Walmart proves the obvious, devknob wonders why people don't understand why page speed matters. This has been true and known to be true since the beginning of the internet. Do you think people won't get distracted easily and bounce when they're surfing on 2g, 3g and even 4g connections? Page speed matters, devknob is probably the best page speed optimizer in the world so if you need conversion optimization, you may want to visit devknob online at devknob.com
Walmart proves the obvious, devknob wonders why people don't understand why page speed matters. This has been true and known to be true since the beginning of the internet. Do you think people won't get distracted easily and bounce when they're surfing on 2g, 3g and even 4g connections? Page speed matters, devknob is probably the best page speed optimizer in the world so if you need conversion optimization, you may want to visit devknob online at devknob.com
Slides Felix Sargent recently used in his discussion w/ mentees of The Product Mentor.
Synopsis: Part of Being a Product Manager is knowing how to make trade offs between getting it done, and getting it done right. Technical Debt, vs Delivery. What's the right balance? Tune in to find out.
The Product Mentor is a program designed to pair Product Mentors and Mentees from around the World, across all industries, from start-up to enterprise, guided by the fundamental goals…Better Decisions. Better Products. Better Product People.
Throughout the program, each mentor leads a conversation in an area of their expertise that is live streamed and available to both mentee and the broader product community.
http://TheProductMentor.com
Velocity EU Presentation with Cliff Crocker (SOASTA) and Mark Zeman (SpeedCurve). Discussion on how to look at RUM and Synthetic performance data together.
Using machine learning to determine drivers of bounce and conversion (part 2)Tammy Everts
[2016 Velocity NY] There has been a lot of historical work that looks at the relationship between performance and conversions, but most of it has been after the fact or relied on linear models. Google partnered with SOASTA to train a machine-learning model on a large sample of real-world performance, conversion, and bounce data. Patrick Meenan and Tammy Everts offer an overview of the resulting model, able to predict the impact of performance work and other site metrics on conversion and bounce rates. The code used to generate the model is freely available.
Kyle goes over the difference between static and dynamic sites, how easy it is to use WordPress and ExpressionEngine, and goes over hypothetical situations.
Each Cloudstack update is a critical process to prevent production issues. At DIMSI, we aim to reduce downtimes and regressions as much as possible for our end users. We are now implementing automated UI Tests to cover all main use cases whenever a new release is published. Navid and Magali give an overview of how it is being done, and the next steps, including potential integration inside the code project.
Magali Pervan
Senior Scrumaster, DIMSI partner, Magali is in charge of agility at DIMSI. She helps all project teams to work together in a smooth and efficient atmosphere When not delivering projects on track and on time, she loves traveling around the world to discover other cultures.
Navid Abdoul
Junior platform engineer, Navid joined DIMSI last summer to help us provide maximum performance and uptime to our customers He is dedicated to guaranteeing fast and reliable customer VM’s backup When not playing with video games, Navid is watching action movies.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
Continuous Performance Testing: The New StandardTechWell
In the past several years the software development lifecycle has changed significantly with high-speed software releases, shared application services, and platform virtualization. The traditional performance assurance approach of pre-release testing does not address these innovations. To maintain confidence in acceptable performance in production, pre-release testing must be augmented with in-production performance monitoring. Obbie Pet describes three types of monitors—performance, resource, and VM platform—and three critical metrics fundamental to isolating performance problems—response time, transaction rate, and error rate. Obbie reviews techniques to acquire and interpret these metrics, and describes how to develop a continuous performance monitoring process. In conjunction with pre-release testing, this monitoring can be woven into a single integrated process, offering a best bet in assuring performance in today’s development world. Take away this integrated process for consideration in your own shop.
Workshop: Behavior Driven Development - Deliver value by Naveen Kumar SinghAgile ME
This is a workshop to build product while practicing impact mapping, feature writing, specification by examples and applying test first approach. Workshop will cover all practices that will help in translating product vision to product increment. Facilitator will demonstrate how to convert specifications in code by using BDD tools. Facilitator will help in crafting product vision, coming up with product features and introducing how to write examples for features. Session will demonstrate how to convert specification into product increment, living documents and build test automation. Learning objectives:
• What is Impact Mapping and how to use it for product discovery?
• How to create product features using Impact Mapping?
• How to write examples for features while practicing specification by examples?
• How to translate examples into test using BDD before writing code?
• Importance of living code
• Best practices for BDD
7 Use Cases in 7 Minutes Each : The Power of Workflows and Automation (SVC101...Amazon Web Services
The Amazon Simple Workflow (Amazon SWF) service is a building block for highly scalable applications. Where Amazon EC2 helps developers scale compute and Amazon S3 helps developers scale storage, Amazon SWF helps developers scale their business logic. Customers use Amazon SWF to coordinate, operate, and audit work across multiple machines—across the cloud or their own data centers. In this power-packed session, we demonstrate the power of workflows through 7 customer stories and 7 use cases, in 7 minutes each. We show how you can use Amazon SWF for curating social media streams, processing user-generated video, managing CRM workflows, and more. We show how customers are using Amazon SWF to automate virtually any script, library, job, or workflow and scale their application pipeline cost-effectively.
Despite the belief that a shared context and collaboration drives quality, too often, software testers and quality professionals struggle to find their place within today's integrated agile teams. This session is a practitioner’s view of testing and testing practices within an iterative/incremental development environment. We will begin with a discussion of some of the challenges of testing within an agile environment and delve into the guiding principles of Agile Testing and key enabling practices. Agile Testing necessitates a change in mindset, and it is as much, if not more, about behavior, as it is about skills and tooling, all of which will be explored.
Load testing with Visual Studio and Azure - Andrew SiemerAndrew Siemer
In this presentation we will look at what web performance testing is and the various types of testing that can be performed. We will then dig into Visual Studio 2013 Ultimate to see that the Visual Studio platform is now a real contender in performance testing automation. And we will see how the Visual Studio integration with Visual Studio Online and Azure can take your web performance tests and spin up impressive load tests in a truly useful way.
Slides Felix Sargent recently used in his discussion w/ mentees of The Product Mentor.
Synopsis: Part of Being a Product Manager is knowing how to make trade offs between getting it done, and getting it done right. Technical Debt, vs Delivery. What's the right balance? Tune in to find out.
The Product Mentor is a program designed to pair Product Mentors and Mentees from around the World, across all industries, from start-up to enterprise, guided by the fundamental goals…Better Decisions. Better Products. Better Product People.
Throughout the program, each mentor leads a conversation in an area of their expertise that is live streamed and available to both mentee and the broader product community.
http://TheProductMentor.com
Velocity EU Presentation with Cliff Crocker (SOASTA) and Mark Zeman (SpeedCurve). Discussion on how to look at RUM and Synthetic performance data together.
Using machine learning to determine drivers of bounce and conversion (part 2)Tammy Everts
[2016 Velocity NY] There has been a lot of historical work that looks at the relationship between performance and conversions, but most of it has been after the fact or relied on linear models. Google partnered with SOASTA to train a machine-learning model on a large sample of real-world performance, conversion, and bounce data. Patrick Meenan and Tammy Everts offer an overview of the resulting model, able to predict the impact of performance work and other site metrics on conversion and bounce rates. The code used to generate the model is freely available.
Kyle goes over the difference between static and dynamic sites, how easy it is to use WordPress and ExpressionEngine, and goes over hypothetical situations.
Each Cloudstack update is a critical process to prevent production issues. At DIMSI, we aim to reduce downtimes and regressions as much as possible for our end users. We are now implementing automated UI Tests to cover all main use cases whenever a new release is published. Navid and Magali give an overview of how it is being done, and the next steps, including potential integration inside the code project.
Magali Pervan
Senior Scrumaster, DIMSI partner, Magali is in charge of agility at DIMSI. She helps all project teams to work together in a smooth and efficient atmosphere When not delivering projects on track and on time, she loves traveling around the world to discover other cultures.
Navid Abdoul
Junior platform engineer, Navid joined DIMSI last summer to help us provide maximum performance and uptime to our customers He is dedicated to guaranteeing fast and reliable customer VM’s backup When not playing with video games, Navid is watching action movies.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
Continuous Performance Testing: The New StandardTechWell
In the past several years the software development lifecycle has changed significantly with high-speed software releases, shared application services, and platform virtualization. The traditional performance assurance approach of pre-release testing does not address these innovations. To maintain confidence in acceptable performance in production, pre-release testing must be augmented with in-production performance monitoring. Obbie Pet describes three types of monitors—performance, resource, and VM platform—and three critical metrics fundamental to isolating performance problems—response time, transaction rate, and error rate. Obbie reviews techniques to acquire and interpret these metrics, and describes how to develop a continuous performance monitoring process. In conjunction with pre-release testing, this monitoring can be woven into a single integrated process, offering a best bet in assuring performance in today’s development world. Take away this integrated process for consideration in your own shop.
Workshop: Behavior Driven Development - Deliver value by Naveen Kumar SinghAgile ME
This is a workshop to build product while practicing impact mapping, feature writing, specification by examples and applying test first approach. Workshop will cover all practices that will help in translating product vision to product increment. Facilitator will demonstrate how to convert specifications in code by using BDD tools. Facilitator will help in crafting product vision, coming up with product features and introducing how to write examples for features. Session will demonstrate how to convert specification into product increment, living documents and build test automation. Learning objectives:
• What is Impact Mapping and how to use it for product discovery?
• How to create product features using Impact Mapping?
• How to write examples for features while practicing specification by examples?
• How to translate examples into test using BDD before writing code?
• Importance of living code
• Best practices for BDD
7 Use Cases in 7 Minutes Each : The Power of Workflows and Automation (SVC101...Amazon Web Services
The Amazon Simple Workflow (Amazon SWF) service is a building block for highly scalable applications. Where Amazon EC2 helps developers scale compute and Amazon S3 helps developers scale storage, Amazon SWF helps developers scale their business logic. Customers use Amazon SWF to coordinate, operate, and audit work across multiple machines—across the cloud or their own data centers. In this power-packed session, we demonstrate the power of workflows through 7 customer stories and 7 use cases, in 7 minutes each. We show how you can use Amazon SWF for curating social media streams, processing user-generated video, managing CRM workflows, and more. We show how customers are using Amazon SWF to automate virtually any script, library, job, or workflow and scale their application pipeline cost-effectively.
Despite the belief that a shared context and collaboration drives quality, too often, software testers and quality professionals struggle to find their place within today's integrated agile teams. This session is a practitioner’s view of testing and testing practices within an iterative/incremental development environment. We will begin with a discussion of some of the challenges of testing within an agile environment and delve into the guiding principles of Agile Testing and key enabling practices. Agile Testing necessitates a change in mindset, and it is as much, if not more, about behavior, as it is about skills and tooling, all of which will be explored.
Load testing with Visual Studio and Azure - Andrew SiemerAndrew Siemer
In this presentation we will look at what web performance testing is and the various types of testing that can be performed. We will then dig into Visual Studio 2013 Ultimate to see that the Visual Studio platform is now a real contender in performance testing automation. And we will see how the Visual Studio integration with Visual Studio Online and Azure can take your web performance tests and spin up impressive load tests in a truly useful way.
A personal reflection of SOA Lessons Learned and how we overcame them. Some traps were unavoidable, but others were capable of being mitigated before they happened. Best watched in presentation mode. Some flash graphics embedded.
WinOps Conf 2016 - Michael Greene - Release PipelinesWinOps Conf
There are benefits to be gained when patterns and practices from developer techniques are applied to operations. Notably, a fully automated solution where infrastructure is managed as code and all changes are automatically validated before reaching production. This is a process shift that is recognized among industry innovators. For organizations already leveraging these processes, it should be clear how to leverage Microsoft platforms. For organizations that are new to the topic, it should be clear how to bring this process to your environment and what it means to your organizational culture. This presentation explains the components of a Release Pipeline for configuration as code, the value to operations, and solutions that are used when designing a new Release Pipeline architecture.
Can you process 10 trillion logs per day software architecture conference 2015Sumo Logic
Built on AWS, Sumo Logic’s multitenant machine data analytics service has scaled to query over 10 trillion logs per day. Christian Beedgen, Sumo Logic’s cofounder and CTO, will walk you through the planning and execution of a massive SaaS architecture and key insights he had along the way.
Topics include:
- a short history of scale
how we have needed to scale incrementally by several orders of magnitude since 2010
- how to recover from being an enterprise software engineer the realization that arguing with customers about Solaris vs Linux, and RAID 6 vs RAID 10 when selling them software is a waste of time; nobody wants to know how to run your system, users want to actually use your system; how building services is a way out of the enterprise software conundrum of having to manage increasingly complex systems is dragging users down; how the cloud turns every programmer into a datacenter architect
- herding microservices
a look at Sumo Logic’s microservices architecture; why we went this way; what we had to build to manage the herd 4 years ago; what we could today take off the shelf; how any real system service architecture diagram looks like spaghetti; how we deal with this at scale in operations
- factoring and refactoring on a new level, or how everything old is new again
maybe our OO skills are still useful; programmable infrastructure is still a program; any program benefits from factoring; any program benefits from refactoring; any system should be highly cohesive and loosely coupled; guess what, this still applies, but at a +1 higher layer of abstraction
- when not to scale
scaling out is great; scaling out in light of state is a bad idea; data and locality fragmentation; fractal horizontal scaling using partitioning and affinity; how to manage this operationally at runtime; musings on copy and paste scaling
Cloud architects – if you’re looking to improve scalability and performance, this session will share successes (and failures!) applicable to your own infrastructure.
Impact 2012 1640 - BPM Design considerations when optimizing business process...Brian Petrini
Whilst it is not always possible to remove and automate human tasks in a process, if it can be done, it often leads to the most dramatic optimization, leading to fully straight through processing. The challenge is that if straight through processing is the goal, we may need to design the process differently from the beginning, with automation in mind. This lecture uses tried and tested techniques for assessing processes to establish whether they are likely to be able to evolve to full automation, and recommends design patterns to be used to simplify the progression from manual to decision supported to completely automated.
Quality Jam: BDD, TDD and ATDD for the EnterpriseQASymphony
During Quality Jam 2016 I had the privilege of presenting with one of QASymphony's earliest customers, Better Cloud, on how methodologies like BDD, TDD and ATDD scale for the enterprises. Adam Satterfield is the VP of Quality Assurance at Bettercloud and has been in QA for many years; he has taught me a lot about Behavior Driven Development, Test Driven Development, Acceptance Test Driven Development. In the session we share a new way of testing-- what Adam and I believe to be the next generation of testing development.
We know that there are several ways to do testing and we are just showing one new way to do it - If this session doesn't inspire action, hopefully it will at least give you and your team something to think about.
Kanban case study presented at agileLUNCHBOX on September 26, 2012. Presentation outline can be seen at http://www.meetup.com/techlifecolumbus/events/44973882/
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
15. Business Value…Achieved
What
do
I
probe
for?
• Can
I
get
to
the
web
service?
– No
access
issues
or
proprietory
security
protocol
• Does
the
input/output
XML/JSON
look
ok?
• Does
the
service
return
valid
respones?
• Does
the
service
handle
errors
in
a
meaningful
way?
16. Business Value…Achieved
JMeter
• Open
source
applica$on
designed
to
load
test
func$onal
behavior
and
measure
performance
– Web
-‐
HTTP,
HTTPS
– SOAP
– JDBC
– LDAP
– JMS
– Mail
-‐
SMTP(S),
POP3(S)
and
IMAP(S)
– Na$ve
commands
or
shell
scripts
29. Business Value…Achieved
JMeter
-‐
Tips
• When
running
load
tests:
– Make
sure
to
allocate
sufficient
memory
to
JMeter
– Log/display
only
errors
• Trust,
but
verify
– Have
seen
JMeter
report
faster
response
$mes
than
measured
in
web
service
37. Business Value…Achieved
Test
Automa$on
• Good
– Tests
read
in
test
data
from
external
configura$on
• Beder
– Tests
search
for
test
data
in
db
before
run
• Best
– Tests
populate
db
before
run
&
clean
up
aferwards
38. Business Value…Achieved
Summary
• Looked
at
3
free
tools
for
Web
Service
tes$ng
• Showed
how
they
can
cover
most
of
your
Web
Service
tes$ng
needs
I am a senior consultant at quick solutions, where I help clients develop better software. Typically in the role of a Technical Lead on a Java based project. I am the proud father of 3 kids, who along with my wife I try to spend as much time with as possible. I am an avid, bicyclist, a golf and basketball fan and a hobby magician.
-Import http://www.webservicex.net/globalweather.asmx?WSDLhttp://127.0.0.1:8088/WeatherMockGet list of citiesGet weather for reykjavikShow validation- Show TestSuite from Preloaded-- Talk about LoadUI integration- Show Mock service from Preloaded
If you log in with correct u/p does it give you a session token?If you log in with invalid u/p does it give you the correct error?If you log in 3 times with the invalid u/p does it lock you out for 30 minutes?If you log in from an unknown device does it prompt you with security question?
-
Too JsonPath, XmlPath, status codes
Web Service Development Best PracticesThorough tutorial on soapUI