We all know that running security tests on a CI can gives us a lot of value. And we all know already a few good security tools that we are running or planning to run continuously to ensure our app stays secure. But integrating those tools into the CI is not a simple task. Each one of those tools has it's own API and does not always support all the features we want. For example, we might want to report the finding of each tools as TeamCity tests, or maybe we are using Jira and want to open a new issue for each finding. And what about filtering false positives? Any automated tool will produce false positive findings, but how can we filter them? In this talk I'll demo OWASP Glue - a tool that aims to ease the integration of various security tools into the CI/CD pipeline.
The talk was presented on DevSecOps meetup
The Party Keynote from GOTO Berlin 2014, about how to stay ahead of the technology curve when you're bombarded with terms like NoSQL, HTML5, Lambdas and so forth.
More details here: http://trishagee.github.io/presentation/staying_ahead_of_the_curve/
Webinar at AgileTD Mondays: Mind maps to support exploratory testing: a team ...Claudia Badell
This webinar is about how mind maps are used to support exploratory testing in a cross-functional team. Claudia will share how mind maps help the team to have a common understanding of what to test, and how mind maps are designed by the team in a way that they can easily be read and understood regardless who created them. She will also present how mind maps are re-used through the different releases. At the end of the webinar, Claudia will share what they have learned as a team when applying this testing strategy.
This story is set during the process of building a multi-platform UI prototyping tool mainly for interaction designers. The team, fully dedicated to building the product, consists of highly qualified and experienced professionals: developers (7), interaction designers (1), visual designers (1), technical writers (1), and testers (1).
Duration: 20 minutes
Meetup TestingUy 2017: Automating the Viewer: a cross-functional team approachClaudia Badell
Meetup TestingUy | Montevideo, Uruguay | 1st August 2017
Abstract
This presentation is about a testing strategy to automate the Viewer, one of the core features of the product under test, a multi-platform UI prototyping tool (mainly) for Interaction Designers, in the context of a cross-functional team fully dedicated to developing a single product. Claudia will also share what they've learnt as a team from the testing perspective and how the tester role in the team has changed during this journey.
Duration: 45 minutes
Two years ago, we introduced Spock tests into the MongoDB Java driver. The decision could be considered controversial – the project used no external dependencies in production code, and was 100% Java. But there was a back door… with Gradle as the build system, there was a tiny excuse to use Groovy in the project, provided it wasn’t in the production code. That’s all the excuse we needed to start using Spock for unit and, later, integration tests.
Groovy has a lot of advantages as a testing language, and with Spock’s mocking, stubbing, and data driven testing features, it might seem as if this is the perfect way to write tests. In this session, Trisha will cover some of the features that make Spock (and Groovy) compelling for writing tests. But in the interests of fairness, she’ll also discuss some of the downsides, and the times when Java was chosen instead.
We all know that running security tests on a CI can gives us a lot of value. And we all know already a few good security tools that we are running or planning to run continuously to ensure our app stays secure. But integrating those tools into the CI is not a simple task. Each one of those tools has it's own API and does not always support all the features we want. For example, we might want to report the finding of each tools as TeamCity tests, or maybe we are using Jira and want to open a new issue for each finding. And what about filtering false positives? Any automated tool will produce false positive findings, but how can we filter them? In this talk I'll demo OWASP Glue - a tool that aims to ease the integration of various security tools into the CI/CD pipeline.
The talk was presented on DevSecOps meetup
The Party Keynote from GOTO Berlin 2014, about how to stay ahead of the technology curve when you're bombarded with terms like NoSQL, HTML5, Lambdas and so forth.
More details here: http://trishagee.github.io/presentation/staying_ahead_of_the_curve/
Webinar at AgileTD Mondays: Mind maps to support exploratory testing: a team ...Claudia Badell
This webinar is about how mind maps are used to support exploratory testing in a cross-functional team. Claudia will share how mind maps help the team to have a common understanding of what to test, and how mind maps are designed by the team in a way that they can easily be read and understood regardless who created them. She will also present how mind maps are re-used through the different releases. At the end of the webinar, Claudia will share what they have learned as a team when applying this testing strategy.
This story is set during the process of building a multi-platform UI prototyping tool mainly for interaction designers. The team, fully dedicated to building the product, consists of highly qualified and experienced professionals: developers (7), interaction designers (1), visual designers (1), technical writers (1), and testers (1).
Duration: 20 minutes
Meetup TestingUy 2017: Automating the Viewer: a cross-functional team approachClaudia Badell
Meetup TestingUy | Montevideo, Uruguay | 1st August 2017
Abstract
This presentation is about a testing strategy to automate the Viewer, one of the core features of the product under test, a multi-platform UI prototyping tool (mainly) for Interaction Designers, in the context of a cross-functional team fully dedicated to developing a single product. Claudia will also share what they've learnt as a team from the testing perspective and how the tester role in the team has changed during this journey.
Duration: 45 minutes
Two years ago, we introduced Spock tests into the MongoDB Java driver. The decision could be considered controversial – the project used no external dependencies in production code, and was 100% Java. But there was a back door… with Gradle as the build system, there was a tiny excuse to use Groovy in the project, provided it wasn’t in the production code. That’s all the excuse we needed to start using Spock for unit and, later, integration tests.
Groovy has a lot of advantages as a testing language, and with Spock’s mocking, stubbing, and data driven testing features, it might seem as if this is the perfect way to write tests. In this session, Trisha will cover some of the features that make Spock (and Groovy) compelling for writing tests. But in the interests of fairness, she’ll also discuss some of the downsides, and the times when Java was chosen instead.
Innovative enterprise consultant offering over eighteen year’s experience in enterprise design, implementation, support, security, and infrastructure management. Team-oriented with the ability to develop, implement and support a range of IT solutions and network systems, backup and disaster recovery, network routers and firewalls. I work well with a team or independently. I also have an adaptive personality with a talent for learning and implementing new technologies.
Innovative enterprise consultant offering over eighteen year’s experience in enterprise design, implementation, support, security, and infrastructure management. Team-oriented with the ability to develop, implement and support a range of IT solutions and network systems, backup and disaster recovery, network routers and firewalls. I work well with a team or independently. I also have an adaptive personality with a talent for learning and implementing new technologies.
I am submitting my resume for the position of QA Tester. As a skilled and highly educated professional with 5+ years of experience testing Web-based applications, I am confident of my ability to make a significant contribution to your organization.
Around 5 plus years of proven experience in software industry with a focus on Automation/Manual testing, Performance testing, DevOps and Big Data Hadoop. An Experienced Automation and DevOps engineer with excellent knowledge of automation.
Experience in all aspects of infrastructure, application, CI/CD, Containerization. Strong experience in latest DevOps tools like Docker, Kubernetes, Jenkins, Splunk.
2. • Wrote over 300 test applications spread across Nexaweb's entire technology stack.
• All test apps used various amounts of the following technologies: Java, HTML, CSS,
Javascript, XML, JSP, Tomcat 5.5, BEA Weblogic server, REST/SOAP web services.
• Web 2.0 Apps: RSS Reader, Weather Application, Google maps and Flickr mashup
• Developed and maintained a suite of Dojo.E (Dojo Toolkit Extensions) applications in
Subversion to test the entire Dojo.E technology stack. Built UI to organize and run all tests,
and pretty print source code of tests.
• Wrote applications to test the Apache Incubator project XAP.
• Participated, with a QA role, in the entire Development Cycle of three major software
products. Worked on a daily basis with senior software engineers to provide early and frequent
feedback on the functionality of newly written code. Wrote public facing product release notes.
• Directly reported to V.P. of Engineering on the state of product quality and progress of QA
projects.
• Identified and delegated tasks and projects to QA members, and gave daily feedback.
• Interviewed and hired new QA Engineers.
Personal Projects
• Amazon storefront. IN PROGRESS.
• Populate UI with data from Amazon's web services. Merchandise purchasing functionality.
• Client side: Dojo Toolkit, Javascript, HTML, and CSS. Server side: PHP, LAMPP.
• Photo gallery. IN PROGRESS.
• Client side: Dojo Toolkit, Javascript, HTML, and CSS. Server side: PHP, LAMPP.
Activities
• Dojo Developers Days, Ajax Experience, Boston, MA – October 2008
• New England Java Users Group, Burlington, MA – September 2008 Present
• Research Experience for Undergraduates Participant, Columbia University, NY, NY – May 2004 –
August 2004
Physics Publication
• “Performance of a Large Area Avalanche Photodiode in a Liquid Xenon Ionization and
Scintillation Chamber”, K. Ni, E. Aprile, D. Day, K.L. Giboni, J.A.M. Lopes, P. Majewski, M.
Yamashita, Nucl. Instr. And Meth. A, 551 (2005) 356.