Что такое Gherkin? Как всё это работает, например с Cucumber-jvm? Какие обычные и специфичные features реализует фреймворк? Каковы best practices его использования? Когда вообще все это стоит применять?
Данный доклад интересен для тех кто желает ознакомится с BDD и вышеназванным фреймворком. Много практических примеров и несколько советов по использованию.
Building a Pyramid: Symfony Testing StrategiesCiaranMcNulty
The last few years have seen a huge adoption of testing practices, and an explosion of different testing tools, in the PHP space. The difficulties come when we have to choose which tools to use, in what combinations, and how to apply them to existing codebases.
In this talk we will look at what tools are available, what their strengths are, how to decide which set of tools to use for new or legacy projects, and when to prioritise decoupling and testability over the convenience we get from our frameworks.
Building a Pyramid: Symfony Testing StrategiesCiaranMcNulty
The last few years have seen a huge adoption of testing practices, and an explosion of different testing tools, in the PHP space. The difficulties come when we have to choose which tools to use, in what combinations, and how to apply them to existing codebases.
In this talk we will look at what tools are available, what their strengths are, how to decide which set of tools to use for new or legacy projects, and when to prioritise decoupling and testability over the convenience we get from our frameworks.
Aesthetics and the Beauty of an ArchitectureTom Scott
CQRS & Event Sourcing are patterns gaining traction and popularity. In this presentation given at Øredev 2013 it talks about real-world experiences using these patterns, the good, the bad and the ugly.
Beyond php - it's not (just) about the codeWim Godden
Most PHP developers focus on writing code. But creating Web applications is about much more than just wrting PHP. Take a step outside the PHP cocoon and into the big PHP ecosphere to find out how small code changes can make a world of difference on servers and network. This talk is an eye-opener for developers who spend over 80% of their time coding, debugging and testing.
Using Change Streams to Keep Up with Your DataMongoDB
Speaker: Aly Cabral
Real-time feedback is an essential part of modern application development where developers want to sync across platforms, systems, and users to provide better end-user experiences. In MongoDB 3.6, change streams will empower developers to easily leverage the power of MongoDB's internal real-time functionality to react to relevant data changes immediately. This session introduces change streams and walks you through developing against them. We will dive into use cases and explore how to make good architectural decisions around this new functionality.
Nowadays we all seem to be working with small independent services that need to talk with numerous other services. This is a problem because when developing your service, you need to have a working environment—but bringing up all your dependencies is often not an option.
In this talk, I will take you through our journey of creating a mock server to increase dev speed, and how it allowed us to write better tests.
An in-depth look at intermediate to advanced level Behat topics. We'll cover writing better features, regular expressions in steps, Context files, changes from Behat 2 to 3, and more,
Build Solutions Not Puzzles - Write Sensible Code. Write code that can clearly communicate your intension. A few guideline and tips for writing readable and maintainable code.
The next version of JavaScript, ES6, is starting to arrive. Many of its features are simple enhancements to the language we already have: things like arrow functions, class syntax, and destructuring. But other features will change the way we program JavaScript, fundamentally expanding the capabilities of the language and reshaping our future codebases. In this talk we'll focus on two of these, discovering the the myriad possibilities of generators and the many tricks you can pull of with template strings.
ES3-2020-06 Test Driven Development (TDD)David Rodenas
Basics of TDD. Including why? Why it is discipline. Typical Pitfalls. Kinds of TDD, and a Recipe so anyone can do testing quickly. And lots of examples.
Aesthetics and the Beauty of an ArchitectureTom Scott
CQRS & Event Sourcing are patterns gaining traction and popularity. In this presentation given at Øredev 2013 it talks about real-world experiences using these patterns, the good, the bad and the ugly.
Beyond php - it's not (just) about the codeWim Godden
Most PHP developers focus on writing code. But creating Web applications is about much more than just wrting PHP. Take a step outside the PHP cocoon and into the big PHP ecosphere to find out how small code changes can make a world of difference on servers and network. This talk is an eye-opener for developers who spend over 80% of their time coding, debugging and testing.
Using Change Streams to Keep Up with Your DataMongoDB
Speaker: Aly Cabral
Real-time feedback is an essential part of modern application development where developers want to sync across platforms, systems, and users to provide better end-user experiences. In MongoDB 3.6, change streams will empower developers to easily leverage the power of MongoDB's internal real-time functionality to react to relevant data changes immediately. This session introduces change streams and walks you through developing against them. We will dive into use cases and explore how to make good architectural decisions around this new functionality.
Nowadays we all seem to be working with small independent services that need to talk with numerous other services. This is a problem because when developing your service, you need to have a working environment—but bringing up all your dependencies is often not an option.
In this talk, I will take you through our journey of creating a mock server to increase dev speed, and how it allowed us to write better tests.
An in-depth look at intermediate to advanced level Behat topics. We'll cover writing better features, regular expressions in steps, Context files, changes from Behat 2 to 3, and more,
Build Solutions Not Puzzles - Write Sensible Code. Write code that can clearly communicate your intension. A few guideline and tips for writing readable and maintainable code.
The next version of JavaScript, ES6, is starting to arrive. Many of its features are simple enhancements to the language we already have: things like arrow functions, class syntax, and destructuring. But other features will change the way we program JavaScript, fundamentally expanding the capabilities of the language and reshaping our future codebases. In this talk we'll focus on two of these, discovering the the myriad possibilities of generators and the many tricks you can pull of with template strings.
ES3-2020-06 Test Driven Development (TDD)David Rodenas
Basics of TDD. Including why? Why it is discipline. Typical Pitfalls. Kinds of TDD, and a Recipe so anyone can do testing quickly. And lots of examples.
Do more with less code in a serverless worldjeromevdl
There are many software engineering practices that can and should be applied to Lambda functions: Single Responsibility Principle (from SOLID), You Ain't Gonna Need It (YAGNI), Keep It Simply Stupid (KISS). In this presentation, I'll go through the different ways to apply those principles in the AWS serverless world and even to avoid the usage of Lambda functions sometimes.
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилинQAFest
Поговоримо про найпопулярніші помилки, яких припускаються розробники веб додатків, та як зловмисник може використати їх на свою користь. Охопимо максимальну кількість матеріалу за короткий проміжок часу.
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The FutureQAFest
Мы уже разговаривали о self-healing автоматизации, как она работает, какие есть подходы, чем они хороши, плохи и о новом инструменте, который мы разрабатываем в EPAM. Наш продукт завершает стадию POC и настало время поделиться результатами и понять, насколько self-healing автоматизация поможет вашим тестам стать стабильнее? Или наоборот, навредит?... Приходи и узнаешь!
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...QAFest
Mobile apps and websites are now the predominant ways that users interact with brands. Research has shown that slow sites and apps lose customer engagement. Despite this, most mobile sites and apps have performance issues that can be easily resolved once diagnosed. In this talk, we will walk through steps to diagnose network performance bottlenecks in mobile services. We'll discuss real-world examples and how they were resolved. Attendees will leave this talk armed with the tools to test, diagnose and resolve the top network performance issues that affect mobile today.
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...QAFest
Раньше мы в Badoo фокусировались в основным на ручном тестировании. Получался этакий дедлок мануальной регрессии: не было времени, чтоб писать тесты, потому что много тестировали руками, а много тестировали руками, потому что не было автотестов.
Но мы смогли наладить свою систему автоматизации и процессы, разорвали этот порочный круг и начали писать годные тесты.
В своем докладе я расскажу, как нам удалось сократить ручную регрессию с 90% до 30% рабочего времени, при этом сохранить достойный уровень качества и профессионально вырасти!
QA Fest 2019. Никита Галкин. Как зарабатывать большеQAFest
Вам знаком термин mindshift? Именно его вы испытаете от этого доклада. Он будет не о QA процессах или инструментах, он будет о деньгах и бизнесе, о рисках и коммуникациях. Все это с примерами из Украинского и мировом IT в формате живого общения с аудиторией.
QA Fest 2019. Сергей Пирогов. Why everything is spoiledQAFest
In this talk, I will cover the pain points of the Test Automation process. We will discuss traps, mistakes and crazy decisions that lead to test automation failure and lost budgets.
QA Fest 2019. Сергей Новик. Между мотивацией и выгораниемQAFest
Поговорим о мотивации простым языком, проясним, что стимулирует нас работать лучше. Поисследуем обратную сторону мотивации – выгорание. Выясним, как диагностировать выгорание и не допустить неприятных последствий.
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...QAFest
Для разработки современных программных решений необходимо обеспечить эффективную систему тестирования, которая состоит из большого количества компонентов и задает требования ко всем этапам разработки.
Владимир Никонов, руководитель департамента разработки платформы в Terrasoft, эксперт в области проектирования приложений с опытом работы более 10 лет, поделится экспертным мнением с участниками QA Fest и расскажет:
- об инструментах и процессах на каждом этапе создания и поставки функциональности: от unit-тестов до нефункционального тестирования;
- о требования к инструментам тестирования и компетенциям команды QA-инженеров, которые необходимо выдвигать на каждом этапе тестирования;
- как внедрять современные подходы в существующий проект с минимальными затратами;
- как развивать команду и процессы тестирования в целом.
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...QAFest
Доклад посвящен автоматизации тестирования WEB-приложений с SVG-графикой. В 1-ой части доклада даны короткое описание процессов разрабатываемого приложения и обоснование необходимости применения SVG-графики. Во 2-ой части сделан короткий обзор SVG-графики, показаны основные преимущества/недостатки такого типа графики, сделан обзор основных SVG-поверхностей и рассмотрен процесс их трансформации с помощью матрицы преобразования с разбором ее основных типов. В 3-ей части обозначены основные проблемы автоматизации действий с SVG-графикой, такие как drag’n’drop графических объектов (SVG на SVG), их масштабирование при помощи колесика мышки и выделение ломаный линий. В 4-ой части показаны решения обозначенных проблем с использованием JavaScript.
QA Fest 2019. Иван Крутов. Bulletproof Selenium ClusterQAFest
Browser tests are known to be the flakiest ones. This is partly because browser infrastructure is complicated to maintain. But the second reason is – mainstream browser automation tools such as Selenium server are far from being efficient.
A year ago I have shown Selenoid - a truly efficient replacement of the standard Selenium server. This year I would like to demonstrate how to organize a fault-tolerant and easily scalable Selenium cluster using virtual machines in the cloud. I will start by setting up several Selenoid nodes and configure them to send logs and recorded videos to S3-compatible storage. Then I will run multiple Ggr load balancer instances allowing to use all running Selenoid nodes and organize a single entry point to the cluster. Finally, we'll discuss how to work with VNC and video recording in such a cluster.
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...QAFest
Случалось ли вам запускать автоматизацию на проекте? Испытывать непревзойденное удовольствие от необходимости собеседовать технического специалиста, когда сам не имеешь технического опыта? Если да, то этот доклад для вас.
Мы научимся анализировать сеньорность кандитата, его технический уровень и способность к организации команд. Но самое главное - все это мы сможем достичь без серьезного технического опыта. Будет интересно, заходи на огонек!
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...QAFest
Це буде огляд підходів до побудови програми безпеки програмного забезпечення в команді розробки або кампанії загалом, доповнений висновками з мого власного досвіду виконання практичних та консультаційних проектів в сфері Application Security.
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automationQAFest
Веб-приложения и технологии стремительно развиваются. Мы уже вступили в эру Single Page Application и идем к Progressive Web Application. В большинстве современных проектов идет разделение команд на front-end и back-end, и не только команд, но идет раздельная релизная политика. Это требует более детальных подходов к тестированию front-end. В этом докладе мы рассмотрим кейсы, который есть на практике при тестировании задач front-end и инструменты автоматизации, которые могут решать задачи описанные в этих кейсах: чтение request/response browser network и соответственно мокирование response.
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...QAFest
Проектирование и производство медицинских устройств — это регулируемый бизнес. Государственные органы во всем мире призваны гарантировать безопасность и эффективность медицинских устройств. Несоответствие нормативным требованиям ставит под угрозу жизнь и здоровье человека. Как медицинское регулирование влияет на рабочий процесс компании производителя? Мы поговорим о том, какие вызовы стоят перед тестировщиком медицинского софта, а также какие возможности при этом открываются.
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...QAFest
Про «тестабилити» в последнее время говорят часто, зачастую говорят в рамках способности тестировать тот или иной функционал. А иногда и ограничиваются только возможностью автоматизировать. Существует техника “10P тестируемости”, которая используется для оптимизации процесса разработки, как инструмент анализа и настройки процессов для достижения успеха на проекте в целом. Вот об этом и поговорим.
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях ITQAFest
Твою гениальность не замечает никто кроме мамы? Идеи и проекты нравятся только твоему коту? Одногруппники уже руководители подразделений, а ты завис между middle и senior? Пришло время найти баги не только на проекте, но и в своей голове! Прокачаем коммуникативные навыки:)
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложенииQAFest
С каждым годом мобильных приложений становится все больше, но мало кто обращает внимание на безопасность этого приложения, когда оно находится в процессе разработки. Так как бизнес нацелен только на то, чтобы оторвать большую часть пользователей, которые будут использовать это приложение, они обращают внимание на конфиденциальность своих клиентов в последнюю очередь. В своем докладе я расскажу как мануал QA может проверить мобильное приложение на уязвимости и найти топовые дыры по рейтингу OWASP. В презентации будут использованы такие тулзы Santoku Linux + Genymotion.
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...QAFest
Маючи досвід роботи з іноземними замовниками і колегами, а також вивчаючи культурні особливості жителів інших країн, ми якось поставили собі за мету з'ясувати, якими українців бачать іноземці, чи потрібно їм підлаштовуватись під нашу манеру спілкування, чи є щось, що вони зовсім не можуть прийняти.
Поділимося з вами результатами цієї затії, а також поговоримо про:
- те, що потрібно знати українцям про свої софт скіли,
- то, як відрізняються софт скіли українців і жителів кількох інших країн,
- важливість софт скілів для успішних комунікацій з іноземними колегами,
- важливість софт скілів для просування по кар'єрі.
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...QAFest
Обычно в процессе нагрузочного тестирование необходимые app-side метрики(response time, throughput, ..) можно получить прямо в генераторе нагрузки. Мы шлем запрос, получаем респонс и зачастую время выполнения запроса это и есть то что нам нужно.
Но что если после того как сервер отдал вам ответ происходит еще ряд асинхронных операций, время выполнения которых нам необходимо проверить? Как замерить время выполнения этих запросов? Какая часть системы является узким местом в производительности?
В докладе рассмотрим какие челенжи появляются в такой ситуации и как их можно решить.
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22QAFest
Хотели бы вы, чтобы в Украине происходило больше QA ивентов? Чувствуете, что их не хватает?
Знаете, кто может это изменить? - Вы!
Я поделюсь подходами, которые мы использовали при организации QA хакатонов в Wix, которыми завтра вы сможете воспользоваться для создания вашего крутого ивента!
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
4. Gherkin
04.11.2014 / 4
Feature: Short summary title
As a common user
I want to be able to do something
So that I have a profit
Scenario: Particular case
Given some precondition
And some other precondition
When some action is done by user
And some other action
And yet another action
Then some testable outcome is achieved
And something else we can check happens too
Prepare Act Assert
5. Step Definitions & Runners
04.11.2014 / 5
package myprecious.tests.cucumber.steps;
public class CertainSteps {
@Given("^some precondition$")
public void step_definition() {
... //My code here
}
@When("^some action is done by user$")
public void some_action_is_done {
... //Some Selenium here
}
...
package myprecious.tests.cucumber.runners;
@RunWith(Cucumber.class)
@Cucumber.Options(
tags = {"~@skipped", "~@inProgress", "~@current"},
strict = true,
format = { "json:target/cukes.json"},
monochrome = true,
glue = {"myprecious.tests.cucumber.steps",
" myprecious.tests.cucumber.hooks"})
public class LetTehTestsOut {
}
regular expressions
only informative role
locations for test parts
“features” is separate one
@runMe
~@dontRunMe
reporting options
@tag
Scenario: Particular case
Given some precondition
7. Hooks
04.11.2014 / 7
Feature: Payment operations
@ui
Scenario: Make payment using current card
Given I have logged
And I have selected card
...
@service
Scenario: Get internal payment info
Given I have submitted payment :
...
public class TaggedHooks {
@Before("@ui")
public void startUpUi() {
//open browser ...
}
@After("@ui")
public void clearUi(Scenario scenario) {
if (scenario.getStatus().equals("failed")) {
byte[] screenshot = ((TakesScreenshot)driver).
getScreenshotAs(OutputType.BYTES);
scenario.embed(screenshot, "image/png");
}
OR (“@ui, @service”)
AND ({“@ui”, “@service”})
only scenario status
if few, executed in backward order
~ works
here too
8. Feature: Card operations
Scenario: Change PIN successfully
Given I am on account main page
And I select my card from list
And I enter the correct PIN
When I change the PIN to 9876
Then the system should know my new PIN is 9876
Scenario: Transaction list
Given I am on account main page
And I select my card from list
And I enter the correct PIN
And card was used at least once
When I click info panel
Then list of transactions is shown
Scenario: Print card information
Given I am on account main page
And I select my card from list
And I enter the correct PIN
When I click print button
Then page with card information is shown
And it contains card account number
Background
04.11.2014 / 8
Feature: Card operations
Background: User selected a card
Given I am on account main page
And I select my card from list
And I enter the correct PIN
Scenario: Change PIN successfully
When I change the PIN to 9876
Then the system should know my new PIN is 9876
Scenario: Transaction list
Given card was used at least once
When I click info panel
Then list of transactions is shown
Scenario: Print card information
When I click print button
Then page with card information is shown
And it contains card account number
9. Examples
04.11.2014 / 9
Feature: User registration
Scenario: Tooltips for email registration
Given I am on quick registration form
When I fill "Email" field with ""
And I click somewhere else
Then I should see error message "Email cannot be blank"
When I fill "email" field with "darth.vader"
And I click somewhere else
Then I should see error message "Please input valid Email address"
When I fill "email" field with "admin@domain.com"
And I click somewhere else
Then I should see error message "Email has already been taken"
When I fill "password" field with ""
And I click somewhere else
Then I should see error message "Password cannot be blank"
When I fill "password" field with "asdf"
And I click somewhere else
Then I should see error message "Password is too short"
Feature: User registration
Scenario Outline: Tooltips for email registration
Given I am on quick registration form
When I fill "<field_name>" field with "<value>"
And I click somewhere else
Then I should see error tooltip "<error_message>"
Examples:
| field_name | value | error_message |
| Email | | Email cannot be blank |
| Email | luke.skywalker | Please input valid Email address |
| Email | admin@domain.com | Email has already been taken |
| Password | | Password cannot be blank |
| Password | asdf | Password is too short |
11. Usual variables
04.11.2014 / 11
When I select 28 as a "delivery date"
@When("^I select (d+) as a "(.+)"$")
public void stepDefA(int number, String controlName){
Given months "September,July,March" are checked
@Given("^months "(.+)" are checked$")
public void stepDefB(List<String> monthNames){
Given delivery date is “28-02-2014"
@Given("^delivery date is "(d{2}-d{2}-d{4})"$")
public void stepDefC(@Format("dd-MM-yyyy") Date today) {
Then payment is updated in DB2 database
@Then("^payment is updated in (DB2|Oracle) database$")
public void stepDefD(String dbName){
Then error dialog is shown again
@When("^error dialog is shown(?: again)?$")
public void stepDefE(){
12. Multiline text
04.11.2014 / 12
Then informational message is shown:
"""
Welcome to the Cosa Nostra card activation system.
=======
If you would like us to take care of these losers before they cause you
any trouble, please proceed to payment card information menu.
"""
Given I have a user account "Test Testersen"
When it is granted <Role> rights
And I submit a support request
Then I should receieve an email:
"""
Dear T. Testersen,
Unfortunately all our specialists are busy.
Please <Action> <Person> in order to get further help
with Your issue.
Thank You for using our service.
"""
Examples:
| Role | Action | Person |
| customer | call | customer support team |
| customer support | email | service operations team |
| service operations | brace | yourself |
@Then("^informational message is shown:$")
public void info_message_shown(String messageText) {
15. Integrate
04.11.2014 / 15
Maven failsafe plugin to launch the tests.
Test reports passed in json to Jenkins Cucumber report plugin.
16. Use the power
04.11.2014 / 16
Backgrounds, examples, regexps …
Given I am on the advanced search page
And I select "Endocrinology" from "Specialty"
And I choose "Yes" within "Accepts Insurance"
And I fill in "ZIP Code" with "90010"
And I select "5 miles" from "Search Radius"
When I press "Search"
When I search for a provider with the criteria:
| Provider Type | Doctor |
| Specialty | Endocrinology |
| Accepts Insurance | Yes |
| ZIP | 90010 |
| Search Radius | 5 miles |
When I search for a provider with the default criteria and:
| Specialty | Endocrinology |
| Accepts Insurance | No |
...
When I search for a provider with the default criteria
Then the search criteria should include:
| Provider Type | Doctor |
| Specialty | General |
| Accepts Insurance | Yes |
| ZIP | 90010 |
| Search Radius | 5 miles |
17. Use the power … of regexps?
04.11.2014 / 17
When I use email (?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:.[a-z0-
9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[x01-x08x0bx0cx0e-x1fx21x23-x5bx5d-x7f]|[x01-
x09x0bx0cx0e-x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?.)+[a-z0-
9](?:[a-z0-9-]*[a-z0-9])?|[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-
9]?).){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-
9]:(?:[x01-x08x0bx0cx0e-x1fx21-x5ax53-x7f]|[x01-x09x0bx0cx0e-x7f])+)])
When I am logged in
...
When I am logged in as "Joda"
@Then("^I am logged in$")
.* Anything or nothing
.+ Something
d* none or more digits
d+ some digits
"[^"]*" Something in quotes
an? Something optional
...
@When("^(?:I am logged|I log) in as an? "([^"]*)"$")
@Then("^(?:receipt has )?following payment (?:information|info) :$")
18. Choose your domain
04.11.2014 / 18
Scenario: User with valid credentials
Given an unauthenticated user
When the user tries to navigate to the welcome page
Then they should be redirected to the login page
When the user enters a valid name in the Name field
And the user enters the corresponding password in the Password field
And the user presses the Login button
Then they should be directed to the welcome page
• Security domain, user authentication
• Password based authentication domain
• UI widgets domain
• Domain of web assets
Scenario: User with valid credentials
Given an unauthenticated user
When the user tries to access a restricted asset
Then they should be directed to a login page
When the user submits valid credentials
Then they should be redirected back to the restricted content
• “WHAT” User authentication domain
• “HOW” Web based security domain
19. Declarative vs. Imperative
04.11.2014 / 19
How exactly to do it ?What should be done?
Scenario: Successful login
Given a user "Smith" with password "qwerty"
And I am on the login page
And I fill in "User name" with "Smith"
And I fill in "Password" with "qwerty"
When I press "Log in"
Then I should see "Welcome, Smith"
Background:
Scenario: Successful login
Given a user "Smith" with password "qwerty"
And I am on the login page
And I fill in "User name" with "Smith"
And I fill in "Password" with "qwerty"
When I press "Log in"
Then I should see "Welcome, Smith"
Scenario: User is greeted upon login
Given the user "Smith" has an account
When he logs in
Then he should see "Welcome, Smith"
Background: The user is logged in
Given a logged in user
Feature: The System
Scenario: Everything Works
Given the system exists
When I use it
Then it should work, perfectly
21. 04.11.2014 / 21
Don’t use Cucumber unless you live in the magic kingdom
of non-programmers-writing-tests (and send me a bottle of
fairy dust if you’re there!)
~ David Heinemeier Hansson
1. Non-developers are involved too
Product owner
Test engineer
? Test automation engineer
2. Executable specification
3. BDD, TDD
Specification, not script
Abstract, declarative
Shared language
Key examples
Collaboration tool
Jira (Behave Plug-in), Cucumber Pro, Relish . . .
Developer
22. Useful links and sources
Web
• github.com/cucumber/cucumber-jvm
• cukes.info/ – project page
• dannorth.net/archives/ – creator of BDD
• aslakhellesoy.com/ – framework creator
• agileforall.com/blog/ – usage examples
• cucumber.pro/ – Cucumber Pro + blog
Books
• The Cucumber Book – Wynne M, Hellesøy A, 2012
04.11.2014 / 22
Что общего между корнишонами** и мейнфреймами**?
Наверное все таки ничего. Но если вспомнить корнишон это Gherkin**, а с мейнфреймами тесно связан язык COBOL**
то мы получим два языка которые разделяет пятьдесят пять лет и которые были созданы с очень похожими целями.
Как и COBOL, а именно COmmon Business-Oriented Language, язык Gherkin был создан для того что бы
заполнить нишу между knowledge-holder’ами и разработчиками.
Сложно судить получилось ли это у COBOL, за время своего существования язык сталкивался со множеством проблем
(отсутствие модульности, структурности, нецелевое использование)
Подготовка – Действие – Проверка
Precondition (Условие) – Input – Output
Язык для определения спецификац ий используется практически во всех BDD Фреймворках
Ruby - Cucubmer
Java – Cucumber-jvm, Jbehave
Python – Behave
PHP – Behat
SpecFlow – C#
В общем всё что угодно что бы поработить мир и использоваться на проекте
Есть тест кейс с определённым шагом-действием
Для него в каком то классе есть аннотированный метод Step Definition
И все это дела запускает раннер
Всем понятно
Also scalar transformations
Cucumber-JVM's built-in scalar types are
numbers,
enums,
java.util.Date,
java.util.Calendar
and arbitrary types that have a single-argument constructor that is either a String or an Object
Если помните есть такие Examples, так вот
Screenshots are embedded in json as Base64 byte array
Cucumber tests are ran nightly or by launching the Jenkins job.
Bamboo (plugin), TeamCity (formatter) , TFS (SpecFlow uses Nunit)
Регекспы такое дело, можно такого сделать что захочется застрелиться
В какой степени использовать их решать вам (автоматизаторам), потому что им же их потом в основном и поддерживать
+ от password-based к OpenID, или centralized authentication system (CAS) model, или email ?
+ name выбирается DDL, radio buttons ?
+ обойти welcome page и попасть на дэшборд?
Разные stakeholder’ы для каждого домена, каждый меняется, сценарий _хрупкий_
Должно быть 2 домена:
- домен ЧТО, название, требование -- ЦЕЛЬ
- домен КАК , шаги, реализация -- желаемое ПОВЕДЕНИЕ приложения
2 человека для которых мы это пишем:
Тот кому необходима эта функиональность
Тот кто её реализует
Boring scenarios = bored stakeholders
Ханссон, Давид Хейнемейер
---Back to COBOL
One of the design goals for COBOL was to make it possible for non-programmers such as supervisors, managers and users, to read and understand COBOL code. As a result, COBOL contains such English-like structural elements as verbs, clauses, sentences, sections and divisions. As it happens, this design goal was not realized.
----
TDD, but where to start? BDD and PO will help
The idea was to combine automated acceptance tests, functional requirements and software documentation into one format that would be understandable by non-technical people as well as testing tools.
------
Outside-In
Your features should drive your implementation, not reflect it.