício Aniche, Arie Van Deursen. Why and How JavaScript Developers Use Linters. ASE 2017. The Adoption of JavaScript Linters. TU Delft. In preparation.
  • 52. Interviewing Developers Goal - Reasons for using a linter - Methods to configure a linter - Challenges Method - Grounded Theory - 13 questions Data - 15 developers - Top 120 JS GitHub projects 52
  • 53. Data - 86,366 JavaScript projects - 9,548 ESLint configuration files Analyzing Configuration Files Goal - Prevalence of configurations - Most common rules Method - GHTorrent & Google BigQuery - Tool to parse files
  • 54. Surveying Developers Goal - Reasons for using a linter - Methods to configure - Most important rules - Challenges Method - Questionnaire - Open and closed questions - Distributed in JS communities Data - 337 responses - Reddit, Echo JS, Facebook, Twitter
  • 56. Importance of the different rules 1. Stylistic Issues 2. Best Practices 3. Variables 4. Possible Errors 5. Node.js & CommonJS 6. ECMAScript 6 7. Strict Mode 1. Possible Errors 92.5% 2. Best Practices 89% 3. ECMAScript 6 86.7% 4. Variables 86,4% 5. Stylistic Issues 78.2% 6. Node.js & CommonJS 62.6% 7. Strict Mode 57.8%
  • 57. Stylistic Issues quotes 60.6% semi 48.1% indent 43.3% How Developers Configure Linters
  • 58. Possible Errors no-dupe-keys 39.2% no-unreachable 37.2% How Developers Configure Linters
  • 59. Best Practices eqeqeq 42.7% no-eval 36.9% How Developers Configure Linters
  • 60. How Developers Configure Linters Variables no-undef 40.6% no-unused-vars 40.3%
  • 62. To Mock or Not To Mock?
  • 64.
  • 65. When to mock? • Infrastructure is often mocked. • There was no clear trend on domain objects. • Complicated classes are mocked. • Classes that are too coupled are mocked. Davide Spadini, M. Finavaro Aniche, Magiel Bruntink, Alberto Bacchelli. To Mock or Not To Mock? An Empirical Study on Mocking Practices. MSR 2017. Mock Objects For Testing Java Systems: Why and How Developers Use Them, and How They Evolve. EMSE. In submission.
  • 66. Mocks are introduced from the very beginning of the test class! Davide Spadini, M. Finavaro Aniche, Magiel Bruntink, Alberto Bacchelli. To Mock or Not To Mock? An Empirical Study on Mocking Practices. MSR 2017. Mock Objects For Testing Java Systems: Why and How Developers Use Them, and How They Evolve. EMSE. In submission.
  • 67. Challenges • Dealing with coupling • Mocking in legacy systems • Non-testable/Hard-to-test classes • Untestable dependencies Davide Spadini, M. Finavaro Aniche, Magiel Bruntink, Alberto Bacchelli. To Mock or Not To Mock? An Empirical Study on Mocking Practices. MSR 2017. Mock Objects For Testing Java Systems: Why and How Developers Use Them, and How They Evolve. EMSE. In submission.
  • 68. 50% of changes in a mock occur because the production code changed! Coupling is strong! Davide Spadini, M. Finavaro Aniche, Magiel Bruntink, Alberto Bacchelli. To Mock or Not To Mock? An Empirical Study on Mocking Practices. MSR 2017. Mock Objects For Testing Java Systems: Why and How Developers Use Them, and How They Evolve. EMSE. In submission.
  • 69. ATTENTION: THE MOST IMPORTANT LESSON ABOUT WRITING AUTOMATED UNIT TESTS IS ABOUT TO COME!
  • 70. There’s a correlation between a complex code and a hard-to-test code. Aniche, M., Gerosa, M. “Does test-driven development improve class design? A qualitative study on developers’ perceptions”. Journal of the Brazilian Computer Society.2015, 21:15. Bruntink, Magiel, and Arie Van Deursen. "Predicting class testability using object-oriented metrics." Fourth IEEE International Workshop on Source Code Analysis and Manipulation, 2004.
  • 72. How I (Maurício) do the trade-off Unit tests Integration tests System tests Manual All business rules should be tested here. Avoid at all cost. But do it when needed. Complex integrations with external services. Main/Risky flow of the app tested. You will come up with your own way of thinking!
  • 73. It’s your job to decide the best test to write!
  • 74. A catalogue of patterns For Web Testing Fixture API ID in HTML Move Fast, Move Slow … Aniche, M., Guerra, E., Gerosa, M. “A Set of Patterns to Improve Code Quality of Automated Functional Tests of Web Applications”. 21th Conference on Pattern Languages of Programs. 2014.
  • 75. Code review in test files! Test files are almost 2 times less likely to be discussed during code review when reviewed together with production files!! Davide Spadini, Maurício Aniche, Magiel Bruntink, Margaret-Anne Storey, Alberto Bacchelli. When Testing Meets Code Review: Why and How Developers Review Tests. ICSE 2018.
  • 76. Code review in test files! Little on finding more bugs! Davide Spadini, Maurício Aniche, Magiel Bruntink, Margaret-Anne Storey, Alberto Bacchelli. When Testing Meets Code Review: Why and How Developers Review Tests. ICSE 2018.
  • 77. A main concern of reviewers is understanding whether the test covers all the paths of the production code and to ensure tests’ maintainability and readability. Lack of good tooling support!
  • 79. Common mistakes Maurício Aniche, Felienne Hermans, Arie van Deursen. An Exploratory Study on Challenges in Software Testing Education. TU Delft. In submission. • Test coverage (20.87%) • Maintainability of test code (20.42%) • Understanding test concepts (15.35%) • Boundary testing (12.95%) • State-based testing (12.39%) • Assertions (8.93%) • Mock Objects (5.87%) • Tools (4.21%)
  • 80. Difficult topics Maurício Aniche, Felienne Hermans, Arie van Deursen. An Exploratory Study on Challenges in Software Testing Education. TU Delft. In submission.
  • 81. How to Learn? Maurício Aniche, Felienne Hermans, Arie van Deursen. An Exploratory Study on Challenges in Software Testing Education. TU Delft. In submission. Peopledonotlikebooksandpapers…
  • 82. Challenges Maurício Aniche, Felienne Hermans, Arie van Deursen. An Exploratory Study on Challenges in Software Testing Education. TU Delft. In submission. • Apply tools and techniques for the first time. • How, what, and how much to test. • Understanding the system under test. • Motivation and experience. • Software testing theory. • Testability mindset.
  • 83. The majority of projects and users [from 416 participants and 1,337,872 intervals] do not practice testing actively. We should change it. Moritz Beller, Georgios Gousios, Annibale Panichella, Andy Zaidman. When, How, and Why Developers (Do Not) Test in Their IDEs. FSE 2015.
  • 84. Topics we discussed today! • Log Analytics and DevOps • Web API integration mistakes • Testing SQL queries • To Mock or Not To Mock? • Code review in test files • Challenges in learning software testing Maurício Aniche (m.f.aniche@tudelft.nl / @mauricioaniche)

Editor's Notes

  1. Directe tenured collega’s: Georgios, Andy, Felienne, Alberto Four former msc students now working in industry, 2 phds, 1 postdoc, one former msc student now working in academia. https://emojipedia.org/flag-for-netherlands/ Evt ook STAMP/BSR/NWO/Adyen Evt ook Michael de Jong, Anthony, Georgios, Peggy, Martin P.
  2. 4 roles System that is operational 7 x 24. Needs a lot of monitoring. So fits our devops setting very well.
  3. At the 2008 Agile Toronto conference, Andrew Shafer and Patrick Debois introduced the term in their talk on "Agile Infrastructure”. The prototypical devops picture. Fault tolerance, resilient to load swings. Culture: Accepting joint responsibility. https://commons.wikimedia.org/wiki/File:Devops-toolchain.svg Stages in a devops tool chain. Release / provision. One system: One release. Multiple deployments under many different configurations. Think product line. Operate: Make sure it can be used Monitor: Learn and improve – close the feedback loop. IT People: data center focused. Infrastructure management. Infra as code. Support people: client focused. Without Borders In SE research, we focus on the left part: Creation / modification, and verification. Plan: Decide what feature to add or what issue to fix. Create: Modify the product as planned Verify: Automatically test, check it works. Package: Make the artefact ready for use by other. E.g., npm, maven central, or local nexus server. Code — code development and review, source code management tools, code merging Build — continuous integration tools, build status Test — continuous testing tools that provide feedback on business risks Package — artifact repository, application pre-deployment staging Release — change management, release approvals, release automation Configure — infrastructure configuration and management, Infrastructure as Code tools Monitor — applications performance monitoring, end–user experience
  4. Logging: Key component of monitoring architecture System logs, application logs, web server logs, … Critical, error, warning, info, debug levels Diagnosis, security, audits, debugging, … http://www.neteye-blog.com/wp-content/uploads/2014/06/log-logstash-elasticsearch-kibana-flow.png
  5. Precision and Recall around 90%. Inspects sample of log messages on several days.
  6. Found issues, reported them, and they actually required a fix. Found signal, not noise. Saved money. Really devops: Mix between operational problems (firewall, configuration) and development (long overflow, backward compatibility). Approach not very deep. Low hanging fruit. Industry does not care if it is low or high hanging fruit. To collaborate, you need to address the problems. Paves the way for next collaboration. Savings: Substantial. DevOps: Development AND Operations. Several of these exceptions point to operations problems. Relatively mundane: Operations AND development issues. Not rocket science. Low hanging fruit. If you want to work with industry, you need to solve problems. This earned the credit to take the next steps.
  7. 69 cases represent 30% of all error messages, yet 91% of all http errors. Impacting 1500 of all consumers End user: Consumer: Internal/Provider : FC2, FC12, FC62 Third party: FC24, FC42 FC2: Due to missing response data from a third party payment method, recurring payments for a specific bank and payment method are failing. In this case Adyen resorts to a backup mechanism, which is unsuccessful and causes an internal error. FC12) “800 - Contract not found” (2): This error is caused by an internal database replication delay. When a recurring contract is created it takes a few minutes to be replicated to the slaves. If the contract is requests before replication the request fails with this error. FC62) “174 - Unable to decrypt data” (2) : Credit card information encrypted in the shoppers browser is to be decrypted by Adyen. In a limited number of cases this encryption fails with an internal exception, causing this error to be returned. FC24) “0 - iDEAL communication error”: The select iDEAL bank is not available. This can be because of planned maintenance or a temporary connection problem. FC42) “105 - Invalid paRes from issuer” (1) 3D secure authorize calls require a payment authorization response from the issuer and a payment session identifier. This error is returned when Adyen tries to process the payment with the issuer, which is unable to process their own payment authorization response. FC1) “5 001 - ApplePay token amount-mismatch” : one cent difference in amount in request and in ApplePay token.
  8. Double p Process payment or disablement multiple times in specific settings. The merchant in this case tries to process a 3D secure payment request multiple times, which results in an error. The API does not handle the error well resulting in an empty response. Specific authorization request type. This error occurs when one attempts to disable a shopper contract that has been disabled in the past. The reference associated with the contract thus not found. rocessing: FC11, FC18, FC69
  9. 250 currencies 150 payment methods
  10. Sicco Verwer and Christian Hammerschmidt. flexfringe: a passive automaton learning package International Colloquium on Grammar Inference
  11. A boundary with the systems community! Who of you has written papers that should be discussed in such a survey? Great, I want to talk to you!
  12. What is a SQL query
  13. It’s no problem to do this for one simple query. But many, or complex queries soon get awful to do manually. Hence, we need automated test data generation.
  14. What do these other approaches do? What are their limitations?
  15. What do these other approaches do? What are their limitations?
  16. Overview of how we use a database
  17. So to overcome the limitations of not being able to solve some SQL constructs, we came up with the idea of using a real database, as it is able to process any SQL query. From the database, we can extract information during query execution. This information can then be used to find the right data. Do some examples
  18. So to overcome the limitations of not being able to solve some SQL constructs, we came up with the idea of using a real database, as it is able to process any SQL query. From the database, we can extract information during query execution. This information can then be used to find the right data. Do some examples
  19. We use a search-based optimization algorithm to find the solutions in the search space
  20. If we look how many coverage rules are generated by our queries Most of the queries generate few coverage rules, but there is still quite a number of queries that generate more than 10.
  21. First step: Now working on integrating this in the IDE, and using it for integration testing.