Slides for Agile Testers Conference 2018
Technology Based Testing by Alan Richardson
What do you learn if you want to test 'beyond the acceptance criteria'? Technical risk based testing can help. In this case I'm going to use the phrase Technical Testing to cover: "identify technology based risks to drive testing". This thought process can help us make informed decisions about the scope of exploratory testing we will carry out. It also helps focus your studies on the technical knowledge appropriate for the project you are testing.
## Blurb
This requires:
- understanding of the technology
- risk identification
- tools applicable to the technology
This presentation will use a simple example to demonstrate that:
- Even simple technology can pose risk
- Combining simple technology can increase risk
- Understanding technology allows us to evaluate risk
* http://www.eviltester.com
* http://www.compendiumdev.co.uk
* https://twitter.com/eviltester
How to Improve Your Technical Test Ability - AADays 2015 KeynoteAlan Richardson
We often work on improving the testability of an application to better support our testing. And what if, in addition to this, we actively improved our "Test Ability"? Because then we can take advantage of the new and existing application features during our testing. Alan will describe the steps he has taken to improve his Test Ability. The main examples will be drawn from his experience of testing web and HTTP based applications. Alan will explain how you can use the inbuilt browser features to help you, and describe add-ons you can use. Also, how you can chain external tools like sniffers and proxies, and why you would want to. Because, and this is more important than the individual tool examples, Alan will describe how he models an application to identify gaps in his knowledge and tooling, and then improves his Technical Test Ability by filling those gaps.
What does Technical Testing mean? For Alan, it means going beyond requirements and using Technical Information about the implementation and an understanding of the technologies used in the building of the system to add to the risk profile and use to help derive test approaches. Using Web Testing as an example we explain how approaching testing from a technical perspective changes how you view the system and how you test. Also explained, how a technical understanding leads to a different use of tooling an automation. This webinar presented 1st April 2015 to Tabara De Testare
Risk Mitigation Using Exploratory and Technical Testing - QASymphony Webinar ...Alan Richardson
A Webinar on Risk Analysis and Management, Exploratory Testing, and Technical Testing.
I want to get across the model that I have for risks, which is that risks are “beliefs” and a result of our beliefs. We believe some things will go wrong more than others. And because our beliefs are limited but the range of risks is not, we need to somehow go beyond our beliefs and look at tools and processes for doing that.
Also we know that risk is important for testing. What I want to do in this talk is present risk as the underpinning and driving force behind everything we do in testing.
You can use risk to justify the stuff that you do as a tester. And you can use risk to derive your test scope as well as your test process.
Add More Security To Your Testing and Automating - Saucecon 2021Alan Richardson
Presented at SauceCon 2021, April.
More details: https://www.eviltester.com/conference/saucecon2021_conference/
Security Testing is a highly technical set of skills, covering a wide domain of knowledge that can take a long time to learn and gain proficiency. We already have enough to learn with Software Testing and even more when we add in Automating. So are there any simple ways to increase the scope of what we already do, that provide more insight into the security of our application? Answer: Yes. And in this talk we will cover practical steps, dos and don’ts to add some Security focus fast, without spending years learning how to Hack applications.
Black Ops Testing Workshop from Agile Testing Days 2014Alan Richardson
At Agile Testing Days 2014. Steve Green, Tony Bruce and Alan Richardson hosted a double track Black Ops Testing workshop, where Redmine was the target application.
Find out more about the Black Ops Testing Team: http://blackopstesting.com/page/about.html
# Automating Pragmatically
Testival Meetup 20190604
## Alan Richardson
- EvilTester.com
- @EvilTester
- compendiumdev.co.uk
- digitalonlinetactics.com
---
~~~~~~~~
Title: Automating Pragmatically
The online discussions of automating can leave me confused.
- Should you automate through the GUI?
- Should GUI automating be banned?
- Do all testers need to code? Is automating part of testing
or not?
- Do we need to automate to get a job?
In this short session Alan will discuss automating
from a pragmatic and contextual position and
share how he thinks about automating.
~~~~~~~~
Slides for Automation Guild 2016 Conference
If you want to automate, you learn to code, and you learn to code well.
“Automate” doesn’t mean “Automate Testing” it means “Automate part of your test process”.
You need to learn to code to do that with the most options open to you.
We’ll look at some ‘we do this alot’ and ‘we want to automate’ activities which we can use tools for. But we’ll also see that we are limited by the tools.
When we code, we can do a lot with minimum code, and gain a lot more flexibility.
Then we’ll cover how to think about learning to code.
solve a problem quickly (automate tactically)
solve a problem for the long term (automate strategically)
To work strategically we need to learn:
to code well,
understand refactoring,
libraries vs frameworks,
abstractions,
etc.
This talk isn’t just for beginners, we’ll cover stuff that should make it useful for the experts in the audience.
We’ll cover a lot in 45 mins, with code examples and tool examples, and I’ll make it all pretty practical.
For more details visit:
https://www.compendiumdev.co.uk/page/tag2017
How to Improve Your Technical Test Ability - AADays 2015 KeynoteAlan Richardson
We often work on improving the testability of an application to better support our testing. And what if, in addition to this, we actively improved our "Test Ability"? Because then we can take advantage of the new and existing application features during our testing. Alan will describe the steps he has taken to improve his Test Ability. The main examples will be drawn from his experience of testing web and HTTP based applications. Alan will explain how you can use the inbuilt browser features to help you, and describe add-ons you can use. Also, how you can chain external tools like sniffers and proxies, and why you would want to. Because, and this is more important than the individual tool examples, Alan will describe how he models an application to identify gaps in his knowledge and tooling, and then improves his Technical Test Ability by filling those gaps.
What does Technical Testing mean? For Alan, it means going beyond requirements and using Technical Information about the implementation and an understanding of the technologies used in the building of the system to add to the risk profile and use to help derive test approaches. Using Web Testing as an example we explain how approaching testing from a technical perspective changes how you view the system and how you test. Also explained, how a technical understanding leads to a different use of tooling an automation. This webinar presented 1st April 2015 to Tabara De Testare
Risk Mitigation Using Exploratory and Technical Testing - QASymphony Webinar ...Alan Richardson
A Webinar on Risk Analysis and Management, Exploratory Testing, and Technical Testing.
I want to get across the model that I have for risks, which is that risks are “beliefs” and a result of our beliefs. We believe some things will go wrong more than others. And because our beliefs are limited but the range of risks is not, we need to somehow go beyond our beliefs and look at tools and processes for doing that.
Also we know that risk is important for testing. What I want to do in this talk is present risk as the underpinning and driving force behind everything we do in testing.
You can use risk to justify the stuff that you do as a tester. And you can use risk to derive your test scope as well as your test process.
Add More Security To Your Testing and Automating - Saucecon 2021Alan Richardson
Presented at SauceCon 2021, April.
More details: https://www.eviltester.com/conference/saucecon2021_conference/
Security Testing is a highly technical set of skills, covering a wide domain of knowledge that can take a long time to learn and gain proficiency. We already have enough to learn with Software Testing and even more when we add in Automating. So are there any simple ways to increase the scope of what we already do, that provide more insight into the security of our application? Answer: Yes. And in this talk we will cover practical steps, dos and don’ts to add some Security focus fast, without spending years learning how to Hack applications.
Black Ops Testing Workshop from Agile Testing Days 2014Alan Richardson
At Agile Testing Days 2014. Steve Green, Tony Bruce and Alan Richardson hosted a double track Black Ops Testing workshop, where Redmine was the target application.
Find out more about the Black Ops Testing Team: http://blackopstesting.com/page/about.html
# Automating Pragmatically
Testival Meetup 20190604
## Alan Richardson
- EvilTester.com
- @EvilTester
- compendiumdev.co.uk
- digitalonlinetactics.com
---
~~~~~~~~
Title: Automating Pragmatically
The online discussions of automating can leave me confused.
- Should you automate through the GUI?
- Should GUI automating be banned?
- Do all testers need to code? Is automating part of testing
or not?
- Do we need to automate to get a job?
In this short session Alan will discuss automating
from a pragmatic and contextual position and
share how he thinks about automating.
~~~~~~~~
Slides for Automation Guild 2016 Conference
If you want to automate, you learn to code, and you learn to code well.
“Automate” doesn’t mean “Automate Testing” it means “Automate part of your test process”.
You need to learn to code to do that with the most options open to you.
We’ll look at some ‘we do this alot’ and ‘we want to automate’ activities which we can use tools for. But we’ll also see that we are limited by the tools.
When we code, we can do a lot with minimum code, and gain a lot more flexibility.
Then we’ll cover how to think about learning to code.
solve a problem quickly (automate tactically)
solve a problem for the long term (automate strategically)
To work strategically we need to learn:
to code well,
understand refactoring,
libraries vs frameworks,
abstractions,
etc.
This talk isn’t just for beginners, we’ll cover stuff that should make it useful for the experts in the audience.
We’ll cover a lot in 45 mins, with code examples and tool examples, and I’ll make it all pretty practical.
For more details visit:
https://www.compendiumdev.co.uk/page/tag2017
In this talk I'm going to focus on the technical aspects of 'test automation', using examples of approaches from a variety of Agile projects where we automated APIs, and GUIs. You'll learn about the use of abstractions and how to think about modeling the system in code to support automating it. Also how to use these abstractions to support stress testing, exploratory testing, ongoing CI assertions and the testing process in general. I'll also discuss the different styles of coding used to support automating tactically vs automating strategically.
Much of the automating we do to support testing involves detecting change. Once our tests pass, they fail when the system changes and the automated execution alerts us to the change. There are other ways that automating can help us.
The slides for the Oredev 2014 talk "confessions of an accidental Security Tester" - describing the various approaches and bad habits that I use, which allow me to stumble on to security problems.
Automating Strategically or Tactically when TestingAlan Richardson
"Test Automation" can be viewed as strategic or tactical.
This presentation describes reasons for making this distinction and how you know if you are working strategically or tactically when you automate as part of your test approach.
Automating Tactically vs Strategically SauceCon 2020Alan Richardson
One of the biggest concepts that has made a difference to my programming and automating in recent years is the concept of “Tactical vs. Strategic.” Automating tactically might be for a specific purpose, possibly small, possibly a bit rough around the edges, not necessarily completely robust for everyone, etc. And Strategic automation is more critical to long-term aims, maintained and maintainable, etc.
In this talk, Alan Richardson will provide examples of automating both Strategically and Tactically for activities as diverse as supporting testing, marketing and general life. We will also consider how and when to move from automating tactically to strategically, and how the concept has helped me change my programming style and how to write better code.
DevFest 14th Dec 2019 Bishkek
- Alan Richardson
https://www.eviltester.com/conference/devfestbishkek2019_conference
- EvilTester.com
- @EvilTester
- CompendiumDev.co.uk
---
Have you ever wondered how other people test applications? Not in theory, but in practice? What thought processes are used? How did they model the application? What tools were used? How did they track the testing? That's what this talk is all about. This talk will be based on a short Case Study of testing an open source web application. Why open source? Because then there is no commercial confidentiality about the process, tools or thought processes.
---
Alan will explain his thought processes, coverage, approaches, tools used, risks identified and results found. And generalise from this into reusable models and principles that can be applied to your testing. This covers the What?, and the Why? of practical exploratory web testing.
Test Bash Netherlands Alan Richardson "How to misuse 'Automation' for testing...Alan Richardson
We often hear about how ‘test automation’ can go wrong, which is all fine and dandy for the pessimists in the audience, and balancing feel good positive case studies exist for the optimists. But what about the anarchists? What about the rule breakers? What about the pragmatists? In this talk Alan will explain how to ‘misuse’ the ‘automation’ tools you’ve heard so much about, because you need to get things done. You’ve no doubt heard that ‘Cucumber is not a test tool’, and you’ve no doubt noticed that people use Cucumber during their testing. It’s misuse cases like this that we will celebrate, and as a bonus, you’ll learn what Cucumber ‘really' is. We’ll look at other tools; to find out their true nature and how you can turn it to your personal advantage. To further groom you for success, we’ll explain the mental models which give you guilt free flexibility in your approach. If you’ve ever wanted an ‘expert’ to quote to give you permission to use the tools how you want, this is the talk for you.
I'm going to be talking about finding the 'essence' of the tool, rather than what everyone 'says' about it, and that can lead to a radical overhaul in your beliefs and usage of the specific tool.
I blogged about my slide creation process for the conference, and there are some sneak peaks of some possible content in there are well.
http://blog.eviltester.com/2016/10/a-case-study-in-creating-conference.html
Slides from the Selenium Clinic Tutorial from Eurostar 2012 hosted by Simon Stewart and Alan Richardson. The tutorial was awarded "Best Tutorial" at the conference.
The reference slides were excerpted from Alan Richardson's online WebDriver course hosted at Udemy.
http://www.udemy.com/selenium-2-webdriver-basics-with-java/
My aim here is to tell you that I learned to work with Agility rather than work with the Agile Rituals and Definitions. And I learned to trust that working with Agility trumps Rituals and Definitions the hard way. Because sticking to rituals and definitions led to rigidity, rather than agility.
And then "What does testing look like when you adopt that mindset?"
In this presentation you will short cut your learning on the topic of Agility, so you understand "What does testing look like when you adopt an Agility mindset?". Applying this mind set naturally leads to incorporating exploratory testing, technical testing, automated execution, end to end testing and risk. Adopting this mindset allows you to fit into any Agile Software Development project and create a customized testing approach that works.
Keynote at the internal Rabobank Testing Conference on Feb 15th 2018 in Utrecht.
https://www.compendiumdev.co.uk/page/rabobank201802
FAQ - why does my code throw a null pointer exception - common reason #1 Rede...Alan Richardson
A common reason for Null Pointer Exceptions in Java is a variable redeclaration instead of instantiation. Learn what that means, how to avoid it, and how to spot it, in this presentation.
Read the full blog post: http://testerhq.com/post/blogs/javafortesters/2017-08-29-faq-null-pointer-exception/
Visit my Java Web Site: http://javafortesters.com
---
# FAQ - why does my code throw a null pointer exception - common reason #1 Redeclaration
- Using `@BeforeClass` or `@Before` can setup data for use in tests
- Any 'variables' we instantiate need to be 'fields' rather than variables
- We want to instantiate them in the setup method rather than redeclare them
---
# Example of the Problem
I know I will use an `Adder` in my test so I create it as a field:
~~~~~~~~
public class WhyCodeThrowsNullPointerExceptionTest {
Adder adder;
~~~~~~~~
I don't want to re-instantiate it each time so I make an `@BeforeClass` method to instantiate it:
~~~~~~~~
@BeforeClass
public static void setupAdder(){
Adder adder = new Adder();
}
~~~~~~~~
**Warning: Error in the above code**
---
# Semantic Error
I just made a Semantic coding error. This won't be caught by a compiler, but it will cause my `@Test` to fail with a Null Pointer Exception.
In the setup method I really wanted to assign a value to the field, instead I created an new variable with the same name.
# In General
- Try to write one test at a time so that if you have a problem it is easier to identify where the problem is
- Try to write working isolated tests and then refactor to a more general solution when you need it - that way, you know it was working, so you just have to work backwards to find out what went wrong
- Try to use automated IDE refactoring rather than move code around manually
- Use the IDE syntax highlighting to help spot any issues
Lessons Learned in a Continuously Developing Service-Oriented Architecturemdwheele
The goal of this presentation is to highlight the successes in applying modern development practices that tend to be regarded as “too much overhead” for small development teams. I was one of those nay-sayers. This presentation is a journey in moving an overburdened development team into a more efficient environment where regular progress is made and realistic expectations in timelines become possible. I plan to cover topics such as agile project management, application design strategies, version control, unit testing, and all the reasons why these globally common practices are well worth buy-in at a developer and managerial level. Given time constraint on presentation length, the depth of technical discussion will be relatively shallow. As I progress through the talk, I plan to use a recent development project for illustrative purposes. By not diving too deep, the discussion can instead focus more on proving that these processes do have real return on investment for developers and project managers alike.
Re-thinking Test Automation and Test Process Modelling (in pictures)Alan Richardson
- Why do we talk about Test Automation the way we do?
- Why do we talk about 100% Test Automation?
- How do we model automation as part of our Test Process?
- How does Testing provide information?
- Why was a Waterfall Test Process Different from an Agile Process?
- Why, in reality, both processes are fundamentally the same.
- How we modelled "Test Automation" incorrectly, and an alternative way to model it.
Read the associated blog post at http://blog.eviltester.com/2017/09/rethinking-test-process-automation-modelling.html
In this talk I'm going to focus on the technical aspects of 'test automation', using examples of approaches from a variety of Agile projects where we automated APIs, and GUIs. You'll learn about the use of abstractions and how to think about modeling the system in code to support automating it. Also how to use these abstractions to support stress testing, exploratory testing, ongoing CI assertions and the testing process in general. I'll also discuss the different styles of coding used to support automating tactically vs automating strategically.
Much of the automating we do to support testing involves detecting change. Once our tests pass, they fail when the system changes and the automated execution alerts us to the change. There are other ways that automating can help us.
The slides for the Oredev 2014 talk "confessions of an accidental Security Tester" - describing the various approaches and bad habits that I use, which allow me to stumble on to security problems.
Automating Strategically or Tactically when TestingAlan Richardson
"Test Automation" can be viewed as strategic or tactical.
This presentation describes reasons for making this distinction and how you know if you are working strategically or tactically when you automate as part of your test approach.
Automating Tactically vs Strategically SauceCon 2020Alan Richardson
One of the biggest concepts that has made a difference to my programming and automating in recent years is the concept of “Tactical vs. Strategic.” Automating tactically might be for a specific purpose, possibly small, possibly a bit rough around the edges, not necessarily completely robust for everyone, etc. And Strategic automation is more critical to long-term aims, maintained and maintainable, etc.
In this talk, Alan Richardson will provide examples of automating both Strategically and Tactically for activities as diverse as supporting testing, marketing and general life. We will also consider how and when to move from automating tactically to strategically, and how the concept has helped me change my programming style and how to write better code.
DevFest 14th Dec 2019 Bishkek
- Alan Richardson
https://www.eviltester.com/conference/devfestbishkek2019_conference
- EvilTester.com
- @EvilTester
- CompendiumDev.co.uk
---
Have you ever wondered how other people test applications? Not in theory, but in practice? What thought processes are used? How did they model the application? What tools were used? How did they track the testing? That's what this talk is all about. This talk will be based on a short Case Study of testing an open source web application. Why open source? Because then there is no commercial confidentiality about the process, tools or thought processes.
---
Alan will explain his thought processes, coverage, approaches, tools used, risks identified and results found. And generalise from this into reusable models and principles that can be applied to your testing. This covers the What?, and the Why? of practical exploratory web testing.
Test Bash Netherlands Alan Richardson "How to misuse 'Automation' for testing...Alan Richardson
We often hear about how ‘test automation’ can go wrong, which is all fine and dandy for the pessimists in the audience, and balancing feel good positive case studies exist for the optimists. But what about the anarchists? What about the rule breakers? What about the pragmatists? In this talk Alan will explain how to ‘misuse’ the ‘automation’ tools you’ve heard so much about, because you need to get things done. You’ve no doubt heard that ‘Cucumber is not a test tool’, and you’ve no doubt noticed that people use Cucumber during their testing. It’s misuse cases like this that we will celebrate, and as a bonus, you’ll learn what Cucumber ‘really' is. We’ll look at other tools; to find out their true nature and how you can turn it to your personal advantage. To further groom you for success, we’ll explain the mental models which give you guilt free flexibility in your approach. If you’ve ever wanted an ‘expert’ to quote to give you permission to use the tools how you want, this is the talk for you.
I'm going to be talking about finding the 'essence' of the tool, rather than what everyone 'says' about it, and that can lead to a radical overhaul in your beliefs and usage of the specific tool.
I blogged about my slide creation process for the conference, and there are some sneak peaks of some possible content in there are well.
http://blog.eviltester.com/2016/10/a-case-study-in-creating-conference.html
Slides from the Selenium Clinic Tutorial from Eurostar 2012 hosted by Simon Stewart and Alan Richardson. The tutorial was awarded "Best Tutorial" at the conference.
The reference slides were excerpted from Alan Richardson's online WebDriver course hosted at Udemy.
http://www.udemy.com/selenium-2-webdriver-basics-with-java/
My aim here is to tell you that I learned to work with Agility rather than work with the Agile Rituals and Definitions. And I learned to trust that working with Agility trumps Rituals and Definitions the hard way. Because sticking to rituals and definitions led to rigidity, rather than agility.
And then "What does testing look like when you adopt that mindset?"
In this presentation you will short cut your learning on the topic of Agility, so you understand "What does testing look like when you adopt an Agility mindset?". Applying this mind set naturally leads to incorporating exploratory testing, technical testing, automated execution, end to end testing and risk. Adopting this mindset allows you to fit into any Agile Software Development project and create a customized testing approach that works.
Keynote at the internal Rabobank Testing Conference on Feb 15th 2018 in Utrecht.
https://www.compendiumdev.co.uk/page/rabobank201802
FAQ - why does my code throw a null pointer exception - common reason #1 Rede...Alan Richardson
A common reason for Null Pointer Exceptions in Java is a variable redeclaration instead of instantiation. Learn what that means, how to avoid it, and how to spot it, in this presentation.
Read the full blog post: http://testerhq.com/post/blogs/javafortesters/2017-08-29-faq-null-pointer-exception/
Visit my Java Web Site: http://javafortesters.com
---
# FAQ - why does my code throw a null pointer exception - common reason #1 Redeclaration
- Using `@BeforeClass` or `@Before` can setup data for use in tests
- Any 'variables' we instantiate need to be 'fields' rather than variables
- We want to instantiate them in the setup method rather than redeclare them
---
# Example of the Problem
I know I will use an `Adder` in my test so I create it as a field:
~~~~~~~~
public class WhyCodeThrowsNullPointerExceptionTest {
Adder adder;
~~~~~~~~
I don't want to re-instantiate it each time so I make an `@BeforeClass` method to instantiate it:
~~~~~~~~
@BeforeClass
public static void setupAdder(){
Adder adder = new Adder();
}
~~~~~~~~
**Warning: Error in the above code**
---
# Semantic Error
I just made a Semantic coding error. This won't be caught by a compiler, but it will cause my `@Test` to fail with a Null Pointer Exception.
In the setup method I really wanted to assign a value to the field, instead I created an new variable with the same name.
# In General
- Try to write one test at a time so that if you have a problem it is easier to identify where the problem is
- Try to write working isolated tests and then refactor to a more general solution when you need it - that way, you know it was working, so you just have to work backwards to find out what went wrong
- Try to use automated IDE refactoring rather than move code around manually
- Use the IDE syntax highlighting to help spot any issues
Lessons Learned in a Continuously Developing Service-Oriented Architecturemdwheele
The goal of this presentation is to highlight the successes in applying modern development practices that tend to be regarded as “too much overhead” for small development teams. I was one of those nay-sayers. This presentation is a journey in moving an overburdened development team into a more efficient environment where regular progress is made and realistic expectations in timelines become possible. I plan to cover topics such as agile project management, application design strategies, version control, unit testing, and all the reasons why these globally common practices are well worth buy-in at a developer and managerial level. Given time constraint on presentation length, the depth of technical discussion will be relatively shallow. As I progress through the talk, I plan to use a recent development project for illustrative purposes. By not diving too deep, the discussion can instead focus more on proving that these processes do have real return on investment for developers and project managers alike.
Re-thinking Test Automation and Test Process Modelling (in pictures)Alan Richardson
- Why do we talk about Test Automation the way we do?
- Why do we talk about 100% Test Automation?
- How do we model automation as part of our Test Process?
- How does Testing provide information?
- Why was a Waterfall Test Process Different from an Agile Process?
- Why, in reality, both processes are fundamentally the same.
- How we modelled "Test Automation" incorrectly, and an alternative way to model it.
Read the associated blog post at http://blog.eviltester.com/2017/09/rethinking-test-process-automation-modelling.html
Keeping security top of mind while creating standards for engineering teams following the DevOps culture. This talk was designed to show off how easily it is to automate security scanning and to be the developer advocate by showing the quality of development work. We will cover some high-level topics of DevSecOps and demo some examples DevOps team can implement for free.
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio
This document advertises the PVS-Studio static analyzer. It describes how using PVS-Studio reduces the number of errors in code of C/C++/C++11 projects and costs on code testing, debugging and maintenance. A lot of examples of errors are cited found by the analyzer in various Open-Source projects. The document describes PVS-Studio at the time of version 4.38 on October 12-th, 2011, and therefore does not describe the capabilities of the tool in the next versions. To learn about new capabilities, visit the product's site http://www.viva64.com or search for an updated version of this article.
In the agile, lean, devops communities people talk about improving security by "shifting left". Patterns and tools are emerging, or re-emerging, that make security less of a pain in the development process while also making applications more secure.
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...Andrey Karpov
A Zero-day (0-day) vulnerability is a computer-software vulnerability introduced during the development process and not yet discovered by the developers. Zero-day vulnerabilities can be exploited by hackers, thus affecting the company's reputation. Developers should seek to minimize the number of defects leading to such vulnerabilities. PVS-Studio, a static code analyzer for C, C++, C#, and Java code, is one of the tools capable of detecting security issues.
Static Analysis: From Getting Started to IntegrationAndrey Karpov
Sometimes, tired of endless code review and debugging, you start wondering if there are ways to make your life easier. After some googling or merely by accident, you stumble upon the phrase, "static analysis". Let's find out what it is and how it can be used in your project.
== Abstract ==
Presented at Analysis of Security APIs
Satellite workshop of IEEE CSF
July 13th 2015, Verona, Italy
http://www.dsi.unive.it/~focardi/ASA8/#program
Browsers HTML sandbox is, by default, only protected by the "Same Origin Policy". Although this simple constraint gave companies a very flexible environment to play with, and was probably one of the key features that led the Web to success as we see it now, it is quite unsatisfactory from a security perspective. In fact, this solution does not face the problem of letting third party code access the whole data in the DOM when explicitly loaded and executed by the browser. This behaviour opens the door to malicious third party code attacks that can be achieved using either Cross Site Scripting (OWASP Top Ten Security risk #1 for many years) or second order attacks, such as malvertising software. In the past, several attempts to sandbox untrusted code have been made. In this talk we will focus on successes and failures of the most interesting open source sandboxing browser techniques.
Web application vulnerabilities involve a system flaw or weakness in a web-based application. They have been around for years, largely due to not validating or sanitizing form inputs, misconfigured web servers, and application design flaws, and they can be exploited to compromise the application's security.
During a recent webinar, Lewis Ardern, senior security consultant presented "OWASP Top 10 for JavaScript Developers."
19_10_EMEA_WB_Owasp Top 10 for Java Script Developers With the release of the OWASP Top 10 2017, we saw new contenders for the most critical security issues in the web application landscape. Much of the OWASP documentation concerning issues, remediation advice, and code samples focuses on Java, C++, and C#. However, it doesn’t give much attention to JavaScript. JavaScript has drastically changed over the last few years with the release of Angular, React, and Vue, alongside the growing use of Node.js and its libraries and frameworks. This talk will introduce you to the OWASP Top 10 by explaining JavaScript client and server-side vulnerabilities.
For more information, please visit our website at www.synopsys.com/standards
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar NikaleAgile Testing Alliance
Avishkar Nikale who is Senior Technical Architect at LTI took a Session on "DevSecOps with GitLab" at Global Testing Retreat #ATAGTR2019
Please refer our following post for session details:
https://atablogs.agiletestingalliance.org/2019/12/06/global-testing-retreat-atagtr2019-welcomes-avishkar-nikale-as-our-esteemed-speaker/
The recording in https://eviltester.com/talks has:
- longer practice session recording
- live recording - local recording better quality
- 8 bonus recordings with an extra hour of material
- will automation take over
- impact of buzzwords
- how to cope with trends
- contextual problem solving
- information about the references
- exercises
- behind the scenes look at how the talk was prepared and tools used
- transcripts
- subtitles
Secrets and Mysteries of Automated Execution Keynote slidesAlan Richardson
Test Automation, Programming Automation, Automated Execution. This presentations contains some high level models, abstractions and approaches for effective, non-flakey and maintainable automation.
https://www.eviltester.com
Joy of Coding Conference 2019 slides - Alan RichardsonAlan Richardson
Adventures in Testing, Programming, Teaching, Automating and Marketing
When you already know how to code, it's easy to forget how hard some of that learning was... until you have to teach people. And if all you've ever built are applications, you don't know really know the nuances of writing code to automate them. And if you've written the code but never had to market the applications then you've not really experienced the full joy of coding.
In this presentation Alan will revisit many of his past projects to identify lessons learned. Lessons from: writing commercial and open source tools, multi-user adventure games, REST APIs, test automation, automating applications to make them do things they are not supposed to do, and coding for technical marketing.
Some lessons we will learn:
* The 'install' is the hardest part
* Writing frameworks is too much fun and should be banned
* Applications are just "code calling other libraries"
* Writing a Text Adventure s the most fun and educational thing you'll ever code
* The Dangers of knowing how to code
We will also learn the dangers of knowing how to code and discover how our coding skills can give us an edge, in business and online live in general, if we choose to harness our skills to improve our daily experiences.
Programming katas for Software Testers - CounterStringsAlan Richardson
What would be suitable Code Katas for people wanting to learn how to code to support their testing?
CounterStrings
- `*3*5*7*9*12*15*`
A CounterString is a string like this `*3*5*7*9*12*15*` where the `*` represent the position in the string of the number immediately proceeding it. This is a 15 character CounterString.
These are useful because if you paste them into a field, and are truncated then it is easy to see what they were truncated to, it is as James Bach describes it, self documenting test data.
https://www.eviltester.com/blog/eviltester/2019-02-27-programming-katas-for-testers/
What is Shift Left Testing? Do you need to use that term to improve your Software Testing and Development process? I don't think so.
- why I don't use the term Shift Left
- Explanation of what Shift Left means when people use it
- Explanation of what Shift Left might mean when people hear it
- How to Shift Left incorrectly
- How to improve your test process without using the phrase Shift Left.
Hire me for consultancy and buy my online books and training at:
- https://compendiumdev.co.uk
- http://eviltester.com
- http://seleniumsimplified.com
- http://javafortesters.com
Have you ever wished that you had a worked example of how to test a REST API?
Not just automate the API, but how to interact with it with command line tools, and GUI tools to support your manual interactive testing. And then take your testing forward into automating the API?
That's what this book provides.
Read the 74 page sample and find out more information on the book page.
https://www.compendiumdev.co.uk/page/tracksrestapibook
The full book has over 200 pages of actual hands on case study information that can improve your testing and automating of REST API based applications.
Technical and Testing Challenges: Using the "Protect The Square" GameAlan Richardson
How good are your Technical Testing in the Browser and JavaScript skills? Put them to the test with the "Protect The Square" game.
https://www.compendiumdev.co.uk/games/buggygames/protect_the_square/protect_the_square.html
TDD - Test Driven Development - Java JUnit FizzBuzzAlan Richardson
A short example Test Driven Development session where I code FizzBuzz.
FizzBuzz is often used as a programming interview question and as a Kata for practicing your coding.
The GitHub code repository with the Java code for this exercise is available at:
https://github.com/eviltester/fizzbuzz
Read the blog post for the video:
http://blog.eviltester.com/2018/03/tdd-test-driven-development-java-junit.html
Your Automated Execution Does Not Have to be FlakyAlan Richardson
This webinar is for anybody who has accepted 'flaky' test automation. Alan believes that to describe and accept your test execution as flaky is merely an excuse. In this webinar he will explore the myths of flakiness, so that you never use those excuses again!
Categories of common problems with suggested solutions.
For more information visit http://eviltester.com/flaky
What is Testability vs Automatability? How to improve your Software Testing.Alan Richardson
Testability is different from Automatability.
- Testability - does the application have features that make it easier for a human to test?
- Automatizability (Automatability) - does the application have features that make it easier to control and interrogate by another application.
You will learn:
- What is Testability?
- What is automatability?
- What is automatizability?
- Adding testability features can introduce risk.
- Features that aid automated execution, can overlap with features that aid testing, but they are not the same.
A Common Sense Guide to Agile Development and Testing that might just change your Agile approach forever.
Answering the 9 most common questions asked about Agile Testing:
- What is Agile Testing?
- Do we still need testers in Agile?
- What is an Agile Tester?
- What does a Software Tester Actually Do?
- Should we automate our testing?
- What tools should we use for our Agile Testing?
- How Much Should we Automate?
- How can we automate and still finish the sprint?
- How can we finish all our testing in the sprint?
A high quality download of the 9 points as a free "Print out and Keep" Poster is available at http://eviltester.com/agile
The Evil Tester Show - Episode 001 Halloween 2017Alan Richardson
The Evil Tester Show - Episode 001 Halloween 2017
## Halloween Special 2017
## Alan Richardson
- Houdini
- Charles Fort
- Ghost Hunting
- Unconventional Influences
http://eviltester.com/show/001-halloween-2017/
---
# _TLDR; The world needs a new Testing Podcast, so I created one_
---
# We are in the Uncertainty Business.
We find and investigate anomalous Phenomena
## Anomalous - "deviating from what is standard, normal, or expected."
We are part of a long tradition of Anomalous Phenomena seekers.
---
# The Podcast
- [Audio]
https://eviltester.podbean.com/e/the-evil-tester-show-episode-001-halloween-special-2017/
- [Video]
https://youtu.be/TLMtOM0FXRA
- [Show Notes]
http://eviltester.com/show/001-halloween-2017/
Software Testing Terms Defined. Answering the FAQ "What is Regression Testing?"
- What is Regression Testing?
- How to do Regression Testing?
- Why do we do Regression Testing?
- How to re-think Regression Testing in terms of Risk?
Simple ways to add and work with a `.jar` file in your local maven setupAlan Richardson
TL;DR Hack - add as a library in IntelliJ project. Tactic - add as system scope in maven. Tactic/Strategic - install locally to .m2. Strategic - use a repository management tool, publish to maven central
Sometimes you want to work with a jar file that isn't hosted in maven central.
It might be a 3rd party jar, it might be one that you have written.
Regardless.
You have a lot of options for this. The approaches that I have used:
- add .jar files as an IntelliJ project dependency
- install it locally to your .m2 repository
- add it to your project as a system scoped file
- use a repository management tool like Nexus or Archiva
- publish the dependency to maven central
Learning in Public - A How to Speak in Public WorkshopAlan Richardson
Glossophobia, the fear of public speaking, usually ranks pretty high on surveys of 'what people fear'. And for good reason. We've all attended conferences where the keynote speakers were seriously injured after being hit by a torrent of rolled up feedback forms, or speakers were left bleeding from a rain of plastic name badges thrown Shuriken-like by the Ninja trained attendees.
You can learn to avoid these outcomes, and when you do, you gain a skill that will win you recognition, improve your job prospects and allow you to travel the world talking to fellow testers.
In this workshop Alan will provide hints and tips for improving your public speaking. Sharing, from experience, what works for him, and discuss some conventional wisdom on public speaking. Alan will also share a few secrets, and unconventional exercises that he uses to prepare.
Public speaking is a skill we have to learn in public, but it is a skill, it is learn-able, and it is a skill that you can learn.
Read more in the supporting blog post:
http://blog.eviltester.com/2017/09/overcome-imposter-syndrome-public-speaking.html
How to Practise to Remove Fear of Public SpeakingAlan Richardson
Tips on how to overcome fear of public speaking:
- the 'fear' is a learned response, it is not innate
- recognise that it is not fear, it is excitement
- channel the excitement into energy to boost your talk
- practice with different styles of presentation
- record yourself practicing
- practice out loud, as well as in your head.
Speaking in public is a skill, that you can develop if you care enough about the message that you want to deliver. It is simply practice, and you can do that.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Securing your Kubernetes cluster_ a step-by-step guide to success !
Technology Based Testing
1. Technology Based Technical Testing
Agile Testers Conference 2018
Alan Richardson
www.eviltester.com
www.compendiumdev.co.uk
@eviltester
@EvilTester | http://EvilTester.com 1
2. Blurb
What do you learn if you want to test 'beyond the acceptance criteria'?
Technical risk based testing can help. In this case I'm going to use the
phrase Technical Testing to cover: "identify technology based risks to
drive testing". This thought process can help us make informed
decisions about the scope of exploratory testing we will carry out. It also
helps focus your studies on the technical knowledge appropriate for the
project you are testing.
@EvilTester | http://EvilTester.com 2
3. Blurb
This requires:
understanding of the technology
risk identification
tools applicable to the technology
This presentation will use a simple example to demonstrate that:
Even simple technology can pose risk
Combining simple technology can increase risk
Understanding technology allows us to evaluate risk
@EvilTester | http://EvilTester.com 3
4. Why this talk?
Because I was asked a simple question.
@EvilTester | http://EvilTester.com 4
5. I know HTML, CSS, HTTP, and JavaScript
what do I learn next?
@EvilTester | http://EvilTester.com 5
6. I know HTML, CSS, HTTP, and JavaScript what do I
learn next?
Do you know it?
Do you know how your application uses these?
Do you understand the HTML being used?
Do you know which elements have JavaScript events?
Do you understand the CSS in use?
Do you know how it is applied?
Have you validated it?
Are there any cross browser risks?
@EvilTester | http://EvilTester.com 6
7. Simple things in combination can have complex
side‑effects
When changed does caching impact?
CDN, Web Server Cache, Local Browser Cache
When are JS events hooked on to HTML?
when loaded, after rendering?
Do you use CSS animations?
Is anything loaded dynamically?
Impact on automating?
@EvilTester | http://EvilTester.com 7
8. If you do not understand the technology
you are not testing for technical risk effectively
@EvilTester | http://EvilTester.com 8
9. Agile Stories
Vary between teams
Often business focussed
Often lightweight 'conversation markers'
Acceptance Criteria provide minimum 'goodness' assertions
@EvilTester | http://EvilTester.com 9
10. Do Acceptance Criteria cover Technical
Considerations?
Specify if validation is JavaScript, HTML5, Server Side?
Specify libraries in use?
Specify versions of libraries?
Specify 'acceptable' browser range?
They Might. We might discuss and document this during planning
sessions.
Do they cover technical risks?
@EvilTester | http://EvilTester.com 10
11. Do Acceptance Criteria cover Technical Risks?
Specify if validation is JavaScript, HTML5, Server Side?
risk of validation JS code cross browser?
risk of users bypassing HTML5 validation?
risk of server side validation not matching front end?
Specify libraries in use?
CDN delivery vs Web Server
keeping versions up to date?
Specify 'acceptable' browser range?
based on what criteria?
test all functionality on all specified browsers?
Do they rarely cover technical risks?
@EvilTester | http://EvilTester.com 11
12. An Example
The user must be able to navigate the site from a drop down
menu
Acceptance Criteria:
Drop down menu shown
Clicking on drop down menu items navigates to specified menu
item
@EvilTester | http://EvilTester.com 12
13. General Risks for the Story and Acceptance
Criteria?
Drop down menu shown
What about tablets/Mobile?
Accessibility?
screen sizes?
specific browsers used?
Clicking on drop down menu items navigates to specified menu
item
How do we know correct text/link mapping?
So we decide on platforms/browser combinations and create a list of
text/link mappings.
@EvilTester | http://EvilTester.com 13
14. Did we consider the technology?
What JavaScript is used?
What CSS is used?
What libraries?
Is CSS generated in the build or hard coded?
Deployment of artifacts?
Caching of CSS/JS?
etc.
@EvilTester | http://EvilTester.com 14
15. Why are the Technologies important?
@EvilTester | http://EvilTester.com 15
16. Application Perspectives
different views of an app change how we test it
require different domain knowledge
business, HTML, CSS, HTTP, JavaScript, Server side
require different tools
@EvilTester | http://EvilTester.com 16
20. Why do this for testing?
"identify technology based risks to drive and limit testing"
@EvilTester | http://EvilTester.com 20
21. Technical Testing by (MORIM):
Modelling the application from multiple view points and multiple
technical levels.
Using tools to:
Observe the application in action,
Reflecting on what you see to approach the testing with intent
based on risks, and at different interface points.
Using tools to:
Interrogate the application to more detailed levels
Manipulating the application at detailed levels
@EvilTester | http://EvilTester.com 21
23. The Drop Down
Why is drop down menu risky for the web?
@EvilTester | http://EvilTester.com 23
24. Why is drop down menu risky for the web?
It doesn't exist
On Desktop it exists as a native control
It doesn't exist as a native HTML element
We have to simulate it
We have to write code
@EvilTester | http://EvilTester.com 24
25. If it did exist
<ddm>
<mi><a href="/home">Home</a>
<ddm>
<mi><a href="/help">Help</a></mi>
<mi><a href="/home">Home</a></mi>
</ddm>
</mi>
</ddm>
Why would this be less risky?
@EvilTester | http://EvilTester.com 25
26. Why would this be less risky?
It would be 'just HTML'.
standard
can be compliance checked
browser implements
cross‑browser testing reduced
don't test browser implementations
tool supported
automated tools will support
automated tools may have abstractions
e.g. new DropDown().select("Home");
@EvilTester | http://EvilTester.com 26
27. But even when it is standard HTML we can introduce
risk
Different set of risks:
CSS styling
rendering of CSS, animations
Augmenting with JavaScript
@EvilTester | http://EvilTester.com 27
28. But it doesn't exist
Humans have to implement it. Using?
CSS?
JavaScript?
What HTML Underpinning it?
As an exercise after this talk: look at all the different implementations of
drop downs on the web.
@EvilTester | http://EvilTester.com 28
29. Possible Risks?
Might not render at all ‑ Why?
Rendering Errors
Overlapping Drop Downs
Animation Errors
Links might not work
Might not be responsive
Cross Browser JavaScript Errors?
Ajax JSON Errors Loading Sub Menus?
@EvilTester | http://EvilTester.com 29
30. Without knowing the technology used.
How would we test for these risks?
@EvilTester | http://EvilTester.com 30
31. Possible Test Approaches
Links might not work
Mitigation:
Link Checker?
Does that work for non exposed sub‑menus?
can we test rendering independent of link clicking?
@EvilTester | http://EvilTester.com 31
33. Mitigation/Detection
where "Test in all browsers" would mean:
all
all that we care about? blindly accepting risk with others?
create a 'supported browser list'
create a 'supported resolution' list?
create a 'supported device list'
who creates these? based on what?
test
test what?
on every page?
every combination of drop down?
do I have to click every link on every rendering?
@EvilTester | http://EvilTester.com 33
34. Too Many Risks!
Testing Blind
Reduce Risks by understanding the Technology
@EvilTester | http://EvilTester.com 34
35. Drop Down is not a Li
But what makes it a drop down?
Magic?
CSS?
JavaScript?
Different Tech, Different Risks
@EvilTester | http://EvilTester.com 35
36. v001 has a problem
@EvilTester | http://EvilTester.com 36
37. Could our 'standard' browser set find that?
only if we resize the browser
@EvilTester | http://EvilTester.com 37
38. Could we predict that with technical knowledge?
past experience?
CSS/HTML knowledge about z‑index styling?
@EvilTester | http://EvilTester.com 38
40. A JavaScript Example
from
a JS Implementation at Javascript‑array.com
@EvilTester | http://EvilTester.com 40
41. Similar functionality but a different set of risks
same basic functionality
different technology
different risks
Do we do the same testing?
@EvilTester | http://EvilTester.com 41
42. Amazon ‑ divs and spans
previous examples used div,ul,li
Amazon uses div,span
@EvilTester | http://EvilTester.com 42
43. Do we test for fallback?
What if CSS is not present?
What if JavaScript is not present?
Do we test for that risk?
Is the app designed for that risk?
@EvilTester | http://EvilTester.com 43
46. Do we know how to test for fallback?
Chrome Dev Tools Network
Block URL
Proxies
Block requests/responses
Autoresponders
Browser Plugins
Browser Settings
Tools are required for technology based testing.
@EvilTester | http://EvilTester.com 46
48. What Technology Do We Need To Learn?
HTML?
CSS?
JavaScript?
HTTP?
AJAX?
DOM Manipulation?
@EvilTester | http://EvilTester.com 48
49. We only really need to understand the technology in
use.
@EvilTester | http://EvilTester.com 49
50. Learn the technology in use
Do not need to learn all technology at once
Learn the technology you are testing
To the level that the technology is used
This makes developing technical skills sustainable.
@EvilTester | http://EvilTester.com 50
51. The Pulper Uses Basic HTML
<div class="main_menu">
<nav id="primary_nav_wrap">
<ul>
<li><a href="/apps/pulp/gui/">Home</a>
<ul>
<li><a href="/apps/pulp/gui/help">Help</a></li>
<li><a href="/apps/pulp/gui/">Menu</a></li>
</ul>
</li>
</ul>
</nav>
</div>
What are the risks with this?
@EvilTester | http://EvilTester.com 51
52. Risks
Do the links work?
Any styling applied?
Is the HTML Valid
Seems like standard HTML ‑ reduces cross browser
@EvilTester | http://EvilTester.com 52
53. How to make HTML Less Risky?
Ideal is:
<ddm>
<mi>Home
<ddm>
<mi>Help</mi>
<mi>Menu</mi>
</ddm>
</mi>
</ddm>
Analogous or Isomorphic HTML is less risky. (HTML that shares similar
structure)
@EvilTester | http://EvilTester.com 53
55. Menu according to w3schools is for context Menus
w3schools.com/tags/tag_menu.asp
@EvilTester | http://EvilTester.com 55
56. Menu according to MDN is not particularly well
supported
https://developer.mozilla.org/en‑US/docs/Web/HTML/Element/menu
@EvilTester | http://EvilTester.com 56
60. Div risks
By Default a browser puts a new line before each div:
div {
display: block;
}
CSS needs to be used to inline the display.
div provides the nested structure required for a menu. Uses styling
rather than semantics for layout.
@EvilTester | http://EvilTester.com 60
64. What risks does non validated HTML pose?
Might have no impact
Might not render
Browser might 'fix' the HTML
impact: then CSS styling or JavaScript might not work
Mitigation:
Increase in Cross browser testing required
@EvilTester | http://EvilTester.com 64
65. CSS Risk Identification
What is CSS?
How does CSS work?
What CSS is used?
Are there any CSS Validators?
Are there any common problem areas with CSS?
animation, z‑order
@EvilTester | http://EvilTester.com 65
66. What general CSS risks are there?
cross browser
version compatability
invalid syntax
browser quirks
@EvilTester | http://EvilTester.com 66
67. Technology Based Testing Requires Tools
We probably need to understand:
Browser Dev Tools
Different Dev Tools ‑ different functions
Proxy Tools
Different proxies ‑ different functions
Different functions ‑ different testing opportunities e.g. Charles ‑ can
send HTML for w3c validation, Fiddler ‑ AutoResponders, Zap ‑ Fuzzing
@EvilTester | http://EvilTester.com 67
68. Complexity can arise from combinations
https://jsfiddle.net/h7wkoea6/16/
@EvilTester | http://EvilTester.com 68
69. Become Tech Aware
use tech knowledge to identify new risks
identify risk beyond acceptance criteria
use tech knowledge to limit test scope
identify appropriate tools
model applications from different tech perspectives
@EvilTester | http://EvilTester.com 69
70. Useful Links
Handling common HTML and CSS problems
developer.mozilla.org/en‑
US/docs/Learn/Tools_and_testing/Cross_browser_testing/HTML_
and_CSS
Bootstrap Dropdowns
getbootstrap.com/docs/4.0/components/dropdowns/
Web Animations Complexities
https://dev.to/kyleparisi/making‑web‑animations‑9ng
@EvilTester | http://EvilTester.com 70
71. Exercises
When you visit a site or an app, use the dev tools to interrogate the
HTML/CSS/Javascript
Review the apps you are testing, do you understand the
fundamental building blocks?
Find similar functionality on different sites ‑ are they implemented
the same way?
Identify risks, identify the tools you need to enable testing for them
@EvilTester | http://EvilTester.com 71
75. BIO
Alan is a test consultant who enjoys testing at a technical level using
techniques from psychotherapy and computer science. In his spare
time Alan is currently programming a multi‑user text adventure game
and some buggy JavaScript games in the style of the Cascade Cassette
50. Alan is the author of the books "Dear Evil Tester", "Java For
Testers" and "Automating and Testing a REST API". Alan's main
website is compendiumdev.co.uk and he blogs at blog.eviltester.com
@EvilTester | http://EvilTester.com 75
76. END SLIDE
This slide intentionally left blank.
Not including: this text, the paragraph above or the slide title or the
footer, but this is the last slide so it is effectively blank. In fact, it is
actually unnecessary. Forget you saw this slide.
@EvilTester | http://EvilTester.com 76