The document provides guidance on best practices for testing service-oriented architecture (SOA) solutions. It discusses that SOA testing requires a revised approach compared to traditional testing, with a focus on testing at the service level rather than system level. It also notes that security testing needs to span the entire project lifecycle for SOA. The document recommends that a SOA test team requires both technical understanding of the architecture as well as business domain expertise. It provides an overview of different types of SOA testing and factors to consider in developing a test strategy.
Silk4Net is an automated testing tool that allows .Net developers to create powerful testing frameworks and reduce defects. It supports testing of applications built with technologies like AJAX, Web 2.0, .NET, and client/server. Silk4Net enables high test reusability, increased test coverage, and optimized application quality while reducing testing time and costs. It provides features like automatic synchronization and error handling that allow for reliable and robust test automation of complex applications.
Silk4J is an automated testing tool that supports test-driven development. It allows developers to write automated tests in Java prior to or alongside application development. Silk4J has features like a recorder for quickly creating tests and built-in synchronization that eliminates the need for manual waits. It also supports unattended testing and restoring the application if errors occur. Silk4J is designed to work with technologies like AJAX, Flex, and .NET and supports cross-browser testing without modifying scripts.
Setting Up Your Mobile Testing Factory for 2013SOASTA
On every CIO’s Top 10 List this year mobile computing dominated IT planning. And of course 2013’s mobile testing plans should be well underway by now. SOASTA’s platform with CloudTest, TouchTest and mPulse ensures your mobile delivery – all the way from Development through Production.
Join us for this now on-demand webinar as the SOASTA team discusses and demonstrates automation in the mobile testing process and how to build your complete Mobile Testing Factory for 2013.
The Factory Floor has:
Continuous integration for hands-free mobile testing
Mobile device labs with real, un-jailbroken devices
Integrated functional and performance tests for realistic validations
Load testing for mobile traffic with global scale and device-level user experience
The next generation of real mobile user measurement to drive dev and test
You’ll leave this webinar with new ideas and a course of action to make your holidays happy and to put your 2013 plans in flight!
Speakers:
Mike Ostenberg is Sr. Performance Engineer & Solution Architect at SOASTA. His expertise includes SaaS, application performance testing, application lifecycle management, application monitoring, web services and web technologies. Prior to joining SOASTA Mike spent more than a decade working for HP.
Brad Johnson is VP of Product and Channel Marketing at SOASTA. Joining SOASTA’s CloudTest pioneers in early 2009, his former roles as head of monitoring and test products at Compuware, Mercury Interactive and Borland prepared him well to disrupt the skeptical and established software testing market with updated approaches and technologies for web and mobile testing.
ATI Professional Development Short Course Universal Arhitecture Description F...Jim Jenkins
The document outlines a training program from JOG Grand Systems Development that covers various systems engineering courses. The courses focus on requirements elicitation and analysis, functional analysis, modeling techniques like UML and SysML, architecture frameworks, and verification. The training is intended to help students develop comprehensive models and specifications for complex hardware, software, and human systems.
Soa Testing An Approach For Testing Security Aspects Of Soa Based ApplicationJaipal Naidu
The document describes an approach for testing security aspects of service-oriented architecture (SOA) based applications. It focuses on testing specifications such as WS-Security, SAML, WS-Trust, WS-SecureConversation, and WS-Security Policy. The approach involves writing customized test assertion documents based on specifications, capturing SOAP messages at interfaces, and comparing messages to test assertions to generate test results.
Cost effective auditing of web applications and networks in smbLalit Choudhary
This document discusses cost effective auditing of web applications and networks for small and medium sized businesses. It proposes using open source tools in an integrated environment to automate much of the auditing process. This allows SMBs to focus their limited resources on the highest risks while reducing costs. Specific tools mentioned include SAHI for automating web application testing and checking for vulnerabilities like SQL injection and cross-site scripting. The document also discusses using ISO standard ISMS for auditing network environments and how the integrated toolset can cover many of the typical auditing tasks to reduce the time and costs associated with audits.
All you need to know about SOA testing- Bahaa Al Zubaidi.pdfBahaa Al Zubaidi
SOA or Service Oriented Architecture is the backbone for enterprise systems today. With businesses relying on IT systems, a robust SOA is necessary to the system can operate seamlessly. This makes it essential to test the SOA to find out if it can effectively support the system.
This document discusses CloudTest's strategy and approach for testing production applications. It notes that while online application performance is critical, performance testing is rarely done and when it is done, it is usually in a lab environment rather than production. The limitations of this approach are that a lab cannot replicate a real production environment. CloudTest's methodology focuses on testing applications directly in production environments to achieve the highest confidence testing possible. It addresses key topics like security, use of test data, and potential impact on live customers when testing in this way.
Silk4Net is an automated testing tool that allows .Net developers to create powerful testing frameworks and reduce defects. It supports testing of applications built with technologies like AJAX, Web 2.0, .NET, and client/server. Silk4Net enables high test reusability, increased test coverage, and optimized application quality while reducing testing time and costs. It provides features like automatic synchronization and error handling that allow for reliable and robust test automation of complex applications.
Silk4J is an automated testing tool that supports test-driven development. It allows developers to write automated tests in Java prior to or alongside application development. Silk4J has features like a recorder for quickly creating tests and built-in synchronization that eliminates the need for manual waits. It also supports unattended testing and restoring the application if errors occur. Silk4J is designed to work with technologies like AJAX, Flex, and .NET and supports cross-browser testing without modifying scripts.
Setting Up Your Mobile Testing Factory for 2013SOASTA
On every CIO’s Top 10 List this year mobile computing dominated IT planning. And of course 2013’s mobile testing plans should be well underway by now. SOASTA’s platform with CloudTest, TouchTest and mPulse ensures your mobile delivery – all the way from Development through Production.
Join us for this now on-demand webinar as the SOASTA team discusses and demonstrates automation in the mobile testing process and how to build your complete Mobile Testing Factory for 2013.
The Factory Floor has:
Continuous integration for hands-free mobile testing
Mobile device labs with real, un-jailbroken devices
Integrated functional and performance tests for realistic validations
Load testing for mobile traffic with global scale and device-level user experience
The next generation of real mobile user measurement to drive dev and test
You’ll leave this webinar with new ideas and a course of action to make your holidays happy and to put your 2013 plans in flight!
Speakers:
Mike Ostenberg is Sr. Performance Engineer & Solution Architect at SOASTA. His expertise includes SaaS, application performance testing, application lifecycle management, application monitoring, web services and web technologies. Prior to joining SOASTA Mike spent more than a decade working for HP.
Brad Johnson is VP of Product and Channel Marketing at SOASTA. Joining SOASTA’s CloudTest pioneers in early 2009, his former roles as head of monitoring and test products at Compuware, Mercury Interactive and Borland prepared him well to disrupt the skeptical and established software testing market with updated approaches and technologies for web and mobile testing.
ATI Professional Development Short Course Universal Arhitecture Description F...Jim Jenkins
The document outlines a training program from JOG Grand Systems Development that covers various systems engineering courses. The courses focus on requirements elicitation and analysis, functional analysis, modeling techniques like UML and SysML, architecture frameworks, and verification. The training is intended to help students develop comprehensive models and specifications for complex hardware, software, and human systems.
Soa Testing An Approach For Testing Security Aspects Of Soa Based ApplicationJaipal Naidu
The document describes an approach for testing security aspects of service-oriented architecture (SOA) based applications. It focuses on testing specifications such as WS-Security, SAML, WS-Trust, WS-SecureConversation, and WS-Security Policy. The approach involves writing customized test assertion documents based on specifications, capturing SOAP messages at interfaces, and comparing messages to test assertions to generate test results.
Cost effective auditing of web applications and networks in smbLalit Choudhary
This document discusses cost effective auditing of web applications and networks for small and medium sized businesses. It proposes using open source tools in an integrated environment to automate much of the auditing process. This allows SMBs to focus their limited resources on the highest risks while reducing costs. Specific tools mentioned include SAHI for automating web application testing and checking for vulnerabilities like SQL injection and cross-site scripting. The document also discusses using ISO standard ISMS for auditing network environments and how the integrated toolset can cover many of the typical auditing tasks to reduce the time and costs associated with audits.
All you need to know about SOA testing- Bahaa Al Zubaidi.pdfBahaa Al Zubaidi
SOA or Service Oriented Architecture is the backbone for enterprise systems today. With businesses relying on IT systems, a robust SOA is necessary to the system can operate seamlessly. This makes it essential to test the SOA to find out if it can effectively support the system.
This document discusses CloudTest's strategy and approach for testing production applications. It notes that while online application performance is critical, performance testing is rarely done and when it is done, it is usually in a lab environment rather than production. The limitations of this approach are that a lab cannot replicate a real production environment. CloudTest's methodology focuses on testing applications directly in production environments to achieve the highest confidence testing possible. It addresses key topics like security, use of test data, and potential impact on live customers when testing in this way.
The document outlines a seven step process for governing web services: Design, Build, Run, Decommission, Archive, Important Features, and Promote. It discusses best practices for each step, such as using governance tools to monitor services, supporting multiple versions, and having clear documentation and sign-offs when moving services between environments. The overall goal is to simplify environments and design patterns to better govern web services.
The document discusses quality assurance (QA) in blockchain applications. It covers several topics:
1. The importance of proper QA for blockchain projects, as bugs can have more serious consequences compared to centralized software.
2. Different testing stages for blockchain releases like devnet, alphanet and betanet before mainnet launch.
3. How lack of QA is one of the main reasons many blockchain projects fail after initial launch.
4. The document emphasizes that QA is not just software testing, but also involves hardware and other factors. Taking all scenarios into account, proper QA is critical for blockchain applications.
Reliability study and analysis on open source enterprise resource planning so...Mayank Baheti
This document is a mini project report submitted by four students at R.V. College of Engineering in Bangalore, India. The report details a study and analysis of the reliability of the open source enterprise resource planning (ERP) software package Apache OFBiz. The report begins with an introduction to software reliability and open source ERP software. It then discusses the methodology used to test OFBiz, including performance testing on different operating systems and web browsers, functionality testing, and tracking defects. The results of the data collection and analysis are also presented. The overall aim of the project was to test and analyze the reliability of OFBiz to gain insights that could increase its credibility.
How the WSO2 App factory can help Manage your ApplicationsWSO2
The document discusses the WSO2 App Factory, which is a platform for managed application development. It provides automated configurable DevOps and governance processes to support applications throughout their lifecycle from development to production. Key features include facilitating regulatory compliance, providing a configurable governance model, integrated developer tools, dependency management across environments, and extensibility. The App Factory integrates with other WSO2 products like the API Manager.
Microservices have recently attracted a lot of attention for being the architecture of choice for companies like Uber, Netflix, Spotify, and Amazon. Undoubtedly, this architectural approach has distinct impacts across the SDLC. Many of the core benefits associated with the adoption of microservices actually introduce significant quality challenges. For example:
An increased number of dependencies
Parallel development roadblocks
Impacts to the traditional methods of testing
More potential points of failure
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...InfoSeption
The document discusses how VMware IT drives systems stability and delivery agility through DevOps practices. It summarizes how VMware IT automated instance provisioning to reduce provisioning time from 4-6 weeks to under 22 hours. It also discusses how VMware IT uses a cloud operations management platform for instance monitoring and management to improve operational efficiency. Finally, it outlines how VMware IT leverages a continuous delivery platform and service virtualization to improve application delivery agility.
The document provides an overview of manual and automated software testing concepts and Selenium. It covers topics such as the software development life cycle (SDLC), testing fundamentals, manual testing techniques, Selenium basics, and real-world examples for testing a jobs factory application using Selenium. The document is intended as a training manual to teach software testing using both manual and automated approaches.
ROLE OF iSAFE/iMobi IN SEAMLESS INTEGRATION OF THE DEVOPS ENVIRONMENTIndium Software
IP-led test automation framework supported by blueprint
for product development in Devops environment can
ensure automation in the true sense.
DevOps is fast becoming adopted as the environment for product
development. It facilitates closer integration of development and operations
teams, reducing the time needed to develop and deploy a product. However,
it is still in its early stages and the teams continue to work in silos due to the
different kinds of tools they need suited to their needs.
An IP-driven testing framework like iSAFE can be the bulwark on which the development, testing and operations teams can integrate more seamlessly,
as it provides one key feature needed when handling such a comprehensive
environment – traceability. The other advantages, of course, are reusability,
automated alerts and shorter testing periods, thus aiding in the quick time-to-market
needs of the organizations.
Graham Bath - SOA: Whats in it for Testers?TEST Huddle
EuroSTAR Software Testing Conference 2009 presentation on SOA: Whats in it for Testers? by Graham Bath. See more at conferences.eurostarsoftwaretesting.com/past-presentations/
Business Results: Get there faster with SOA GovernanceKelly Emo
This presentation was developed for Integration Developer News SOA GovCon VII. It is HP's Point of View on how SOA Governance can accelerate IT's ability to successfully roll out new SOA projects to meet business needs.
How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16AppDynamics
Making the leap to continuous delivery is precarious for any organization, but the concerns are greatly exacerbated when your organization services approximately 45 million bank accounts. Committed to maintaining flawless user experiences while accelerating release cadence, Capital One faced a daunting challenge as it transformed culture, processes, and technical infrastructure in its evolution to continuous delivery.
Join this session with Capital One's Michael Bonamassa and Parasoft's Wayne Airole and learn from their insights on what DevTest changes are critical for responding to extreme digital disruption.
Key takeaways:
o The changing responsibilities of DevTest in a "continuous everything" world
o What skill sets software testers need to ride the wave of digital transformation
o How service virtualization and continuous testing measure the risk of a release candidate
o How to evolve the culture and process to support continuous delivery
o What technical infrastructure is required for real-time test automation and continuous delivery maturation
For more information, go to: www.appdynamics.com
This document provides guidance on best practices for testing Service-Oriented Architecture (SOA) solutions. It discusses that more testing effort is needed at the service level rather than the system level. Security testing needs to span the entire project lifecycle. The SOA test team requires an understanding of both the technical architecture and business domains. The testing approach also demands the appropriate use of tools. The document outlines a comprehensive SOA test methodology covering various phases from unit to system level testing and types of testing including functional, performance, security and more. It provides recommendations on tools and discusses how to implement an effective regression strategy.
This document provides an overview and summary of a Navy Service-Oriented Architecture (SOA) Reference Model. It discusses the purpose and goals of developing the reference model, including describing Navy SOA goals in the context of commercial goals and standards. It also outlines the key sections and components of the reference model, including the Business Reference Model, Services Reference Model, and Technical Reference Model. The document recommends following commercial best practices and compliance with relevant guidance and standards.
Cor source solutions on premise to on demand saas u 2 2012CorSource
The document provides an overview of moving an on-premise software product to an on-demand, Software as a Service (SaaS) model. It discusses key considerations for the business objectives, licensing model, leveraging the current product, architectural planning, development processes, and infrastructure migration. The levels of SaaS maturity and key factors of enabling SaaS are also outlined.
The Evolution of Application Release AutomationXebiaLabs
The capabilities provided by today’s Application Release Automation (ARA) tools have advanced exponentially in recent years. Despite these advancements, the enterprise demands new requirements that go beyond application change to automate even more of the release process. The evolving definition of ARA now includes areas that were previously left unaddressed, such as the deployment of database changes and the orchestration of the entire release process. In this on-demand webinar, learn how Datical and XebiaLabs are working together to address the changing needs of the enterprise through the evolution of ARA.
This document provides an introduction to microservices, including:
- The benefits of microservices compared to monolithic architecture like independent deployability and scalability.
- Microservices are small, independently deployable services that work together and are modeled around business domains.
- Implementing microservices requires automation, high cohesion, loose coupling, and stable APIs.
- Potential downsides include increased complexity in testing, monitoring, and operations. Microservices are best suited to problems of scale.
The dynamic business environment compels organizations to adopt modern technology like SOA based applications. However the traditional approach to testing needs to be discarded in favour of a new test tools and methodologies. This whitepaper guides individual through the SOA testing process.
WCC Web Conferencing Solutions Top Ten 2009Videoguy
The document provides a summary of the Web Conferencing Council's evaluation of the top 10 web conferencing solutions in 2009. Key criteria included depth of features, audio/video quality, price, security, stability, and ease of use. After testing over 100 solutions, VIA3 from Viack was ranked #1 overall based on high scores across all criteria, particularly its security, audio/video quality, comprehensive features, and competitive pricing. GoToMeeting and WebEx were ranked #2 and #3, respectively, for their simplicity and ease of use. The document provides brief profiles of the top 5 solutions.
Kevin Liu Peter Mc Nulty Best Practices V2SOA Symposium
This document summarizes a presentation on best practices for SOA service provisioning and management. It discusses the importance of SOA governance and management, provides an overview of the SAP Co-Innovation Lab for collaborative SOA projects, and gives an example project on SOA management in a complex enterprise environment.
The document outlines a seven step process for governing web services: Design, Build, Run, Decommission, Archive, Important Features, and Promote. It discusses best practices for each step, such as using governance tools to monitor services, supporting multiple versions, and having clear documentation and sign-offs when moving services between environments. The overall goal is to simplify environments and design patterns to better govern web services.
The document discusses quality assurance (QA) in blockchain applications. It covers several topics:
1. The importance of proper QA for blockchain projects, as bugs can have more serious consequences compared to centralized software.
2. Different testing stages for blockchain releases like devnet, alphanet and betanet before mainnet launch.
3. How lack of QA is one of the main reasons many blockchain projects fail after initial launch.
4. The document emphasizes that QA is not just software testing, but also involves hardware and other factors. Taking all scenarios into account, proper QA is critical for blockchain applications.
Reliability study and analysis on open source enterprise resource planning so...Mayank Baheti
This document is a mini project report submitted by four students at R.V. College of Engineering in Bangalore, India. The report details a study and analysis of the reliability of the open source enterprise resource planning (ERP) software package Apache OFBiz. The report begins with an introduction to software reliability and open source ERP software. It then discusses the methodology used to test OFBiz, including performance testing on different operating systems and web browsers, functionality testing, and tracking defects. The results of the data collection and analysis are also presented. The overall aim of the project was to test and analyze the reliability of OFBiz to gain insights that could increase its credibility.
How the WSO2 App factory can help Manage your ApplicationsWSO2
The document discusses the WSO2 App Factory, which is a platform for managed application development. It provides automated configurable DevOps and governance processes to support applications throughout their lifecycle from development to production. Key features include facilitating regulatory compliance, providing a configurable governance model, integrated developer tools, dependency management across environments, and extensibility. The App Factory integrates with other WSO2 products like the API Manager.
Microservices have recently attracted a lot of attention for being the architecture of choice for companies like Uber, Netflix, Spotify, and Amazon. Undoubtedly, this architectural approach has distinct impacts across the SDLC. Many of the core benefits associated with the adoption of microservices actually introduce significant quality challenges. For example:
An increased number of dependencies
Parallel development roadblocks
Impacts to the traditional methods of testing
More potential points of failure
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...InfoSeption
The document discusses how VMware IT drives systems stability and delivery agility through DevOps practices. It summarizes how VMware IT automated instance provisioning to reduce provisioning time from 4-6 weeks to under 22 hours. It also discusses how VMware IT uses a cloud operations management platform for instance monitoring and management to improve operational efficiency. Finally, it outlines how VMware IT leverages a continuous delivery platform and service virtualization to improve application delivery agility.
The document provides an overview of manual and automated software testing concepts and Selenium. It covers topics such as the software development life cycle (SDLC), testing fundamentals, manual testing techniques, Selenium basics, and real-world examples for testing a jobs factory application using Selenium. The document is intended as a training manual to teach software testing using both manual and automated approaches.
ROLE OF iSAFE/iMobi IN SEAMLESS INTEGRATION OF THE DEVOPS ENVIRONMENTIndium Software
IP-led test automation framework supported by blueprint
for product development in Devops environment can
ensure automation in the true sense.
DevOps is fast becoming adopted as the environment for product
development. It facilitates closer integration of development and operations
teams, reducing the time needed to develop and deploy a product. However,
it is still in its early stages and the teams continue to work in silos due to the
different kinds of tools they need suited to their needs.
An IP-driven testing framework like iSAFE can be the bulwark on which the development, testing and operations teams can integrate more seamlessly,
as it provides one key feature needed when handling such a comprehensive
environment – traceability. The other advantages, of course, are reusability,
automated alerts and shorter testing periods, thus aiding in the quick time-to-market
needs of the organizations.
Graham Bath - SOA: Whats in it for Testers?TEST Huddle
EuroSTAR Software Testing Conference 2009 presentation on SOA: Whats in it for Testers? by Graham Bath. See more at conferences.eurostarsoftwaretesting.com/past-presentations/
Business Results: Get there faster with SOA GovernanceKelly Emo
This presentation was developed for Integration Developer News SOA GovCon VII. It is HP's Point of View on how SOA Governance can accelerate IT's ability to successfully roll out new SOA projects to meet business needs.
How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16AppDynamics
Making the leap to continuous delivery is precarious for any organization, but the concerns are greatly exacerbated when your organization services approximately 45 million bank accounts. Committed to maintaining flawless user experiences while accelerating release cadence, Capital One faced a daunting challenge as it transformed culture, processes, and technical infrastructure in its evolution to continuous delivery.
Join this session with Capital One's Michael Bonamassa and Parasoft's Wayne Airole and learn from their insights on what DevTest changes are critical for responding to extreme digital disruption.
Key takeaways:
o The changing responsibilities of DevTest in a "continuous everything" world
o What skill sets software testers need to ride the wave of digital transformation
o How service virtualization and continuous testing measure the risk of a release candidate
o How to evolve the culture and process to support continuous delivery
o What technical infrastructure is required for real-time test automation and continuous delivery maturation
For more information, go to: www.appdynamics.com
This document provides guidance on best practices for testing Service-Oriented Architecture (SOA) solutions. It discusses that more testing effort is needed at the service level rather than the system level. Security testing needs to span the entire project lifecycle. The SOA test team requires an understanding of both the technical architecture and business domains. The testing approach also demands the appropriate use of tools. The document outlines a comprehensive SOA test methodology covering various phases from unit to system level testing and types of testing including functional, performance, security and more. It provides recommendations on tools and discusses how to implement an effective regression strategy.
This document provides an overview and summary of a Navy Service-Oriented Architecture (SOA) Reference Model. It discusses the purpose and goals of developing the reference model, including describing Navy SOA goals in the context of commercial goals and standards. It also outlines the key sections and components of the reference model, including the Business Reference Model, Services Reference Model, and Technical Reference Model. The document recommends following commercial best practices and compliance with relevant guidance and standards.
Cor source solutions on premise to on demand saas u 2 2012CorSource
The document provides an overview of moving an on-premise software product to an on-demand, Software as a Service (SaaS) model. It discusses key considerations for the business objectives, licensing model, leveraging the current product, architectural planning, development processes, and infrastructure migration. The levels of SaaS maturity and key factors of enabling SaaS are also outlined.
The Evolution of Application Release AutomationXebiaLabs
The capabilities provided by today’s Application Release Automation (ARA) tools have advanced exponentially in recent years. Despite these advancements, the enterprise demands new requirements that go beyond application change to automate even more of the release process. The evolving definition of ARA now includes areas that were previously left unaddressed, such as the deployment of database changes and the orchestration of the entire release process. In this on-demand webinar, learn how Datical and XebiaLabs are working together to address the changing needs of the enterprise through the evolution of ARA.
This document provides an introduction to microservices, including:
- The benefits of microservices compared to monolithic architecture like independent deployability and scalability.
- Microservices are small, independently deployable services that work together and are modeled around business domains.
- Implementing microservices requires automation, high cohesion, loose coupling, and stable APIs.
- Potential downsides include increased complexity in testing, monitoring, and operations. Microservices are best suited to problems of scale.
The dynamic business environment compels organizations to adopt modern technology like SOA based applications. However the traditional approach to testing needs to be discarded in favour of a new test tools and methodologies. This whitepaper guides individual through the SOA testing process.
WCC Web Conferencing Solutions Top Ten 2009Videoguy
The document provides a summary of the Web Conferencing Council's evaluation of the top 10 web conferencing solutions in 2009. Key criteria included depth of features, audio/video quality, price, security, stability, and ease of use. After testing over 100 solutions, VIA3 from Viack was ranked #1 overall based on high scores across all criteria, particularly its security, audio/video quality, comprehensive features, and competitive pricing. GoToMeeting and WebEx were ranked #2 and #3, respectively, for their simplicity and ease of use. The document provides brief profiles of the top 5 solutions.
Kevin Liu Peter Mc Nulty Best Practices V2SOA Symposium
This document summarizes a presentation on best practices for SOA service provisioning and management. It discusses the importance of SOA governance and management, provides an overview of the SAP Co-Innovation Lab for collaborative SOA projects, and gives an example project on SOA management in a complex enterprise environment.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/
Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit.
As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies.
In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Principle of conventional tomography-Bibash Shahi ppt..pptx
Soa Test Methodology
1. SOA Test Methodology
Abstract
Service-Oriented Architecture (SOA) promises significant benefits to today's organizations.
Abstract
Successfully delivering SOA benefits, especially Business Agility and Component Reuse, will be
dependant on the Test Approach that your organization adopts to implement your SOA.
This white paper will provide a comprehensive guidance on best practices for testing SOA
Solutions. This document includes a review of the following topics that will need to be addressed to
ensure a successful SOA implementation:
l more testing effort will be required at the service level and not at the system level
Why
lWhy Security testing moves from an end of project activity to one that spans the entire project
life cycle
lA SOA Test team will not only require a detailed technical understanding of your SOA, but they
must be experts of domains within your business
l Test Approach demands an appropriate tool strategy
SOA
www.thbs.com/soa
2. Table of Contents
1 INTRODUCTION 3
1.1 SERVICE-ORIENTED ARCHITECTURE OVERVIEW 4
1.1.1 What is SOA 4
1.1.2 SOA Benefits & Implementation Principles 4
1.1.3 Key Terms of Service-Oriented Architecture 5
1.1.4 Test Model 6
1.1.5 SOA Governance 7
2 SOA TEST METHODOLOGY 8
2.1 TRADITIONAL TEST APPROACH 8
2.1.1 Revised Test Approach for SOA 9
2.2 SOA TEST APPROACH 9
2.2.1 Purpose 9
2.2.2 How Do You Test SOA Architecture? 10
2.2.3 Governance Testing 11
2.2.4 Service-component-level Testing 11
2.2.5 Service-level Testing 12
2.2.6 Integration-level Testing 12
2.2.7 Process/Orchestration-level Testing 12
2.2.8 System-level Testing 13
2.2.9 Security Testing 13
2.3 DELIVERABLES BASED ON DISCIPLINES AND KEY DOCUMENTATION 13
2.3.1 Test Phases and Test Types 13
2.3.2 Functional Testing 14
2.3.3 Performance 14
2.3.4 Security 14
2.3.5 Interoperability 14
2.3.6 Backward Compatibility 15
2.3.7 Compliance 15
3 REGRESSION STRATEGY 16
4 SECURITY TESTING 16
5 USER ACCEPTANCE TESTING 17
6 RISK BASED TESTING 17
7 OFFSHORE ONSITE MODEL 18
8 TEST TOOLS AND USAGE 19
8.1 COMMERCIAL PRODUCTS 19
8.1.1 Green Hat GH Tester 19
8.1.2 Mercury 19
8.1.3 Parasoft SOAtest 19
8.1.4 AdventNet QEngine 19
8.1.5 Borland SilkPerfomer SOA edition 20
8.1.6 LISA WS – Testing 20
8.2 OPEN SOURCE PRODUCTS 20
8.2.1 SOAP UI 20
8.2.2 PushToTest TESTMAKER 20
9 CONCLUSION 20
2
2007 Torry Harris Business Solutions, All Rights Reserved
3. 1. Introduction
'To SOA or not to SOA' is not the question anymore. It is 'When to SOA?' With the maturity in SOA
Implementations and realization of the associated benefits and challenges, increasingly Enterprises are
including SOA Adoption in their Road Map.
Service-Oriented Architecture, or SOA, enables IT departments to make the transition from an
application-centric view of the world to a process-centric view. Today, IT departments have the freedom
to combine business services from multiple applications to deliver true end-to-end support for business
processes. And, because the integration mechanism of SOA (usually Web Services) enables loosely
coupled integration, IT departments can upgrade or change applications without impacting other
applications.
Though SOA is being increasingly implemented both as green field (top down) and legacy
modernization (bottom up), there is a clear lack of testing methodologies designed specifically for SOA
applications. New approaches and methodologies are necessary to verify and validate applications
based on SOA concepts.
Why is SOA testing different? The answer has many dimensions, but the bottom line is agility and
flexibility. Yes, what makes SOA a very attractive, business friendly IT paradigm is the same reason why
a different testing approach is required in SOA Implementations.
When it comes to testing SOA applications, one has to look beyond functionality and performance (load)
testing. SOA testing requires testing of interfaces and services that might bring together diverse systems
and platforms, along with other performance (latency) and security related aspects.
One of the other challenges to be tackled in SOA Testing is the availability of the environment with the
dependent underlying services and/or applications. For instance, an SOA Implementation might bring
together two or more autonomous internal applications/services when composing a business process.
The availability of these internal applications/services becomes highly important during integration
testing in parts as well as during end-to-end testing of the business process.
Starting with a brief introduction to SOA, this paper outlines an approach to testing a SOA
Implementation in an effective and reliable manner. The paper further describes the various testing
categories, suggested test strategy and an introduction to the available tools in the market that can be
used to complement the overall Testing Approach.
3
2007 Torry Harris Business Solutions, All Rights Reserved
4. 1.1 Service-Oriented Architecture Overview
1.1.1 What is SOA
A concise functional definition is provided below:
Oasis (www.oasis-open.org) defines SOA as -- "An architectural style whose goal is to achieve loose
coupling among interacting software agents / services."
Arasanjani, Borges and Holley define SOA as follows:
“SOA is the architectural style that supports loosely coupled services to enable business flexibility in an
interoperable, technology-agnostic manner. SOA consists of a composite set of business-aligned
services that support a flexible and dynamically re-configurable end-to-end business processes
realization using interface-based service descriptions.”
1.1.2 SOA Benefits & Implementation Principles
SOA provides benefits in four basic categories:
l reducing integration expense
l increasing asset reuse
l increasing business agility
l reduction of business risk
These four core benefits actually offer return at many different levels and parts of the organization,
depending on the set of business problems the company is applying SOA to.
How should companies calculate the expected returns that tangible benefits provide the organization?
Only by understanding the full range of SOA value propositions, can companies begin to get a hand on
calculating the ROI on SOA. Even then, it may not be possible to understand SOA's true ROI before the
project is complete, because SOA addresses issues of fundamentally unpredictable business changes.
The following key principles are recommended when implementing SOA:
l Document the Business Processes. Be it bottom up or top down, availability of these Business
Process documentation is critical in delivering SOA in its true self instead of say, Web Services
based applications
l Implementation is an evolution – start with a pilot, deliver business value and incrementally add
SOA
on
l SOA Implementation must be based on loosely coupled services that provide the highest
The
flexibility and ongoing cost reduction due to reuse and lower maintenance
l services should have standards compliant interfaces to enable seamless integration and
The
interoperability with other services
l business drives the services, and the services drive the technology
The
l Business agility is a fundamental to SOA
4
2007 Torry Harris Business Solutions, All Rights Reserved
5. 1.1.3 Key Terms of Service-Oriented Architecture
A service is representative of a repeatable business process/task. Services are used to encapsulate the
functional units of an application by providing an interface that is well defined and implementation
independent. Services can be invoked by other services or applications.
Service orientation defines a method of integrating business applications and processes as linked
services.
Service-oriented architecture (SOA) can mean different things to different people depending on the
person's role and context. From a business perspective, SOA defines a set of business services
composed to capture the business design that the enterprise wants to expose internally, as well as its
customers and partners. From an architecture perspective, SOA is an architectural style that supports
service orientation. At an implementation level, SOA is fulfilled using a standards based infrastructure,
programming model and technologies such as Web Services. From an operational perspective, SOA
includes a set of agreements between service consumers and providers that specify the quality of
service, as well as reporting on the key business and IT metrics.
A composite application is a set of related and integrated services that support a business process
built on SOA.
Basic Components of SOA
SOA consists of the following three components:
lService provider
lService consumer
lService registry
Each component can also act as one of the two other components. For instance, if a service provider
needs additional information that it can only acquire from another service, it acts as a service consumer.
Figure 1-1 shows the operations each component can perform.
Service
Registry
Discover 2 1 Publish
Invoke
3
Service Service
Customer Request Response Provider
Figure 1.1 SOA Components
5
2007 Torry Harris Business Solutions, All Rights Reserved
6. The service provider creates a service and in some cases publishes its interface and access information
to a service registry.
The service registry is responsible for making the service interface and implementation access
information available to service consumers.
The service consumer locates entries in the service registry and then binds to the service provider in
order to invoke the defined service.
1.1.4 Test Model
Testing activities such as design, analysis, planning and execution must happen throughout the entire
SOA project life cycle. The V-Model is a suitable test methodology that enforces testing discipline
throughout the project life cycle. The project starts with defining the Business User Requirements. The
V-Model would recommend that the Business Acceptance Test Criteria for these defined requirements
are defined and agreed before moving to the start of the technical design phase. Before moving to the
next phase/level of technical design, the model recommends test criteria defined for that level of
technical requirements, and so on. The V-Model is simply encouraging the project team to continually
determine how they would successfully test the project deliverables.
Figure 1.2 V-Model
The V-Model is a suitable test methodology to deliver SOA projects for the following reasons:
lIt encourages a top-down approach with respect to defining the business process requirements,
high-level functional technical design, security etc.
lIt then encourages a bottom-up test approach – test individual functions within a service, test an
individual service then test a composite set of services through to testing an integrated process and
finally testing a complete business system. SOA is 'loosely' coupled services and that is why a
bottom up test approach is recommended.
The levels reflect different viewpoints of testing on different levels of detail.
l
The V-model encourages testing throughout the entire Software Development Life Cycle.
l
6
2007 Torry Harris Business Solutions, All Rights Reserved
7. 1.1.5 SOA Governance
SOA Governance is about ensuring that each new and existing service conforms to the standards,
policies and objectives of an organization for the entire life of that service.
Why is SOA Governance needed?
SOA Governance plays an increasingly important role in today's challenging business environment. It
provides structure, commitment and support for the development, implementation and management of
SOA, as necessary, to ensure it achieves its objectives.
SOA Governance provides the following benefits:
lRealize business benefits of SOA
lBusiness process flexibility
lImproved time to market
lMaintaining Quality of Service (QoS)
lEnsuring consistency of service
lMeasuring the right things
lCommunicating clearly between businesses
7
2007 Torry Harris Business Solutions, All Rights Reserved
8. 2. SOA Test Methodology
2.1 Traditional Test Approach
Traditional software testing that focused on code-level testing has evolved with Distributed and Web
Service architectures. Web application testing has introduced more testing of business logic through the
application's user interface, which has proved to be critical when deploying new solutions. With SOA, the
need to test the business logic still exists; however, many SOA services will not have a user interface,
which is one of the new challenges to your test organization.
Some of the new SOA Testing challenges are:
lServices that do not have a user interface
l driven business logic within services
Data
lExternal services to the organization
l quality of 'service' software will be vital to promote reuse and facilitate business agility. Services
The
that have known bugs and quality issues will not be reused by the development teams. A significant
increase in testing activities and test assets (functional, performance and security regression suites
that include sophisticated harnesses and stubs) will be required at a service (program) level
lPredicting the future usage of services to assist with performance, load, stress, scalability
lyour SOA evolves, security testing will have a higher priority and profile within your organizations
As
test strategy
In SOA, Services are based on heterogeneous technologies. No longer can we expect to test an
application that was developed by a unified group, as a single project, sitting on a single application
server and delivering through a standardized browser interface. The ability to string together multiple
types of components to form a business process requires unconstrained thinking from an architect's
perspective, and test planning and scheduling complexities from a tester's perspective.
In SOA, application logic is in the middle-tier, operating within numerous technologies, residing outside
the department, or even outside the company.
We know that to test SOA, you need to go far beyond merely testing a user interface or browser screen.
Web Services (WSDL/SOAP) will be an important component for many SOAs, but if you're only testing
Web Services, you are not likely to test the entire technology stack that makes up the application. What
are the transactions happening at the messaging layer? Is the right entry being reflected in the
database? In fact, many perfectly valid SOA applications will house business logic entirely outside of the
Web Services.
To address the above challenges, organizations need to review and enhance their current test
methodology. Many Test Tool vendors have now recognized the new SOA test challenges and have
developed a new breed of tools to help organizations to plan, manage and automate SOA functional,
performance and security testing.
88
2007 Torry Harris Business Solutions, All Rights Reserved
9. 2.1.1 Revised Test Approach for SOA
The governing and design principles of SOA, coupled with the benefits that SOA claims to deliver, will
force changes to organizations' approaches to Software Testing and Quality Assurance. The following
are some of the main reasons for change:
l Test team will require broader set of technical skills:
The
SOA testing will require test teams to have a detailed understanding of the underlying SOA
architecture and technologies. This must include an understanding of Network Security.
lA new breed of tools will be required to assist the test team quickly and accurately link planned test
coverage to:
s Business domain process rules
s Service usage (other processes that reuse the service)
s Technical design specifications
s Configuration and version control
s Security Risk Analysis
The new automated test tools will also have to facilitate non-GUI functional and performance testing
at the service level.
lThe Test team structure will require alignment to business domains (processes) and not by
technologies. This will promote an effective and efficient business risk prioritized test approach at
both the service and business process levels, to ensure that agility and speed to market is not
compromising quality.
lOrganizations will have to invest in developing and maintaining 'Test Assets' for key services –
services should have functional and non-functional regression packs, sophisticated harnesses and
stubs. Services will have to be delivered to the Integration and the UAT test phases with a statement
of Quality that will guarantee performance and security, with well defined and understood functional
test coverage.
A higher level of quality will be required to actively promote and encourage service reuse.
2.2 SOA Test Approach
2.2.1 Purpose
Testing SOA could be viewed as a complex computing problem. With any complex problem, the key is to
break it down into smaller, more manageable components and build quality into these deliverables. The
foundations to successful SOA testing are as follows:
l Equal weighting of testing effort throughout the project life cycle. Many organizations still fail to
recognize the real benefits of static and formal review techniques during the early stages of the
project. Most or all of the testing effort comes too late at the end of the project life cycle. More testing
effort will be required at a service (program) level.
l SOA test team is a blend of business domain and technology experts.
The
9
2007 Torry Harris Business Solutions, All Rights Reserved
10. lDesign the project test approach alongside the project business and technical requirements.
Budget for the Test team to be involved from the start of the project.
lImplement Quality Controls throughout the project life cycle.
lSecurity Testing is not an end of project activity! Design and Plan Security testing from the start of the
project.
l tools are a must!
Test
2.2.2 How Do You Test SOA Architecture?
How do you test SOA architecture? You don't. Instead, you learn how to break down the architecture to
its component parts, working from the most primitive to the most sophisticated, testing each component,
then the integration of the holistic architecture. In other words, you have to divide the architecture into
domains, such as services, security, and governance and test each domain separately using the
recommended approach and tools.
SOA is loosely coupled with complex interdependencies and a SOA testing approach must follow the
same pattern.
Figure 2.1 SOA components
Figure 2.1 represents a model of SOA components and how they're interrelated. The Test team
designing the Project Test approach and plans must have a macro understanding of how all of the
components work independently and collectively.
10
2007 Torry Harris Business Solutions, All Rights Reserved
11. You can categorize SOA testing into the following phases:
l Governance Testing
l Service-component-level testing
l Service-level testing
l Integration-level testing
l Process/Orchestration-level testing
l System-level testing
l Security Testing
2.2.3 Governance Testing
SOA Governance is a key factor in the success of any SOA Implementation. It is also the most 'loosely'
used term, as it covers the entire lifecycle of SOA Implementation – from design to run time to ongoing
maintenance. SOA Governance refers to the Standards and Policies that govern the design, build and
implementation of a SOA solution and the Policies that must be enforced during runtime.
Organizations must have well defined Design, Development, Testing and Security Standards that will
guide and direct SOA implementations. Quality controls and reviews must be implemented throughout
the entire Project life cycle to and processes, to ensure compliance. The appropriate peers must conduct
these reviews and deviations from recommended standards must be agreed by the organization's
Governance team.
The following are examples of SOA Governance Policy types:
l Quality of Service policies on Performance, Security and Transactions
l Regulatory policies – Sarbanes-Oxley
l Business policies – rules
l policies – what events need to be logged, how long must events be kept, etc
Audit
l Infrastructure policies – access, backups, disaster recovery and failover
Test cases will be constructed and executed in all of the project test phases to determine if SOA Policies
are being enforced. SOA policies can be enforced at runtime, by using technologies and/or monitoring
tools.
SOA Governance testing will not be a separate test phase. Testing that SOA Governance is enforced will
take place throughout the project life cycle, through formal peer reviews and different test scenarios that
will be executed during the separate test phases.
2.2.4 Service-component-level Testing
Service-component-level testing or Unit testing, is normally performed by the developers to test that the
code not only successfully compiles, but the basic functionality of the components and functions within a
service are working as specified.
The primary goal of Component testing is to take the smallest piece of testable software in the
11
2007 Torry Harris Business Solutions, All Rights Reserved
12. application, isolate it from the remainder of the code, and determine whether it behaves exactly as you
expect. Each Component is tested separately before integrating it into a service or services.
The following quality and test activities are recommended in this phase/level of testing:
lFormal peer reviews of the code to ensure it complies with organization standards and to identify
any potential performance and security defects or weaknesses
lQuality entry and exit criteria are not only defined for this level of testing, but are achieved before
moving to the next level of testing
2.2.5 Service-level Testing
Service testing will be the most important test level/phase within your SOA Test approach. Today, many
organizations build a program or Web service, perform limited unit testing and accelerate its delivery to
the integration test phase, to allow the test team to evaluate its quality. Service reuse will demand each
service is delivered from this level/phase of testing with a comprehensive statement of quality and even
a Guarantee!
The following quality and test activities are recommended in this phase/level of testing:
lFormal peer reviews of the code to ensure it complies with organization standards and to identify
any potential interoperability, performance and security defects or weaknesses
lFunctional, performance and security regression suites to be executed against the service. This will
require the help of automated test tools and the development of sophisticated harnesses and stubs
lQuality entry and exit criteria are not only defined for this level of testing, but are achieved before
delivering the service to the next level of testing
Service Level testing must ensure that the service is not only meeting the requirements of the current
project, but more importantly, is still meeting the business and operational requirements of the other
processes that are using that service.
2.2.6 Integration-level Testing
The integration test phase will focus on service interfaces. This test phase aims to determine if interface
behaviour and information sharing between the services, are working as specified. The test team will
ensure that all the services delivered to this test phase comply with the defined interface definition, in
terms of standards, format and data validation. Integration testing test scenarios should also 'work' the
layers of communications, the network protocols. This test phase may include testing external services
to your organization.
2.2.7 Process/Orchestration-level Testing
Process/Orchestration testing ensures services are operating collectively as specified. This phase of
testing would cover business logic, sequencing, exception handling and process decomposition
(including service and process reuse).
12
2007 Torry Harris Business Solutions, All Rights Reserved
13. 2.2.8 System-level Testing
System Level testing will form the majority, if not all of the User Acceptance Test phase. This test phase
will test that the SOA technical solution has delivered the defined business requirements and has met
the defined business acceptance criteria. To ensure that this phase/level of testing is targeting only the
key business scenarios of the solution, the business stakeholders and testers must fully understand the
quality and test coverage that has been achieved in previous test phases.
2.2.9 Security Testing
As SOA evolves and grows within your organization, the profile and necessity of Security testing will
increase. Today, many organizations perform an inadequate amount of penetration testing at the very
end of a project. SOA combined with Government and Regulatory compliance, will require Security
testing activities to be incorporated into the entire project life cycle. Section 4 discusses SOA Security
testing in more detail.
2.3 Deliverables based on disciplines and key documentation
Life Cycle processes Deliverables
Test Planning and Control Test Plan/Test Strategy
Test analysis and design Requirements Traceability
document
Test implementation and Test cases, Test Scripts,
execution test data and test logs
Evaluating exit criteria and Status Report/Metrics and
reporting Defect summary Report
Test closure activities Post-mortem document
2.3.1 Test Phases and Test Types
SOA testing will span a number of test phases and test types. The following table summarizes test types
that may be required in the different test phases.
TEST Guiding Backward
Functional Performance Interoperability Compatibility Compliance Security
PHASES Documents
Technical
Component- Design,
Level Testing Program P P P P P P
Phase specification
& Standards
Business
Service- Requirement
Level Testing s, Technical P P - - P P
Phase Design &
Governance
Standards
and Policies
13
2007 Torry Harris Business Solutions, All Rights Reserved
14. TEST Guiding Backward
Functional Performance Interoperability Compatibility Compliance Security
PHASES Documents
Business
Integration & Requirement
Orchestration s, Technical P - P P - P
Testing Phase Design &
Governance
Standards
and Policies
Business
System/ Requirement
Process s, Technical P P P P P P
(User Design &
Acceptance) Governance
Testing Phase Standards
and Policies
2.3.2 Functional Testing
Functional or Black Box testing will determine if a component or a service or the whole system is
operating to specification without reference to the internal technical workings or design. The Business
Requirements and the Higher Level Technical Design definitions are the main inputs to Functional test
case design.
2.3.3 Performance
As SOA grows and evolves over time, and more of the SOA components and services are reused, it will
be critical that each of these components and services have a known performance and capacity under
production loads and how they are scalable.
Organizations must move away from the misguided thought 'that you can only do performance, load and
stress test on a fully integrated technical solution', to performance testing individual services and
components of the SOA architecture. Many of the new SOA test tools support performance testing of
services and components. Services must be delivered to the Integration test phase with tested and
defined performance and capacity statements.
2.3.4 Security
SOA requires security testing to be designed and planned right from the start of the project. Security
testing should be executed throughout the project test phases and not just when the complete system
has been delivered at the end of the life cycle. Section 4 discusses SOA Security testing in more detail.
2.3.5 Interoperability
Interoperability is the ability of a system or a product to work with other systems or products without
special effort on the part of the customer. Services will achieve interoperability by either strictly adhering
to published interface standards or by using a broker service that will convert the data to the format of the
other service interface on the 'fly'.
14
2007 Torry Harris Business Solutions, All Rights Reserved
15. Design-time interoperability testing is not enough. Run-time Interoperability testing is also necessary for
SOA. Comprehensive design-time testing combined with active run-time interoperability behaviour
testing ensures that IT assets can integrate independent of platform, operating system, and
programming language.
2.3.6 Backward Compatibility
Backward compatibility testing will determine if changes to an interface will affect existing users
(otherwise known as service consumers) of the interface. If existing users are unaffected then the
change is backward compatible. If existing users are affected then the change is not backward
compatible, and a solution or strategy will be needed to manage the impact of the change. A service's
interface will at some point have to change. Any change made to an interface must be assessed and
tested for backward compatibility.
2.3.7 Compliance
Governance will be a key factor in successfully implementing SOA. SOA Governance is bound by
Organization Standards and Policies. Compliance testing must be implemented throughout the entire
project life cycle to ensure these Standards and Policies are enforced. Government and Regulatory
Compliance will also demand this type of testing.
15
2007 Torry Harris Business Solutions, All Rights Reserved
16. 3 Regression Strategy
Regression testing is also known as validation testing and provides a consistent, repeatable validation of
each change to services under development or being modified. Each time a defect is fixed, the potential
exists to inadvertently introduce new errors, problems, and defects. An element of uncertainty is
introduced about ability of the service to repeat everything that went right up to the point of failure.
Regression testing is the selective retesting of a service or SOA system that has been modified to ensure
that no previously working services fail as a result of the repairs.
Regression testing doesn't test that a specific defect has been fixed. The purpose of Regression testing
is to ensure the service or system up to the point of repair, has not been adversely affected by the fix.
Organizations must invest in the development and maintenance of functional and non-functional
(performance and security) regression suites. It is recommended that a significant weighting of such
suites should be aimed at key individual services and not just at the fully integrated systems. This will be
essential if true service reuse is to be achieved. Automated test tools will be a key dependency on the
cost effectiveness of executing and maintaining such regression suites.
4 Security Testing
SOA will raise the profile and necessity of Security testing. Many business processes within an
organization will consist of several services, physically located in different parts of the corporate WAN,
updating a number of databases and potentially sharing sensitive data with external organizations. This
will raise the obvious question of “How safe is the data as it navigates a complex internal and external
network?”
Today, many organizations perform Security Penetration testing at the very end of the project life cycle to
cover all software security. Penetration testing is an authorized attempt to breach the security of a
system using intruder and/or worm access techniques. Performing Penetration testing at the end of a
project runs a significant risk of not only finding severe security bugs very late in the day, but also
delivering a system that has an inadequate security design.
As your SOA evolves, your organizations networks will become more complex and it will not be possible
to protect all assets. Security prioritization will be required to protect the most valuable company assets.
Government and Regulatory Compliance, Sarbanes-Oxley, FDIC and FISMA to name but a few,
mandate that organizations regularly test the security of their networks and to provide audit findings. For
these reasons, security analysis and testing must be incorporated into the entire Project Life Cycle.
l Business Requirement definition must include security requirements.
The
l A security risk assessment should be performed during the technical design phases to prioritize and
justify the required security testing.
l Formally review all technical deliverables have been built in accordance to your organizations
defined security standards.
l Penetration security tests can be planned and executed at the component/service level and not just
when a fully integrated system has been delivered.
16
2007 Torry Harris Business Solutions, All Rights Reserved
17. Today, there are many commercial and open source Security test tools available. These tools have
evolved from scanners that report potential security weaknesses to tools that actually execute specific
types of penetration tests. Security tools are required if your organization desires a creditable and
repeatable approach to security testing.
5 User Acceptance Testing
User Acceptance Testing (UAT) is a given when implementing new systems or processes. It is the formal
means by which the new system or process does actually meet the essential business and operational
requirements.
Today, many organizations, for a variety of reasons, only involve the key business stakeholders at the
beginning of the project to define the business requirements and at the end of the project to perform the
Acceptance Testing prior to production implementation. This increases the risk of the users requiring
many tests to be repeated and duplicated during this phase, and finding high severity defects and
missing requirements very late in the project life cycle.
Key Business Stakeholders and Users will need to be more actively involved throughout the entire
project lifecycle. They need to understand how quality and testing is built into the entire project and not
just at the end. They will need to be actively involved and fully understand in detail the increased testing
effort surrounding delivering an individual service into the UAT phase. The User Acceptance Test phase
should be short and targeted to determine if the solution is fit for purpose and not 'let us test everything
again'.
A fundamental principle of SOA is that Business will drive SOA not technology!
The main challenge to the Test team will be to construct 'bridges' to the key Business Users and
Operational stakeholders to ensure their active participation throughout the entire project.
6 Risk Based Testing
As SOA grows and evolves within your organization, with many business processes reusing many
services, it will be possible to define infinite numbers of test scenarios for each SOA project. This is a key
challenge that must be overcome if your organization is to successfully implement SOA and deliver on
the promises.
Many organizations are now adopting a Risk Based Test approach. What is Risk Based Testing? A
simple definition would be that the test scripts and cases planned to be executed, are justified and
prioritized by agreed and understood financial implications to the business on failure and the likelihood
of that failure occurring.
There are many articles and information available on Risk Based Testing. This paper does not intend to
discuss the topic in detail. This paper is simply recommending that when designing and planning the test
scripts and cases within each of the test phases outlined in this paper, that they are justified and
prioritized by a defined risk to the project delivery and/or to the business when the solution is
implemented.
17
2007 Torry Harris Business Solutions, All Rights Reserved
18. 7 Offshore onsite model
The Onsite-Offshore Test Model is the most frequently used model, to deliver offshore cost savings to
clients, without compromising on the quality of project deliverables. This model will offer real solutions to
the new challenges of SOA testing. As stated in earlier sections, SOA will require significant test effort
and activity at a service level. The principle reason behind this statement is that the service is to be
reused. If a service has known defects and quality issues, then it will probably not be selected for reuse
by the development teams.
SOA will demand that individual services are delivered to the Integration and User Acceptance Test
phases with statements of qualities and guarantees on business functionality, performance and security.
The following lists the main reasons why offshore testing could be the simple answer to this challenge:
l significant cost savings offered by the offshore model promotes long term partnerships that will
The
improve the quality and efficiencies of the testing service
l abundance of professionally certified and technically skilled testing professionals that will be
The
essential to building all the required test assets to perform all aspects of service level testing
l Offshore companies operate at SEI CMM level 5
l offshore model can offer 'follow the sun' engagements that could help with Time to Market and
The
business agility demands
The following diagram provides an overview of the typical onsite offshore test model. Typically, the
project est. planning and requirement gathering are executed onsite at the client's location.
Figure 8.1 Onsite-Offshore Test Model
18
2007 Torry Harris Business Solutions, All Rights Reserved
19. A small onsite team will work at the customer's location while a larger team is deployed at the offshore
centre. The onsite team provides an interface with the client and coordinates the offshore work. The
offshore team acts as a virtual extension of the onsite project team to execute test cases and report
defects.
8 Test tools and usage
As stated previously in this paper, SOA requires a comprehensive test tool strategy. The following
section gives a brief overview of the main Vendor and Open Source tools that offer benefits to SOA
testing.
8.1 Commercial Products
8.1.1 Green Hat GH Tester
This is a graphical tool for testing message-based systems. It can be used to publish and subscribe
easily to a wide range of protocols including JMS, SOAP and products like SONIC MQ and TIBCO RV. Its
powerful test suite can be used to quickly create test stubs for adapters still under construction, and
enable users to continue design and implementation of workflows without waiting for the real adapters.
8.1.2 Mercury
Mercury provides a suite of products - Quick Test, Service Test, Load Runner and Mercury Quality
Centre. These together provide a solution for SOA functional test and regression test automation as well
as performance testing. Built with Mercury's industry-leading Mercury Load Runner technology, it can
greatly reduce testing time and help ensure that services will meet the functional and performance
requirements of the business before being deployed into production.
More recently Mercury has acquired the Systinet Corporation. Systinet has brought significant expertise
in SOA technologies and governance to the Mercury product offering.
8.1.3 Parasoft SOAtest
This is an automated Web Services testing product that allows users to verify all aspects of a Web
Service. SOAtest supports WSDL validation, client/server unit and functional testing and performance
testing. SOAtest addresses key Web Services and SOA development issues such as interoperability,
security, change management, and scalability.
8.1.4 AdventNet QEngine
This is a complete Web-based test automation tool that supports functional and performance testing of
Web applications and Web Services. The tool is developed using Java, which facilitates portability and
multiple platform support (Windows and Linux).
19
2007 Torry Harris Business Solutions, All Rights Reserved
20. 8.1.5 Borland SilkPerfomer SOA edition
This is an automated Web Services test tool that supports functional and performance testing of services
and interoperability functional and performance testing between services.
8.1.6 LISA WS – Testing
LISA WS-Testing is a fully functional, no-code Web Services test authoring and execution solution that
both developers and QA/Business teams can use. The solution supports all of the current protocols and
unit/functional/regression tests you need to build and launch thorough test workflows against your
WSDL and SOAP objects.
8.2 Open Source Products
8.2.1 SOAP UI
SoapUI is a desktop application for inspecting, invoking and developing Web services over HTTP. The
tool also supports functional, load and compliance testing. Functional and Load Testing can be
performed manually using the soapUI and automatically using the soapUI command-line features.
8.2.2 PushToTest TESTMAKER
TestMaker is an open-source utility and framework to build and use intelligent test agents to check Web-
enabled applications for scalability, functionality and performance. TestMaker test agents implement
user behaviour to drive a Web-enabled application as a real user would. TestMaker is a flexible, powerful
central place to measure an application's ability to enable a user to achieve their goals.
9 Conclusion
The Service-Oriented Architecture (SOA) vision is everywhere, garnering almost universal acceptance
among vendors and customers alike. The promise of business and IT alignment has undeniable appeal,
and organizations are in various stages of SOA planning and adoption.
This paper has outlined a number of recommendations that will ensure a successful approach to SOA
testing. The following summarizes the key recommendations:
lDesign your SOA project test approach alongside the definition of business requirements and high-
level technical design. Ensure the test teams are involved right from the start.
lStatic test techniques such as formal inspections are a must to ensure the business requirements
and technical designs are defined to standards and are complete. Strong governance and
disciplines are essential to successfully delivering SOA.
l is driven by business and not technology. The test team will have to ensure the key business
SOA
stakeholders and users are actively involved throughout the project life cycle and not just at the start
and the end.
l Test team must be aligned to business domains not technologies. This will enable a successful
The
20
2007 Torry Harris Business Solutions, All Rights Reserved
21. implementation of a Risk Based approach to testing. The test team must also be technical and be
able to 'white box' test the entire SOA platform.
lSecurity assessment and testing must take place throughout the entire project life cycle.
lMany organizations will need to perform a 'leap of faith'. The majority of testing activities now need to
be performed during the business requirements analysis, design and service build phases. To
achieve delivery agility and true service reuse, each individual service must be delivered to the
Integration and UAT test phases with well-defined functional test coverage and guarantees on
performance, scalability and security. Simply put, services must come with a Quality statement!
l Tools are now a must. Organizations must invest appropriately in a test tool strategy.
Test
You should not be surprised that many of the recommendations outlined in this paper are not new. Many
of them are already defined as best practices. SOA demands strong governance, well-defined
standards, processes and disciplines. If Quality is at the heart of your SOA, then the promises of SOA will
be delivered.
Torry Harris Business Solutions Inc, a US based services provider with a large base of
technologists located in the UK, India and China has provided cost effective solutions at a design,
development and support level to a variety of enterprise clients across the world since 1998. The
company specializes in integration, distributed computing, and its focus on SOA is a result of
nearly a decade of expertise gathered in the middleware space. The company has partnerships
with almost all the leading SOA and integration product vendors. SOA, involving the creation of
autonomous parts of a solution, lends itself admirably to the cost effective model of offshore
service collaboration. A separate white paper entitled “SOA Implementation with an offshore
partner” available for download, explores this model in a more detailed manner. Further
information about the company and a variety of white papers on SOA are available at
www.thbs.com/soa.
For more information, write to us at soa@thbs.com.
Torry Harris
21
2007 Torry Harris Business Solutions, All Rights Reserved