As the Salesforce1 World Tour moves to London on May 22nd 2014, Force.com MVP's Chris Lewis and Simon Lawrence present the 15:00 Developer Stage Session on Testing Best Practices for the Salesforce.com Platform.
We have spent many years testing our applications and systems manually and with test automation tools. During this time many bug root causes have been classified and could be detected automatically with special static analysis tools. Most of them could be applied at the early stages of development even before code is integrated into the main development branch. In this talk, I will go through available solutions and demonstrate what kinds of issues may be detected automatically reducing the time and effort of traditional testing.
A 20-min session I did at vodQA 2011 event in Pune, India. It shares info about how our team used parallelization to achieve a reduction of CI build time (automated functional tests) from almost 1 hour to 5 mins.
Static Analysis For Security and DevOps Happiness w/ Justin CollinsSonatype
Justin Collins, Brakeman Security
It is not enough to have fast, automated code deployment. We also need some level of assurance the code being deployed is stable and secure. Static analysis tools that operate on source code can be an efficient and reliable method for ensuring properties about the code - such as meeting basic security requirements. Automated static analysis security tools help prevent vulnerabilities from ever reaching production, while avoiding slow, fallible manual code reviews.
This talk will cover the benefits of static analysis and strategies for integrating tools with the development workflow.
Diffy : Automatic Testing of Microservices @ TwitterPuneet Khanduri
Agile development has become a norm nowadays. Though it fosters faster product development cycles, it often results in a higher number of functional and/or performance regressions. In an SOA setting such as Twitter, such regressions may cascade from one service to one or more services. Detecting such regressions manually is not practically feasible in light of the hundreds of services and tens of thousands of metrics each service collects. To this end, we developed a novel tool called Diffy to automatically detect such regressions.
The key highlights of the talk are the following:
A simple yet effective approach for detecting functional regressions. False positives are minimized via statistical analysis of metrics obtained from a tuple <primary,> of nodes, where the same traffic is sent to each node.
An ensemble approach to performance regression. The need for an ensemble of classifiers stemmed from the multifaceted characteristics of the performance data. In order to minimize the impact of variability of hardware performance across nodes, we used two clusters – instead of a tuple of nodes – corresponding to the release candidate and production code. The approach is robust against the presence of anomalies in the performance data.
The proposed techniques work well with minute data. Diffy has been in use in production by multiple services at Twitter, and has been baked into the continuous build process so as to actively detect functional and/or performance regressions.
We shall take the audience through how the techniques are being used at Twitter with REAL data.
In this webinar, Postman Developer Advocate Arlemi Turpault will show you:
- How to get started with Postman
- Key tips and tricks
- Where to look for documentation and help
We have spent many years testing our applications and systems manually and with test automation tools. During this time many bug root causes have been classified and could be detected automatically with special static analysis tools. Most of them could be applied at the early stages of development even before code is integrated into the main development branch. In this talk, I will go through available solutions and demonstrate what kinds of issues may be detected automatically reducing the time and effort of traditional testing.
A 20-min session I did at vodQA 2011 event in Pune, India. It shares info about how our team used parallelization to achieve a reduction of CI build time (automated functional tests) from almost 1 hour to 5 mins.
Static Analysis For Security and DevOps Happiness w/ Justin CollinsSonatype
Justin Collins, Brakeman Security
It is not enough to have fast, automated code deployment. We also need some level of assurance the code being deployed is stable and secure. Static analysis tools that operate on source code can be an efficient and reliable method for ensuring properties about the code - such as meeting basic security requirements. Automated static analysis security tools help prevent vulnerabilities from ever reaching production, while avoiding slow, fallible manual code reviews.
This talk will cover the benefits of static analysis and strategies for integrating tools with the development workflow.
Diffy : Automatic Testing of Microservices @ TwitterPuneet Khanduri
Agile development has become a norm nowadays. Though it fosters faster product development cycles, it often results in a higher number of functional and/or performance regressions. In an SOA setting such as Twitter, such regressions may cascade from one service to one or more services. Detecting such regressions manually is not practically feasible in light of the hundreds of services and tens of thousands of metrics each service collects. To this end, we developed a novel tool called Diffy to automatically detect such regressions.
The key highlights of the talk are the following:
A simple yet effective approach for detecting functional regressions. False positives are minimized via statistical analysis of metrics obtained from a tuple <primary,> of nodes, where the same traffic is sent to each node.
An ensemble approach to performance regression. The need for an ensemble of classifiers stemmed from the multifaceted characteristics of the performance data. In order to minimize the impact of variability of hardware performance across nodes, we used two clusters – instead of a tuple of nodes – corresponding to the release candidate and production code. The approach is robust against the presence of anomalies in the performance data.
The proposed techniques work well with minute data. Diffy has been in use in production by multiple services at Twitter, and has been baked into the continuous build process so as to actively detect functional and/or performance regressions.
We shall take the audience through how the techniques are being used at Twitter with REAL data.
In this webinar, Postman Developer Advocate Arlemi Turpault will show you:
- How to get started with Postman
- Key tips and tricks
- Where to look for documentation and help
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...Postman
Presenters: Trent McCann, Engineering Manager, Quality, and Danny Dainton, Senior Quality Engineer
Description: Testing APIs is difficult, it's hard to know where to start. Join us as we take you through some of the different techniques and strategies, using Postman. We will walk you through the basics of Testing using Postman and help answer the questions of "Why do you test?" And "How do you write a test?". We will also talk about making these tests work for you. Pulling it all together and making these tests effective and efficient using Automation practices. Lastly, we will walk you through how to track, trend and some of the hidden benefits of Reporting in Postman, to get the most out of your tests.
Join us for a one-hour, introductory Postman learning session geared specifically for security-minded developers, penetration testers, security engineers, or anyone else who’s interested in API security. We’ll walk you through the most common OWASP API vulnerabilities and learn how to build more-secure APIs.
Testing is a vital part of software development, since it is about finding the software bugs. You can choose from automated and manual testing. Automated testing is good for large projects with many systems users, while manual testing is good for smaller projects or for companies with insufficient budget.
You can also run Continuous testing. The purpose of Continuous testing and continuous integration is to enable continuous delivery, the end goal of which is to accelerate the delivery of high quality software.
Automation is essential for Continuous Testing but Automated Testing is not the same as Continuous Testing.
Try Jenkins Test Automation with codeBeamer ALM. Jenkins is an open source continuous integration tool written in Java. Jenkins provides continuous integration services for software development.
PART 8 - Python Tutorial | User Input In Python With ExamplesShivam Mitra
Python Tutorial
Python tutorial for beginners
Learn Python Programming
Python3 Tutorial
Python programming tutorial
Python youtube tutorial
Python online tutorial
Best Python Tutorial on Youtube
Jobs for python programmers
stackoverflow survey
Best Python tutorial
Best Python course
Python full course
Python job interview
Python job for fresher
Python job salary in India
Speeding Up the Dinosaur: Continuous Testing in Continuous Delivery - Martijn...Codemotion
Customers understand how continuously delivering new features can help their business. But it is still uncertain how to make the journey towards continuous delivery in a safe way. In order to increase the release frequency, more regression testing is needed and test automation should be fully embedded in the delivery pipeline. We show how we built automated delivery pipelines that support the fast building, deployment and testing of the applications in a banking environment. This helped in increasing the release frequency from twice a year to multiple times a day.
Traditional application security cannot keep pace with pace of change in applicaiton development - that model is dead. Move beyond the 5 stages of grief and get your agile security on. This talk covers practices that helped the product security team at Rackspace keep up with the rate of change facing modern day application security teams.
TDD and the Terminator: An Introduction to Test-Driven DevelopmentVMware Tanzu
SpringOne 2021
Session Title: TDD and the Terminator: An Introduction to Test-Driven Development
Speaker: Layla Porter, Developer Advocate, .NET communities at VMware
If you’re responsible for creating diverse, scalable automated tests but don’t have the time, budget, or a skilled-enough team to create yet another custom test automation framework, then you need to know about Robot Framework!
In this webinar, Bryan Lamb (Founder, RobotFrameworkTutorial.com) and Chris Broesamle (Solutions Engineer, Sauce Labs) will reveal how you can use this powerful, free, open source, generic framework to create continuous automated regression tests for web, batch, API, or database testing. With the simplicity of Robot Framework, in conjunction with Sauce Labs, you can improve your test coverage and time to delivery of your applications.
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security AssuranceAbdessamad TEMMAR
DevOps and Continuous Delivery has changed how technology operates and how business is run, but security continues to struggle to catch-up with the velocity of change in this new world : it’s almost a cat-and-mouse game when it comes to spot security holes into code before delivering to production, and traditional manual security assessment just continue to be untenable as a way of working with modern agile teams.
The concept of DevSecOps can be the ultimate answer, but unfortunately most articles and vendor pitches about this subject are incredibly superficial, and it’s all about dumping existing/traditional security tools on developers, which adds more complexity and frustration without solving the real problem.
“Modern problems require modern solutions” : this talk explains the evolution of security tooling over the last years, and how they must change (or has changed) to match the macro trends and keep up with the shifting threat.
As an example, this talk demonstrates how modern “lightweight” code analysis techniques, when combined with secure-by-default frameworks/patterns, can be used to easily detect potential holes within a code base, and provide accurate/fast feedbacks to developers.
Learn about real-world experiences in taking and passing the Developer, Advanced Developer, and Administrator certifications. We'll include best practices for preparing for the exams and assignments, and how the certification process improves you as a developer.
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...Postman
Presenters: Trent McCann, Engineering Manager, Quality, and Danny Dainton, Senior Quality Engineer
Description: Testing APIs is difficult, it's hard to know where to start. Join us as we take you through some of the different techniques and strategies, using Postman. We will walk you through the basics of Testing using Postman and help answer the questions of "Why do you test?" And "How do you write a test?". We will also talk about making these tests work for you. Pulling it all together and making these tests effective and efficient using Automation practices. Lastly, we will walk you through how to track, trend and some of the hidden benefits of Reporting in Postman, to get the most out of your tests.
Join us for a one-hour, introductory Postman learning session geared specifically for security-minded developers, penetration testers, security engineers, or anyone else who’s interested in API security. We’ll walk you through the most common OWASP API vulnerabilities and learn how to build more-secure APIs.
Testing is a vital part of software development, since it is about finding the software bugs. You can choose from automated and manual testing. Automated testing is good for large projects with many systems users, while manual testing is good for smaller projects or for companies with insufficient budget.
You can also run Continuous testing. The purpose of Continuous testing and continuous integration is to enable continuous delivery, the end goal of which is to accelerate the delivery of high quality software.
Automation is essential for Continuous Testing but Automated Testing is not the same as Continuous Testing.
Try Jenkins Test Automation with codeBeamer ALM. Jenkins is an open source continuous integration tool written in Java. Jenkins provides continuous integration services for software development.
PART 8 - Python Tutorial | User Input In Python With ExamplesShivam Mitra
Python Tutorial
Python tutorial for beginners
Learn Python Programming
Python3 Tutorial
Python programming tutorial
Python youtube tutorial
Python online tutorial
Best Python Tutorial on Youtube
Jobs for python programmers
stackoverflow survey
Best Python tutorial
Best Python course
Python full course
Python job interview
Python job for fresher
Python job salary in India
Speeding Up the Dinosaur: Continuous Testing in Continuous Delivery - Martijn...Codemotion
Customers understand how continuously delivering new features can help their business. But it is still uncertain how to make the journey towards continuous delivery in a safe way. In order to increase the release frequency, more regression testing is needed and test automation should be fully embedded in the delivery pipeline. We show how we built automated delivery pipelines that support the fast building, deployment and testing of the applications in a banking environment. This helped in increasing the release frequency from twice a year to multiple times a day.
Traditional application security cannot keep pace with pace of change in applicaiton development - that model is dead. Move beyond the 5 stages of grief and get your agile security on. This talk covers practices that helped the product security team at Rackspace keep up with the rate of change facing modern day application security teams.
TDD and the Terminator: An Introduction to Test-Driven DevelopmentVMware Tanzu
SpringOne 2021
Session Title: TDD and the Terminator: An Introduction to Test-Driven Development
Speaker: Layla Porter, Developer Advocate, .NET communities at VMware
If you’re responsible for creating diverse, scalable automated tests but don’t have the time, budget, or a skilled-enough team to create yet another custom test automation framework, then you need to know about Robot Framework!
In this webinar, Bryan Lamb (Founder, RobotFrameworkTutorial.com) and Chris Broesamle (Solutions Engineer, Sauce Labs) will reveal how you can use this powerful, free, open source, generic framework to create continuous automated regression tests for web, batch, API, or database testing. With the simplicity of Robot Framework, in conjunction with Sauce Labs, you can improve your test coverage and time to delivery of your applications.
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security AssuranceAbdessamad TEMMAR
DevOps and Continuous Delivery has changed how technology operates and how business is run, but security continues to struggle to catch-up with the velocity of change in this new world : it’s almost a cat-and-mouse game when it comes to spot security holes into code before delivering to production, and traditional manual security assessment just continue to be untenable as a way of working with modern agile teams.
The concept of DevSecOps can be the ultimate answer, but unfortunately most articles and vendor pitches about this subject are incredibly superficial, and it’s all about dumping existing/traditional security tools on developers, which adds more complexity and frustration without solving the real problem.
“Modern problems require modern solutions” : this talk explains the evolution of security tooling over the last years, and how they must change (or has changed) to match the macro trends and keep up with the shifting threat.
As an example, this talk demonstrates how modern “lightweight” code analysis techniques, when combined with secure-by-default frameworks/patterns, can be used to easily detect potential holes within a code base, and provide accurate/fast feedbacks to developers.
Learn about real-world experiences in taking and passing the Developer, Advanced Developer, and Administrator certifications. We'll include best practices for preparing for the exams and assignments, and how the certification process improves you as a developer.
The Bristol Salesforce Developer User Group presentation by Simon Lawrence on his Spring'16 release highlights. Includes SetCreatedDate, Test Suites, Test Slayer and Global picklists.
Continuous Integration is a more modern approach to development. It delivers clear value around managing code changes and has been quickly and widely adopted by teams building custom applications. Learn the core principles of Continuous Integration and how they apply to running end-to-end regression tests for SAP.
Just when you thought DevOps was the new black, along comes SecDevOps. In this webinar, Andrew Storms, Sr. Director of DevOps at CloudPassage and Alan Shimel Co-Founder of DevOps.com will discuss the emerging hybrid role of DevOps and Security. Tune in to hear them cover the following topics and why DevOps should want to play a bigger part in security:
Go beyond the traditional using DevOps tools, practices, methods to create a force multiplier of SecDevOps
Orchestrate and Automate - Deputize everyone to incorporate security into their day to day responsibilities
Examples of security automation, case situations minimizing risk and driving flexibility for DevOps
See how SaaS provider CloudPassage integrates security into its own development and operations workflows
With Agile adoption many things have changed in quality assurance and tester role. Ourdays the whole team is responsible for product quality. But not so many people understand how such high level approaches work in practice, how developer interacts with tester, what stages each task passes on the way from requirements specification to customer acceptance, who is doing what at each stage.
I have met only few teams, where developer and tester work closely together on a daily basis. Some projects try to same money on developer's time, others try to have independent testing team without influence from developers side. Developers also don't understad how tester could help them in practice. But this pair is able to significantly improve product quality and avoid many common issues.
In this talk we will cover motivation behind pair work of develoeper and tester, concrete practices and approaches at different stages, and advantages that both sides could achieve from such work style.
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austinMatt Tesauro
An overview of how to change security from a reactive part of the org to a collaborative part of the agile development process. Using concepts from agile and DevOps, how can applicaton security get as nimble as product development has become.
Five Enterprise Development Best Practices That EVERY Salesforce Org Can UseSalesforce Developers
In any environment, non-existent or ad-hoc standards greatly contribute to technical debt. Join us as we explain why Salesforce's multi-tenant architecture and its platform and governor limits make managing technical debt in the App Cloud so critical. You'll discover five best-practices that can make an immediate impact on the maintainability and scalability of your org.
Awesome Test Automation Made Simple w/ Dave HaeffnerSauce Labs
Learn how to build simple and powerful automated tests that will work on the browsers you care about, cover visual testing and functional regressions, and be configured to run automatically through the use of a continuous integration (CI) server.
Many developers are on board with writing unit tests for their code. However a lot of developers don’t test as much as they should because deciding how and what to unit test is harder than deciding to test. Laravel 5 is built with great support for unit testing with PHPUnit but testing applications built using the Model View Controller pattern can prove challenging. This talk will cover ways to design your code to make testing easier and also help you decide what should be unit tested and what should be left to other testing methods.
Join Sauce Labs’ Automation Specialist and Selenium project contributor, Leo Laskin, as he discusses the value of open source in testing. He will also share his personal experience in moving from manual to automated testing, the lessons he has learned, and the steps he took to build a powerful, international test coding army.
View the recording at https://saucelabs.com/resources/webinars/automation-best-practices
Similar to Testing From The Trenches - Salesforce1 World Tour 2014 (20)
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
2. Christopher Alun Lewis
Advanced Developer
Force.com MVP
A Developers Perspective
Simon Lawrence
Certified Developer
Force.com MVP
http://www.slideshare.net/SimonLawrence4
3. Why Do We Test?
• Testing is required by Salesforce.com to release code to production
environments
• Regression Protection Against Future Changes
• Salesforce make 3 Platform Releases a Year
• Residing in a Multi-Tenancy Environment
• To Rid Your Systems of Bugs
5. #1 Always Include Assertions
• These are what we call “Skeleton Tests”
• Other than avoiding exceptions, provide almost no use
• Missing a great opportunity to provide feedback on future
failure scenarios
9. #2 Remember your Batch Scenarios
• Your code may need to process large collections objects,
ensure that your tests cover this
• A serious consideration for testing your system’s ability to
operate within the governor limits
13. #3 Test Roles with RunAs
• Test execution defaults to running as System Admin
• Using RunAs allows you to test your sharing rules and
record access rights
16. #4 Test Every Branch of Logic
• Making sure test cases traverse every possible logical
route through your code
• Crucial pieces of logic can be hidden in IF/ELSE blocks
21. #5 The 75% Squad
• Those developers who just strive to get to the 75% mark
• Normally guilty of most of the other crimes
• There’s no future for their code and their work
25. The Wrap Up
• Always have test Assertions
• Batch test your Triggers
• RunAs different Users in your tests
• Cover every branch of your logical flow
• Don’t just aim for 75%
A really simple calculator class with one method that by its definition one would assume provides the sum of two numbers
Takes two parameters, it’s called “Sum”
However, bit of a developer problem, it always returns 42
Here is our test method to see if our Sum function works
We pass two pairs of numbers i
This test passes, and we have 100% code coverage
Here is our test method to see if our Sum function works
We pass two pairs of numbers i
This test passes, and we have 100% code coverage
No control over how many records Salesforce might send to a trigger
Helps detect limit exceptions, but also race conditions and deadlocks
Inefficient code can cause transactions to roll back repeatedly blocking functionality
The primary example is triggers, but we also need to mention there can be controller code that has to deal with this
Here is our example, a really simple trigger that when a contact is inserted if it’s parent account doesn’t have a phone number, the contact number is copied into that record and saved
Now this code is probably going to get you into trouble in a production environment…
No concept of batchification … who can spot what governor limit you are at risk of breaking here (SOQL first – 100, and then DML -150)
Here is our test (explain code: create data, startTest stopTest, reload accounts, assert value copy)
This test will run our trigger and it will pass, and even give you 100% coverage
That is no good though, because in live, our trigger will very likely fail due to limit exceptions
We have introduced a loop which will test our trigger in a scenario of 200 contacts being added
This will now throw the limit exception and force us to correct our code before deployment
Complicated custom controllers
We spend a lot of time on role hierarchies and record sharing, so why do we so often neglect to test it
Here’s a pretty standard, and very simple Sales Team set up
Now imagine you had a strict requirement that the members of the Sales Team could NOT see each others opportunities – for competitive purposes
This is easy enough to implement and manually test, but how can you be sure such sharing rules are consistently implemented, and never accidently invalidated or overridden?
You’d want a test case for it – important thing to remember to test, but so rarely addressed
Load profile
Load role
Create two users
Another small snippet of code, a simple function that manages a division scenario
This time a significant mathematical flaw at line 10 in which we divide by zero
This accompanying test class has two methods to test this class, sending a positive and a negative value to our method.
It passes just fine, and even achieves 85% test coverage, so we might think we are all good to go
But lets see what the result of running this test is on the class
The handy code coverage indicator tells us exactly what lines are not covered, and it’s line 10..
Whilst we might think we are good to release here, we need to examine the uncovered lines, consider what test conditions will cover it, and test it accordingly
Otherwise we are going to end up having problems down the line
The handy code coverage indicator tells us exactly what lines are not covered, and it’s line 10..
Whilst we might think we are good to release here, we need to examine the uncovered lines, consider what test conditions will cover it, and test it accordingly
Otherwise we are going to end up having problems down the line
Our final criminal act is something we call the 75% Squad
Not focussed on testing, just on getting to 75%
Here are four simple mathematical methods
Provide 9 lines of testable code
Therefore we need to cover 7 of them to be hit the “release point” of 75%
Here is our simple test case thrown together (No asserts)
It Tests a few methods and it passes no problem
Lets look at the results
So the coverage is 77% (above 75%) - we can release
Using the handy code coverage indicator in the Developer Console again
See some code that is not tested, but will be released with the rest of it
The 75% mark is not Salesforce just saying you can skip the last 25% of your tests. It’s to allow realistic coverage targets. You’re not aiming for 75%, your aiming for complete test scenario coverage – and that will *get* you past 75%.
There is NO reason not to test this method – unless you are blinded by that 75%