Microsoft Fakes help you isolate the code you are testing by replacing other parts of the application with substitute code. These substitutes are called stubs and shims and are under the control of your tests. Microsoft Fakes is ideal when you need to test legacy or “legacy” code that is either restricted for refactoring or “refactoring” practically means rewriting and cost you a lot.
Finacle paper on secure coding practices gives an insight into application coding security and highlights how comprehensive approach in security is need to not only secure code but also web servers and databases.
+ Background & Basics of Web App Security, The HTTP Protocol, Web.
+ Application Insecurities, OWASP Top 10 Vulnerabilities (XSS, SQL Injection, CSRF, etc.)
+ Web App Security Tools (Scanners, Fuzzers, etc), Remediation of Web App
+ Vulnerabilities, Web Application Audits and Risk Assessment.
Web Application Security 101 was conducted by:
Vaibhav Gupta, Vishal Ashtana, Sandeep Singh from Null.
Finacle paper on secure coding practices gives an insight into application coding security and highlights how comprehensive approach in security is need to not only secure code but also web servers and databases.
+ Background & Basics of Web App Security, The HTTP Protocol, Web.
+ Application Insecurities, OWASP Top 10 Vulnerabilities (XSS, SQL Injection, CSRF, etc.)
+ Web App Security Tools (Scanners, Fuzzers, etc), Remediation of Web App
+ Vulnerabilities, Web Application Audits and Risk Assessment.
Web Application Security 101 was conducted by:
Vaibhav Gupta, Vishal Ashtana, Sandeep Singh from Null.
Talk about how to design code that helps one to avoid some of the issues identified on OWASP top 10. Domain Driven Security is one of the main tools to achieve this.
A few slides on Robert Seacord's book, "Secure Coding in C/C++". While the McAfee template was used for the original presentation, the info from this presentation is public.
In this presentation I talked about
Secure Software Development Life Cycle
Design Issues.
Threat Modeling.
Static Code Analysis.
Pentesting.
Resources.
Secure coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities. Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.
Session by: Akash S Prakash
Table of Content
Web Application Firewall
possible security measures of WAF
Data Validation Strategies
Varieties Of Input
Reject Known Bad
Accept Known Good
Sanitization Safe Data Handling
Semantic Checks
Introduction SQL Injection
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application
SQL Injection
Blind SQL Injection
Topic: Exploiting Web APIs
Speaker: Matt Scheurer
https://twitter.com/c3rkah
Abstract:
This talk features live demos of Web API exploits against the “Tiredful API”, which is an intentionally broken web app. The objectives are to teach developers, QA, or security professionals about flaws present in a Web Services (REST API) due to insecure coding practices. Examples include: Information Disclosure, Insecure Direct Object Reference (IDOR), Access Control, Throttling, SQL Injection (SQLite), and Cross Site Scripting (XSS). Many of these vulnerabilities are contained in the OWASP Top 10 list.
Bio:
Matt Scheurer works on a Computer Security Incident Response Team (CSIRT) performing Digital Forensics and Incident Response (DFIR). Matt has more than twenty years of combined experience in Information Technology and Information Security. He is the Security Director for the Cincinnati Networking Professionals Association (CiNPA) and a 2019 comSpark “Rising Tech Stars Award” winner. He has presented on numerous Information Security topics at many local area technology groups and large Information Security conferences across the country. Matt maintains active memberships in several professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), Financial Services - Information Sharing and Analysis Center (FS-ISAC), Information Systems Security Association (ISSA), and InfraGard.
Topic: Exploiting Web APIs
Speaker: Matt Scheurer
https://twitter.com/c3rkah
Abstract:
This talk features live demos of Web API exploits against the “Tiredful API”, which is an intentionally broken web app. The objectives are to teach developers, QA, or security professionals about flaws present in a Web Services (REST API) due to insecure coding practices. Examples include: Information Disclosure, Insecure Direct Object Reference (IDOR), Access Control, Throttling, SQL Injection (SQLi), and Cross Site Scripting (XSS). Many of these vulnerabilities are found in the OWASP Top 10 list.
Bio:
Matt Scheurer works on a Computer Security Incident Response Team (CSIRT) performing Digital Forensics and Incident Response (DFIR). Matt has more than twenty years of combined experience in Information Technology and Information Security. He is the Security Director for the Cincinnati Networking Professionals Association (CiNPA) and a 2019 comSpark “Rising Tech Stars Award” winner. He has presented on numerous Information Security topics at many local area technology groups and large Information Security conferences across the country. Matt maintains active memberships in several professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), Information Systems Security Association (ISSA), and InfraGard.
Automated Software Testing Framework Training by Quontra SolutionsQuontra Solutions
Learn through Experience -- We differentiate our training and development program by delivering Role-Based training instead of Product-based training. Ultimately, our goal is to deliver the best IT Training to our clients.
In this training, attendees learn:
Introduction to Automation
• What is automation
• Advantages of automation & Disadvantages of automation
• Different types of Automation Tools
• What to automate in projects
• When to start automation. Scope for automation testing in projects
• About open-source automation tools
Introduction to Selenium
• What is selenium
• Why selenium
• Advantage and Disadvantages of selenium
Selenium components
• Selenium IDE
• Selenium RC
• Selenium WebDriver
• Selenium Grid
Selenium IDE
• Introduction to IDE
• IDE Installation
• Installation and uses of Firepath, Firebug & Debug bar
• Property & value of elements
• Selenium commands
• Assertions & Verification
• Running, pausing and debugging script
• Disadvantages of selenium IDE
• How to convert selenium IDE Scripts into other languages
Locators
• Tools to identify elements/objects
• Firebug
• IE Developer tools
• Google Chrome Developer tools
• Locating elements by ID
• Finding elements by name
• Finding elements by link text
• Finding elements by XPath
• Finding Elements by using CSS
• Summary
Selenium RC
• What is selenium RC
• Advantages of RC, Architecture
• What is Eclipse/IntelliJ, Selenium RC configure with Eclipse/IntelliJ
• Creating, running & debugging RC scripts
Java Concepts
• Introduction to OOPs concepts and Java
• Installation: Java, Eclipse/IntelliJ, selenium, TestNg/JUnit
• operators in java
• Data types in java
• Conditional statements in java
• Looping statements in java
• Output statements in java
• Classes & Objects
• Collection Framework
• Regular Expressions
• Exception Handling
• Packages, Access Specifiers /Modifiers
• String handling
• Log4J for logging
Selenium Web Driver with Java
• Introduction to WebDriver
• Advantages
• Different between RC and WebDriver
• Selenium WebDriver- commands
• Generate scripts in Eclipse/IntelliJ. Run Test Scripts.
• Debugging Test Script
• Database Connections
• Assertions, validations
• Working with Excel
• Pass the data from Excel
• Working with multiple browser
• Window Handling, Alert/confirm & Popup Handling
• Mouse events
• Wait mechanism
• Rich Web Handling: Calendar handing, Auto suggest, Ajax, browser forward/back navigation, keyboard events, certificate handling, event listeners
TestNg/JUnit Framework
• What is TestNg/JUnit
• Integrate the Selenium Scripts and Run from TestNg/JUnit
• Reporting Results and Analysis
• Run Scripts from multiple programs
• Parallel running using TestNg/JUnit
Automation Framework development in Agile testing
• Introduction to Frame W
Unit tests give developers and testers a quick way to look for logic errors in the methods of classes in Visual C#, Visual Basic, and Visual C++ projects. A unit test can be created one time and run every time that source code is changed to make sure that no bugs are introduced.
Talk about how to design code that helps one to avoid some of the issues identified on OWASP top 10. Domain Driven Security is one of the main tools to achieve this.
A few slides on Robert Seacord's book, "Secure Coding in C/C++". While the McAfee template was used for the original presentation, the info from this presentation is public.
In this presentation I talked about
Secure Software Development Life Cycle
Design Issues.
Threat Modeling.
Static Code Analysis.
Pentesting.
Resources.
Secure coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities. Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.
Session by: Akash S Prakash
Table of Content
Web Application Firewall
possible security measures of WAF
Data Validation Strategies
Varieties Of Input
Reject Known Bad
Accept Known Good
Sanitization Safe Data Handling
Semantic Checks
Introduction SQL Injection
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application
SQL Injection
Blind SQL Injection
Topic: Exploiting Web APIs
Speaker: Matt Scheurer
https://twitter.com/c3rkah
Abstract:
This talk features live demos of Web API exploits against the “Tiredful API”, which is an intentionally broken web app. The objectives are to teach developers, QA, or security professionals about flaws present in a Web Services (REST API) due to insecure coding practices. Examples include: Information Disclosure, Insecure Direct Object Reference (IDOR), Access Control, Throttling, SQL Injection (SQLite), and Cross Site Scripting (XSS). Many of these vulnerabilities are contained in the OWASP Top 10 list.
Bio:
Matt Scheurer works on a Computer Security Incident Response Team (CSIRT) performing Digital Forensics and Incident Response (DFIR). Matt has more than twenty years of combined experience in Information Technology and Information Security. He is the Security Director for the Cincinnati Networking Professionals Association (CiNPA) and a 2019 comSpark “Rising Tech Stars Award” winner. He has presented on numerous Information Security topics at many local area technology groups and large Information Security conferences across the country. Matt maintains active memberships in several professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), Financial Services - Information Sharing and Analysis Center (FS-ISAC), Information Systems Security Association (ISSA), and InfraGard.
Topic: Exploiting Web APIs
Speaker: Matt Scheurer
https://twitter.com/c3rkah
Abstract:
This talk features live demos of Web API exploits against the “Tiredful API”, which is an intentionally broken web app. The objectives are to teach developers, QA, or security professionals about flaws present in a Web Services (REST API) due to insecure coding practices. Examples include: Information Disclosure, Insecure Direct Object Reference (IDOR), Access Control, Throttling, SQL Injection (SQLi), and Cross Site Scripting (XSS). Many of these vulnerabilities are found in the OWASP Top 10 list.
Bio:
Matt Scheurer works on a Computer Security Incident Response Team (CSIRT) performing Digital Forensics and Incident Response (DFIR). Matt has more than twenty years of combined experience in Information Technology and Information Security. He is the Security Director for the Cincinnati Networking Professionals Association (CiNPA) and a 2019 comSpark “Rising Tech Stars Award” winner. He has presented on numerous Information Security topics at many local area technology groups and large Information Security conferences across the country. Matt maintains active memberships in several professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), Information Systems Security Association (ISSA), and InfraGard.
Automated Software Testing Framework Training by Quontra SolutionsQuontra Solutions
Learn through Experience -- We differentiate our training and development program by delivering Role-Based training instead of Product-based training. Ultimately, our goal is to deliver the best IT Training to our clients.
In this training, attendees learn:
Introduction to Automation
• What is automation
• Advantages of automation & Disadvantages of automation
• Different types of Automation Tools
• What to automate in projects
• When to start automation. Scope for automation testing in projects
• About open-source automation tools
Introduction to Selenium
• What is selenium
• Why selenium
• Advantage and Disadvantages of selenium
Selenium components
• Selenium IDE
• Selenium RC
• Selenium WebDriver
• Selenium Grid
Selenium IDE
• Introduction to IDE
• IDE Installation
• Installation and uses of Firepath, Firebug & Debug bar
• Property & value of elements
• Selenium commands
• Assertions & Verification
• Running, pausing and debugging script
• Disadvantages of selenium IDE
• How to convert selenium IDE Scripts into other languages
Locators
• Tools to identify elements/objects
• Firebug
• IE Developer tools
• Google Chrome Developer tools
• Locating elements by ID
• Finding elements by name
• Finding elements by link text
• Finding elements by XPath
• Finding Elements by using CSS
• Summary
Selenium RC
• What is selenium RC
• Advantages of RC, Architecture
• What is Eclipse/IntelliJ, Selenium RC configure with Eclipse/IntelliJ
• Creating, running & debugging RC scripts
Java Concepts
• Introduction to OOPs concepts and Java
• Installation: Java, Eclipse/IntelliJ, selenium, TestNg/JUnit
• operators in java
• Data types in java
• Conditional statements in java
• Looping statements in java
• Output statements in java
• Classes & Objects
• Collection Framework
• Regular Expressions
• Exception Handling
• Packages, Access Specifiers /Modifiers
• String handling
• Log4J for logging
Selenium Web Driver with Java
• Introduction to WebDriver
• Advantages
• Different between RC and WebDriver
• Selenium WebDriver- commands
• Generate scripts in Eclipse/IntelliJ. Run Test Scripts.
• Debugging Test Script
• Database Connections
• Assertions, validations
• Working with Excel
• Pass the data from Excel
• Working with multiple browser
• Window Handling, Alert/confirm & Popup Handling
• Mouse events
• Wait mechanism
• Rich Web Handling: Calendar handing, Auto suggest, Ajax, browser forward/back navigation, keyboard events, certificate handling, event listeners
TestNg/JUnit Framework
• What is TestNg/JUnit
• Integrate the Selenium Scripts and Run from TestNg/JUnit
• Reporting Results and Analysis
• Run Scripts from multiple programs
• Parallel running using TestNg/JUnit
Automation Framework development in Agile testing
• Introduction to Frame W
Unit tests give developers and testers a quick way to look for logic errors in the methods of classes in Visual C#, Visual Basic, and Visual C++ projects. A unit test can be created one time and run every time that source code is changed to make sure that no bugs are introduced.
We investigate one of the most popular approaches to creating software: test driven development. From the basic understanding why tests are important to a new software development paradigm, where you start with tests and them do the implementation. We glance over different areas of testing and see how one should really do the software testing in different situation.
Shai Raiten's talk at the SELA Developer Practice (May 2013) about Advanced Coded UI using Visual Studio 2012. This presentation explain how to work with multiple UI maps, how to use various types of data sources, how to use LINQ and Reflection for project refactoring, and how to create and use logs and traces.
Clean Code in Test Automation Differentiating Between the Good and the BadKnoldus Inc.
This session focuses on the principles of writing clean, maintainable, and efficient code in the context of test automation. The session will highlight the characteristics that distinguish good test automation code from bad, ultimately leading to more reliable and scalable testing frameworks.
[DevDay 2016] Real Unit Testing with mocking framework - Speaker: Phat Vu – S...DevDay.org
Why do programmers hate writing Unit Tests? One big reason is object dependency. An object under testing may have dependencies on other complex objects, which might not have been implemented or been complicated when invoking.
Join the session refresh your thinking about Unit Testing and overview of mocking framework, as well as learn some practice/gotcha to write a real Unit Test, how to isolate the behavior of the object you want to test, how to simulate the behavior of the dependencies.
———
Speaker: Phat Vu – Scrum Master at Axon Active Vietnam
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload.
Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
3. Agenda
Testing in software
Unit testing
• Why unit tests
• Unit tests conventions
• Dependencies, Coupling
Microsoft Fakes
• How does it help
• How does it work
• Stubs
• Shims
• How Do I choose
Q&A
5. Page 5
Strategy Description Visual Studio Tooling
Exploratory
Test
Tester tries to think of possible scenarios not covered by other test strategies and
tests. Useful when engaging users with the testing and observing their (expected)
usage of the system. There are no predefined tests.
Exploratory testing with Microsoft
test Manager (MTM)
Integration
Test
Testing different solution components working together as one. Visual Studio Unit Test features
Load Test Testing under load, in a controlled environment. Visual Studio Load Test Agent
Regression
Test
Regression testing ensures that the system still meets the quality bar after changes
such as bug fixes. Uses a mixture of unit tests and system tests.
Automated testing with MTM
Smoke Test Smoke testing is used to test a new feature or idea before committing the code
changes.
System Test Testing of the entire system against expected features and non-functional
requirements.
Visual Studio Lab Management
Unit Test A test of the smallest unit of code (method / class, and so on) that can be tested
in isolation from other units.
Visual Studio Test Explorer
Unit Test Frameworks
User
Acceptance
Test
Toward the end of the product cycles users are invited to perform acceptance
testing under real-world scenarios, typically based on test cases.
Automated testing with MTM
Testing types
7. Page 7
Unit testing?
• Unit testing is a software testing method by which individual units of
source code, are tested to determine whether they are fit for use.
• “Units of source code” are methods/functions. The unit test is simply
a method/function that calls another method and determines that
the later works correctly.
• How we can verify that our GetEmployeeById(int id) works correctly? Isolation, a
mechanism that will isolate the code under test, and resolve all dependencies
• Unit tests naming conventions:
• MethodName_StateUnderTest_ExpectedBehavior
• WithdrawMoney_InvalidAccount_ExceptionThrown
• MethodName_ExpectedBehavior_StateUnderTest
• Should_ExpectedBehavior_When_StateUnderTest
8. • Make sure the code works
• Refactor with confidence
• Support emerging design
• Reducing the cost of fixing bugs by fixing them earlier, rather than later
• Get a quick understanding of the quality of code
Page 8
Why Unit Tests?
9. Unit tests conventions
• Unit tests naming conventions (there are many)
• MethodName_StateUnderTest_ExpectedBehavior
• WithdrawMoney_InvalidAccount_ReturnsFalse()
• Login_InvalidCredentials_ReturnsErrorMessage()
• MethodName_ExpectedBehavior_StateUnderTest
• WithdrawMoney_ReturnsFalse_InvalidAccount ()
• The 3A of unit testing – Arrange, Act, Assert
• Arrange: Set up the object to be tested. We may need to surround the object with collaborators.
For testing purposes, those collaborators might be test objects (mocks, fakes, etc.) or the real
thing.
• Act: Act on the object (through some mutator). You may need to give it parameters (again,
possibly test objects).
• Assert: Make claims about the object, its collaborators, its parameters, and possibly (rarely!!)
global state.
Page 9
11. • In software engineering, coupling is the manner and degree of
interdependence between software modules. Much of unit tests is
solving dependencies and coupling.
• Practicing unit tests will improve code quality on the long run.
Some principles and patterns must be employed to improve
testability.
• Single responsibility principle (SRP)
• Open Closed Principle (OCP)
• Dependency Inversion Principle (DI)
• Don’t Repeat Yourself (DRY)
• You Aren’t Going to Need It (YAGNI)
Page 11
Dependencies, Coupling
13. • Microsoft Fakes is a framework that enables us to isolate the code we are
testing by replacing dependencies of our code with stubs or shims.
• The Fakes Framework in Visual Studio 2012 is the next generation of Moles
& Stubs. (Read: migrate not upgrade)
• Available in VS 2012/2013 Ultimate
• Works with .Net framework 2.0 and Above
• Newest version available with VS 2015 Enterprise
Page 13
What is the Microsoft Fakes Framework?
14. • Allows us to quickly implement doubles to support testing in isolation
• Allows us to decouple from slow running dependencies like DB, file system,
message system.
• Decoupling allows us to write order independent unit tests
• Stage data in test methods, not in a DB.
• One unit test failure will not cause a chain reaction
• No need to reset a database to a golden state.
• Allows us to intercept calls to dependencies we do not control.
Page 14
How the Fakes framework helps
15. • In Microsoft Fakes, the developer must right-click the assembly
reference they wish to mock and select Add Fakes Assembly. This will
generate a new assembly that must be referenced to create the fake
objects.
Page 15
Generated code
19. • For every public type in the referenced assembly which are included
into shim-based faking via configuration, the Microsoft Fakes
mechanism generates a shim class. The type name is the same as the
original type, with "Shim" as a prefix.
Page 19
Shims (all instances)
20. • Shim methods can be injected per instance of an object.
In this example myClass1.MyMethod() will return 5 while
myClass2.MyMethod() will return 10;
Page 20
Shims (one instance)
21. • Shims must be used within a ShimsContext.Create() using statement.
• If need to execute original code a call to
ShimsContext.ExecuteWithoutShims must be placed inside the
shimmed method.
Page 21
Shims Context and Behavior
24. • Stubs
• Helps if you’re interface-driven
• Creates default() implementations of an interface
• including properties & methods
• Shims
• <magic/>
• Substitute hard-coded types with
*something else* at runtime
Dae Page 24
Stubs and Shims
25. • Stubs
• If you’ve got interfaces already
• You’re building from scratch
• If you want to save yourself some typing
• You aren’t battling “sealed” and “static” keywords
• Shims
• Stuff is hopelessly stuck together
• Stuff is hopelessly non-testable
• You’re supporting legacy code
• You are Ninja
• Shims are not a long-term solution (except when there is no other
solution).
Page 25
Stubs and Shims
MY Practical definitions
SRP – designing classes so they do one thing well keeps the class simple. Simple classes are easier to test. Code smell large classes and large methods.
OCP – Design classes to be resilient in the face of change. For example using abstract methods on base classes lets add behavior without changing existing code. Code smell frequently adding a case to a switch statement or If then Else If
DI - high level classes are not working directly with low level classes, they are using interfaces as an abstract layer. Why – Easier to test in isolation! Code smell : “Newing up classes”
DRY – Don’t repeat yourself – code and test it once reuse many times. Less code to write – less code to change (1 spot)
YAGNI – Don’t write code until you need it. Remove unused code and corresponding tests – greatest refactor you do removes code.