Presented at STPCon 2016. With the extensive amount of testing performed nightly on large software projects, test and verification teams often experience lengthy wait times for the availability of test results of the latest build. As we strive to identify and resolve issues as fast as possible, alternative methods of test execution have to be found. Learn how to use Jenkins to launch tests in parallel across a number of Virtual Machines, monitor execution health, and process results. Learn about various Jenkins plugins and how they contributed to the solution. Learn how to trigger downstream jobs, even if they are on separate Jenkins instances.
The ability of a system to respond gracefully to an unexpected hardware or software failure.
There are many levels of fault tolerance, the lowest being the ability to continue operation in the event of a power failure. Many fault-tolerant computer systems mirror all operations -- that is, every operation is performed on two or more duplicate systems, so if one fails the other can take over.
In most cases it could be achieved by redundancy in application design and set of patterns and approaches to software design.
The SonarQube Platform is made of 4 components:
- Server, Database, Plugins and Scanner
One or more SonarQube Scanners running on your Build / Continuous Integration Servers to analyze projects
How To Improve Quality With Static Code Analysis Perforce
Programmers aren’t perfect. Testing and manual code reviews can’t find every problem in code. So, bugs persist. And it’s only going to get worse as your systems grow larger and more complex.
How can you find critical problems in your code? And still release a quality product on time?
Static code analysis might be the answer you’re looking for.
Find out why:
-Bug-free software is hard to achieve.
-Automated tools are the way to go.
-Safe, secure, and reliable software can be achieved at lower costs.
Plus, you’ll see examples of bugs easily missed by manual code reviews. And you’ll learn how static code analysis and manual code reviews work together.
Rapid software testing and conformance with static code analysisRogue Wave Software
With growing connectivity between complex automotive software components, development teams are looking for new ways to verify code security and validate against standards. This explains an exciting new approach to software testing that combines the breadth and depth of static analysis with modern test automation to provide rapid feedback to developers on incremental code changes – continuous static code analysis. By connecting deep analysis to continuous integration workflows, testing is pulled forward earlier to eliminate defects and reduce rework costs.
Walk away with knowledge of real defects, security vulnerabilities, and automotive standards (such as MISRA and ISO 26262) plus key steps to start immediate deployment of continuous static code analysis for testing. Presented at GENIVI All Member Meeting & Open Community Days.
Software quality is critical to consistently and continually delivering new features to our users. This talk covers the importance of software quality and how to deliver it via unit testing, Test Driven Development and clean code in general.
This is the deck from a talk I gave at Desert Code Camp 2013.
Presented at STPCon 2016. With the extensive amount of testing performed nightly on large software projects, test and verification teams often experience lengthy wait times for the availability of test results of the latest build. As we strive to identify and resolve issues as fast as possible, alternative methods of test execution have to be found. Learn how to use Jenkins to launch tests in parallel across a number of Virtual Machines, monitor execution health, and process results. Learn about various Jenkins plugins and how they contributed to the solution. Learn how to trigger downstream jobs, even if they are on separate Jenkins instances.
The ability of a system to respond gracefully to an unexpected hardware or software failure.
There are many levels of fault tolerance, the lowest being the ability to continue operation in the event of a power failure. Many fault-tolerant computer systems mirror all operations -- that is, every operation is performed on two or more duplicate systems, so if one fails the other can take over.
In most cases it could be achieved by redundancy in application design and set of patterns and approaches to software design.
The SonarQube Platform is made of 4 components:
- Server, Database, Plugins and Scanner
One or more SonarQube Scanners running on your Build / Continuous Integration Servers to analyze projects
How To Improve Quality With Static Code Analysis Perforce
Programmers aren’t perfect. Testing and manual code reviews can’t find every problem in code. So, bugs persist. And it’s only going to get worse as your systems grow larger and more complex.
How can you find critical problems in your code? And still release a quality product on time?
Static code analysis might be the answer you’re looking for.
Find out why:
-Bug-free software is hard to achieve.
-Automated tools are the way to go.
-Safe, secure, and reliable software can be achieved at lower costs.
Plus, you’ll see examples of bugs easily missed by manual code reviews. And you’ll learn how static code analysis and manual code reviews work together.
Rapid software testing and conformance with static code analysisRogue Wave Software
With growing connectivity between complex automotive software components, development teams are looking for new ways to verify code security and validate against standards. This explains an exciting new approach to software testing that combines the breadth and depth of static analysis with modern test automation to provide rapid feedback to developers on incremental code changes – continuous static code analysis. By connecting deep analysis to continuous integration workflows, testing is pulled forward earlier to eliminate defects and reduce rework costs.
Walk away with knowledge of real defects, security vulnerabilities, and automotive standards (such as MISRA and ISO 26262) plus key steps to start immediate deployment of continuous static code analysis for testing. Presented at GENIVI All Member Meeting & Open Community Days.
Software quality is critical to consistently and continually delivering new features to our users. This talk covers the importance of software quality and how to deliver it via unit testing, Test Driven Development and clean code in general.
This is the deck from a talk I gave at Desert Code Camp 2013.
The microservice architectural style is an approach to developing an application as a suite of small services that each can be independently developed and deployed. In this talk, we will cover the pros and cons of microservices, including contrasting them with the more traditional 'monolithic' application. We will also dive into the most common mechanism used to expose the functionality of a microservice. REST is an architecture style for building scalable web services. You've at least heard of it, you may have contributed to or even created 'RESTful' applications, but are you familiar with the basic constraints that make up REST? We'll cover the theory behind REST before diving into pragmatic implementation styles and better practices.
In this experiential webinar, our guest Mohamed Shaaban will share with you his wide experience in Unit Testing in addition to practical techniques for unit testing your code using C#, NUnit, and Moq.
Agile Engineering Best Practices by Richard ChengExcella
By Richard Cheng, Certified Scrum Trainer and Training Business Unit Lead, Excella Consulting
21st Century IT development requires building quality into our development practices yet many software teams fail to implement technical practices that are necessary for long term success. Practices like automated builds, automated tests, automated deployments, continuous integration, and continuous delivery are now considered essential for the success of any software development project. Without these practices, the quality of software goes downhill and teams can no longer sustain their initial high levels of productivity.
However, understanding and implementing the practices can seem daunting. This session presents an easy to understand roadmap for implementing engineering best practices for non-technical audiences.
Though this topic is about engineering best practices, attendees do not have to be technical to get value from this session. The session gives a non-technical look at a technical concept and is great for any person in the organization managing, working with, or working on IT teams/programs.
The Art of Testing Less without Sacrificing Quality @ ICSE 2015Kim Herzig
Testing is a key element of software development processes for the management and assessment of product quality. In most development environments, the software engineers are responsible for ensuring the functional correctness of code. However, for large complex software products, there is an additional need to check that changes do not negatively impact other parts of the software and they comply with system constraints such as backward compatibility, performance, security etc. Ensuring these system constraints may require complex verification infrastructure and test procedures. Although such tests are time consuming and expensive and rarely find defects they act as an insurance process to ensure the software is compliant. However, long lasting tests increasingly conflict with strategic aims to shorten release cycles. To decrease production costs and to improve development agility, we created a generic test selection strategy called THEO that accelerates test processes without sacrificing product quality. THEO is based on a cost model, which dynamically skips tests when the expected cost of running the test exceeds the expected cost of removing it. We replayed past development periods of three major Microsoft products resulting in a reduction of 50% of test executions, saving millions of dollars per year, while maintaining product quality.
A presentation on SonarQube and my personal experience using it to learn about a project - presented at the Software Craftsmanship unconference - Socrates UK.
Bypassing Secure Boot using Fault InjectionRiscure
The Fault Injection attack surface of Secure Boot implementations is determined by the specifics of their design and implementation. Using a generic Secure Boot design we detail multiple vulnerabilities (~10) using examples in source code, disassembly and hardware. We will determine what the impact is of the target's design on its Fault Injection attack surface: from high-level architecture to low-level implementation details. Research originally presented in November 2016 at BlackHat Europe.
This session will give an overview of Static Code Analysis, its impact on the SDLC, its benefits and problems, the various automated tools used, and a demonstration of the code analysis of a Javascript web application using Sonarqube.
Static Analysis helps developers prevent and eliminate defects—using thousands of rules tuned to find code patterns that lead to reliability, performance, and security problems. Over 15 years of research and development have gone into fine-tuning Parasoft's rule set.
For more information about Static Analysis please click on the link below.
http://www.parasoft.com/jsp/capabilities/static_analysis.jsp?itemId=547
We believe that software development is most effective when testing is ubiquitous. By ubiquitous we mean that: (1) testing is everyone's responsibility; (2) testing activities happen continuously; and (3) testing happens in all software development cycles: product, release, iteration, engineering task, and development episode.
Watch on InfoQ: http://www.infoq.com/presentations/Ubiquitous-Testing
SonarSource provides open source projects and commercial products the means to inspect the code for Reliability, Security, and Maintainability.
We will be reviewing SonarQube and its benefits to organizations and various roles on a development team.
Presented at Embedded Systems Conference 2016 by Richard Leach, Brooks Kushman P.C. and Rod Cope, Rogue Wave Software. This session provides both legal and practical considerations in developing embedded systems using open source software (OSS). We discusss open source development tools, how to integrate OSS into embedded systems and different OSS licenses, and provide a road map to compliance. We will also explore how recent court decisions like Oracle v. Google and XimpleWare v. Versata and Ameriprise have altered the landscape by which developers navigate.
Everett Maus, Microsoft
As shipping cycles accelerate, the only way that security teams will be able to continue to enforce a consistent security bar on shipping code and prevent obvious (or less obvious) regressions is writing tools that can detect security issues--in short, security tools are key part of DevSecOps. However, there are plenty of common pitfalls that hamper security tool rollouts, preventing them from being successful.
In this talk, we'll cover types of tools you can build to help developers ship secure code, and then dig into best practices (and worst practices) for shipping tools to large developer organizations--referencing industry papers, academic studies, and experiences from various successful (and less successful) Microsoft tooling efforts.
This talk is aimed at security experts curious about tool development or considering developing their first tools. Existing security tool developers may find some parts of it interesting, but much of it rudimentary--we won't be covering new techniques for static analysis or revolutionary new fuzzing strategies.
This is the presentation we gave in 2009 during Agile Testing Days in Berlin. Even though it is already more than 2 years old, many things we said during the talk are very valid today. Some things did not change at all.
Quality of software code for a given product shipped effectively translates not only to its functional quality but as well to its non functional aspects say security. Many of the issues in code can be addressed much before they reach SCM.
The microservice architectural style is an approach to developing an application as a suite of small services that each can be independently developed and deployed. In this talk, we will cover the pros and cons of microservices, including contrasting them with the more traditional 'monolithic' application. We will also dive into the most common mechanism used to expose the functionality of a microservice. REST is an architecture style for building scalable web services. You've at least heard of it, you may have contributed to or even created 'RESTful' applications, but are you familiar with the basic constraints that make up REST? We'll cover the theory behind REST before diving into pragmatic implementation styles and better practices.
In this experiential webinar, our guest Mohamed Shaaban will share with you his wide experience in Unit Testing in addition to practical techniques for unit testing your code using C#, NUnit, and Moq.
Agile Engineering Best Practices by Richard ChengExcella
By Richard Cheng, Certified Scrum Trainer and Training Business Unit Lead, Excella Consulting
21st Century IT development requires building quality into our development practices yet many software teams fail to implement technical practices that are necessary for long term success. Practices like automated builds, automated tests, automated deployments, continuous integration, and continuous delivery are now considered essential for the success of any software development project. Without these practices, the quality of software goes downhill and teams can no longer sustain their initial high levels of productivity.
However, understanding and implementing the practices can seem daunting. This session presents an easy to understand roadmap for implementing engineering best practices for non-technical audiences.
Though this topic is about engineering best practices, attendees do not have to be technical to get value from this session. The session gives a non-technical look at a technical concept and is great for any person in the organization managing, working with, or working on IT teams/programs.
The Art of Testing Less without Sacrificing Quality @ ICSE 2015Kim Herzig
Testing is a key element of software development processes for the management and assessment of product quality. In most development environments, the software engineers are responsible for ensuring the functional correctness of code. However, for large complex software products, there is an additional need to check that changes do not negatively impact other parts of the software and they comply with system constraints such as backward compatibility, performance, security etc. Ensuring these system constraints may require complex verification infrastructure and test procedures. Although such tests are time consuming and expensive and rarely find defects they act as an insurance process to ensure the software is compliant. However, long lasting tests increasingly conflict with strategic aims to shorten release cycles. To decrease production costs and to improve development agility, we created a generic test selection strategy called THEO that accelerates test processes without sacrificing product quality. THEO is based on a cost model, which dynamically skips tests when the expected cost of running the test exceeds the expected cost of removing it. We replayed past development periods of three major Microsoft products resulting in a reduction of 50% of test executions, saving millions of dollars per year, while maintaining product quality.
A presentation on SonarQube and my personal experience using it to learn about a project - presented at the Software Craftsmanship unconference - Socrates UK.
Bypassing Secure Boot using Fault InjectionRiscure
The Fault Injection attack surface of Secure Boot implementations is determined by the specifics of their design and implementation. Using a generic Secure Boot design we detail multiple vulnerabilities (~10) using examples in source code, disassembly and hardware. We will determine what the impact is of the target's design on its Fault Injection attack surface: from high-level architecture to low-level implementation details. Research originally presented in November 2016 at BlackHat Europe.
This session will give an overview of Static Code Analysis, its impact on the SDLC, its benefits and problems, the various automated tools used, and a demonstration of the code analysis of a Javascript web application using Sonarqube.
Static Analysis helps developers prevent and eliminate defects—using thousands of rules tuned to find code patterns that lead to reliability, performance, and security problems. Over 15 years of research and development have gone into fine-tuning Parasoft's rule set.
For more information about Static Analysis please click on the link below.
http://www.parasoft.com/jsp/capabilities/static_analysis.jsp?itemId=547
We believe that software development is most effective when testing is ubiquitous. By ubiquitous we mean that: (1) testing is everyone's responsibility; (2) testing activities happen continuously; and (3) testing happens in all software development cycles: product, release, iteration, engineering task, and development episode.
Watch on InfoQ: http://www.infoq.com/presentations/Ubiquitous-Testing
SonarSource provides open source projects and commercial products the means to inspect the code for Reliability, Security, and Maintainability.
We will be reviewing SonarQube and its benefits to organizations and various roles on a development team.
Presented at Embedded Systems Conference 2016 by Richard Leach, Brooks Kushman P.C. and Rod Cope, Rogue Wave Software. This session provides both legal and practical considerations in developing embedded systems using open source software (OSS). We discusss open source development tools, how to integrate OSS into embedded systems and different OSS licenses, and provide a road map to compliance. We will also explore how recent court decisions like Oracle v. Google and XimpleWare v. Versata and Ameriprise have altered the landscape by which developers navigate.
Everett Maus, Microsoft
As shipping cycles accelerate, the only way that security teams will be able to continue to enforce a consistent security bar on shipping code and prevent obvious (or less obvious) regressions is writing tools that can detect security issues--in short, security tools are key part of DevSecOps. However, there are plenty of common pitfalls that hamper security tool rollouts, preventing them from being successful.
In this talk, we'll cover types of tools you can build to help developers ship secure code, and then dig into best practices (and worst practices) for shipping tools to large developer organizations--referencing industry papers, academic studies, and experiences from various successful (and less successful) Microsoft tooling efforts.
This talk is aimed at security experts curious about tool development or considering developing their first tools. Existing security tool developers may find some parts of it interesting, but much of it rudimentary--we won't be covering new techniques for static analysis or revolutionary new fuzzing strategies.
This is the presentation we gave in 2009 during Agile Testing Days in Berlin. Even though it is already more than 2 years old, many things we said during the talk are very valid today. Some things did not change at all.
Quality of software code for a given product shipped effectively translates not only to its functional quality but as well to its non functional aspects say security. Many of the issues in code can be addressed much before they reach SCM.
Testing As A Bottleneck - How Testing Slows Down Modern Development Processes...TEST Huddle
We often claim the purpose of testing is to verify that software meets a desired level of quality. Frequently, the term “testing” is associated with checking for functional correctness. However, in large, complex software systems with an established user-base, it is also important to verify system constraints such as backward compatibility, reliability, security, accessibility, usability. Kim Herzig from Microsoft explores these issues with the latest webinar on test Huddle.
TLC2018 Thomas Haver: The Automation Firehose - Be Strategic and TacticalAnna Royzman
Thomas Haver teaches how to automate both strategically and tactically to maximize the benefits of automation - at Test Leadership Congress 2018.
http://testleadershipcongress-ny.com
In this presentation we explain how we use Watir, Ruby, Cumcumber and other supporting technologies to allow end to end testing in MyHeritage.
These are the links to resource mentioned in the presentation:
Ruby - https://www.ruby-lang.org/en/
Watir - http://watirwebdriver.com/
page-object - https://github.com/cheezy/page-object
Selenium Grid - https://github.com/SeleniumHQ/selenium/wiki/Grid2
Selenium-Grid-Extras - https://github.com/groupon/Selenium-Grid-Extras
Jenkins - https://jenkins-ci.org/
We also explain how QA automation engineers are an integral part of the Continuous Deployment process at MyHeritage
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. Typical Interview Question
• Do you know programming
• Answer: Yes, a little
• Which language do you know the best
• Answer: I know C a little
• How many lines of code have you written
• Answer : Umm.., about 300 lines
• Do you know Java or .NET,
• Answer : No
• Do you know Linux
• Answer : No
• Do you know networking
• Answer : I installed Windows XP on my PC….
• Ok, you can work for us as testing engineer
3. Tester’s Dilemma
• Testing is not cool
• Tester is second class when compared with
developer
• Developer using me as servant
• I don’t see I can make difference in our company
• Testers are keep coming, they are young and
better than me.
• 我在吃青春饭, I don’t know where my career
path is
• OK , I need to be a developer and write code!
4. Top Management's Dilemma
也知道, 在招到好的 工程 是有多你 现 测试 师 难
- 北京研究所副所华为 长 2008
It took Juniper 6 month plus to find a new QA
director
5. Career Story of Ting
• Graduate at 1990, only job found is the tester at Sun
• Join Cisco as tester in 1993, then test automation
engineer (design Cisco’s automation framework)
• Cisco grows from 2000 to 40000 from 1993 to 1998
• Join Netscreen as the 1st testing engineer at 1998
• NetScreen went to Nasdaq on 2001
• Grow with NetScreen as testing lead, testing manager,
testing senior manager and testing director
• Found Sigma at 2004, served as CEO as today
7. What is a testing expert?
• Ability to find critical bugs in given time frame
(hot gun)
• Ability to build a comprehensive testing
strategy in given time frame (expert)
• Ability to manage the release process (top
expert)
8. What is a testing expert Looks like?
• Play the video of James Bach
10. Bugs in the News
• A Cisco Secure Access Control Server (ACS) that is
configured to use Extensible Authentication
Protocol-Transport Layer Security (EAP-TLS) to
authenticate users to the network will allow
access to any user that uses a cryptographically
correct certificate which can be expired, or come
from an untrusted Certificate Authority (CA) and
still be cryptographically correct.
• CSCse58195. The WLC contains a bug when
processing WLAN ACLs that causes the
WLANvACL configuration to be saved with an
invalid checksum. When the configuration is
subsequently reloaded at boot time, the
checksum fails and the WLAN ACLs are not
installed.
11. Bugs in the News
• CSCdv24925 It is possible to read stored
configuration file from the Storage Router
without any authorization.
• CSCdu45417 It is possible to halt the Storage
Router by sending a fragmented packet over
the Gigabit interface.
• CSCdv24925 An unauthorized person may
read the configuration of the Storage Router.
That may lead to unauthorized access of a
storage space.
12. Bugs in the News
• Versions of the Cisco ACE 4710 Application
Control Engine appliance prior to software
version A1(8a) use default administrator, web
management, and device management
account credentials. The appliance and
module do not prompt users to modify system
account passwords during the initial
configuration
process.
• Crafted SSH Packet Vulnerability
• Crafted SNMPv2c Packet Vulnerability
13. 2 Factors of a hot gun
• Technical Expertise
• Thinking methodology
14. Hot Gun’s Bug Percentage
P4
P2
P1
P3
Cosmetic
Functionality
Major Functionality
Critical Functionality, Crash, Hang
10%
30%
40%
20%
19. Thinking Methodology
Negative Stress Boundary Features
Interaction
Security
Feature
Point 1
Feature
Point 2
Feature
Point 3
Feature
Point 4
Feature
Point 5
21. Develop Testing Strategy
• What is your goal first?
– Find more bugs?
– Find more critical bugs?
– Ensure product or feature has no critical defects
– Ensure customers will be ok after the release?
• The strategy
– Bug oriented?
– Coverage oriented?
– Customer oriented?
22. What is Coverage Strategy?
• How to thoroughly test OSPF Hello protocol?
– Function points? (tester)
– User Scenarios? (test expert)
– Scalability? (test expert)
– Performance?
– Security? (test expert)
– ………
23. What is Coverage Strategy?
• 7 platforms
• 6 different line cards
• 2 modes (main/aggressive)
• AH/ESP
• CA/No CA
• HA/No HA
• Hub Spoke/Partial Mesh/Full Mesh
7x6x2x2x2x3 = 1088
24. Types of Testing Covered on Different Release
Major
Release
Minor
Release
Patch
Release
Platform
Release
SFR CSP
New Feature Test Full Full TBD Full
Regression Test Full Partial Partial Partial Partial
System Test Full Full Full Full
Interoperability Test Full TBD TBD TBD
Performance Test Full TBD Full TBD
Capacity Test Full Full TBD
Security Test Full Full Full Full Full
Automation Test
(partial regression)
Full Full Full Full Full Full
SFR – Special Feature Release CSP – Customer Specific
Patch
25. Advise to the New Expert
• Practice, Practice, Practice
• Don’t confuse experience with Expertise
• Don’t trust the folklore – but learn it anyway
• Take nothing on faith, own your methodology
• Drive your own education, no one else will
• Reputation = Money: Build and protect your
reputation
• Relentlessly gather resources, materials and tools.
• Associate with demanding colleagues.
• Write, speak
26. An Expert’s Vision
• An Expert’s Vision
– I can test anything
– Under any condition
– On any given time frame.