The document discusses the challenges of testing and analyzing errors in web-based applications. It notes that web application testing is more difficult than desktop applications because there are many distributed system components that can interact with the application. When errors occur, it can be hard to pinpoint where in the system the error originated. The document provides five key considerations for web application testing: 1) errors seen by the client are symptoms not the underlying cause, 2) errors may only occur in certain environments, 3) errors could be in code or configuration, 4) errors may exist in any system layer, and 5) static vs dynamic environments require different testing approaches. It emphasizes the importance of understanding the underlying technology to more efficiently find and report reproducible bugs.
An automated vulnerability scan was performed on a financial organization's website which uncovered several vulnerabilities in their enrollment website (enroll.site.com) that allowed sensitive customer information like credit cards and applications to be accessed. The vulnerabilities included detailed error messages revealing information, lack of session authentication, incorrect file permissions, and default files still existing for the Forte WebEnterprise application. Access to internal systems was also achieved through an exposed debugging option.
This document provides instructions for installing and configuring Oracle Beehive clients, including the Oracle Beehive Integration for Outlook (OBIO) client, Oracle Beehive Conferencing Client, and an Oracle Beehive FTP client. The OBIO client allows integration of Beehive with Microsoft Outlook and involves downloading the client, configuring an Outlook email account, and configuring the Outlook client. The Beehive Conferencing Client supports instant messaging and involves downloading and installing the client with no additional configuration. The Beehive FTP client can be configured to connect to Beehive using supported FTP clients like FileZilla after installing the FTP client and configuring it with the Beehive server address, port, username and password.
The document discusses various techniques for improving database availability in SQL Server, including failover clustering, database mirroring, log shipping, replication, database snapshots, new isolation levels, online index operations, fast recovery, upgrade enhancements, and data partitioning. It provides details on how each technique works and the tradeoffs between performance and high availability.
The document discusses Symantec i3, an application performance management (APM) solution. It provides an overview of APM and why organizations focus on application performance. It then describes the customer pain points of unpredictable application slowdowns and complex, multi-tier architectures. Finally, it summarizes the i3 solution and how it helps organizations detect, find, focus on, and improve application performance issues across various technologies.
Rahul Choudhary has over 7 years of experience in middleware administration including WebSphere, WebLogic, Apache, and IIS. He currently works as a Middleware Administrator at Cognizant Technology Solutions where his responsibilities include web and application server administration, managing shifts, people management, and technical documentation. He has expertise in installing, configuring, and administering various middleware platforms and deploying applications. He also has experience with load balancers, security, performance tuning, and incident management. Rahul holds a Bachelor's degree in IT and several certifications in WebSphere and WebLogic administration.
Brief introduction into SQL injection attack scenariosPayampardaz
This document discusses SQL injection vulnerabilities and techniques. It explains how web applications interact with databases by passing user-input as parameters in SQL queries. SQL injection occurs when user-input containing SQL code is not sanitized. The document outlines various SQL injection payloads and techniques, such as terminating strings, commenting queries, accessing stored procedures and server variables. It also provides recommendations for secure coding practices and database hardening.
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Tom Eston
This document discusses challenges with testing web services and proposes improvements. It notes that current tools, methodologies, and testing environments for assessing web service security are inadequate. The document advocates aligning web service testing with the Penetration Testing Execution Standard methodology. It also highlights new attacks against web services and demos tools like Metasploit modules for assessing web services and the Damn Vulnerable Web Services testing environment.
An automated vulnerability scan was performed on a financial organization's website which uncovered several vulnerabilities in their enrollment website (enroll.site.com) that allowed sensitive customer information like credit cards and applications to be accessed. The vulnerabilities included detailed error messages revealing information, lack of session authentication, incorrect file permissions, and default files still existing for the Forte WebEnterprise application. Access to internal systems was also achieved through an exposed debugging option.
This document provides instructions for installing and configuring Oracle Beehive clients, including the Oracle Beehive Integration for Outlook (OBIO) client, Oracle Beehive Conferencing Client, and an Oracle Beehive FTP client. The OBIO client allows integration of Beehive with Microsoft Outlook and involves downloading the client, configuring an Outlook email account, and configuring the Outlook client. The Beehive Conferencing Client supports instant messaging and involves downloading and installing the client with no additional configuration. The Beehive FTP client can be configured to connect to Beehive using supported FTP clients like FileZilla after installing the FTP client and configuring it with the Beehive server address, port, username and password.
The document discusses various techniques for improving database availability in SQL Server, including failover clustering, database mirroring, log shipping, replication, database snapshots, new isolation levels, online index operations, fast recovery, upgrade enhancements, and data partitioning. It provides details on how each technique works and the tradeoffs between performance and high availability.
The document discusses Symantec i3, an application performance management (APM) solution. It provides an overview of APM and why organizations focus on application performance. It then describes the customer pain points of unpredictable application slowdowns and complex, multi-tier architectures. Finally, it summarizes the i3 solution and how it helps organizations detect, find, focus on, and improve application performance issues across various technologies.
Rahul Choudhary has over 7 years of experience in middleware administration including WebSphere, WebLogic, Apache, and IIS. He currently works as a Middleware Administrator at Cognizant Technology Solutions where his responsibilities include web and application server administration, managing shifts, people management, and technical documentation. He has expertise in installing, configuring, and administering various middleware platforms and deploying applications. He also has experience with load balancers, security, performance tuning, and incident management. Rahul holds a Bachelor's degree in IT and several certifications in WebSphere and WebLogic administration.
Brief introduction into SQL injection attack scenariosPayampardaz
This document discusses SQL injection vulnerabilities and techniques. It explains how web applications interact with databases by passing user-input as parameters in SQL queries. SQL injection occurs when user-input containing SQL code is not sanitized. The document outlines various SQL injection payloads and techniques, such as terminating strings, commenting queries, accessing stored procedures and server variables. It also provides recommendations for secure coding practices and database hardening.
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Tom Eston
This document discusses challenges with testing web services and proposes improvements. It notes that current tools, methodologies, and testing environments for assessing web service security are inadequate. The document advocates aligning web service testing with the Penetration Testing Execution Standard methodology. It also highlights new attacks against web services and demos tools like Metasploit modules for assessing web services and the Damn Vulnerable Web Services testing environment.
This document provides a tutorial with 15 exercises to teach how to create a basic ASP.Net web application with user authentication and authorization. The exercises guide the user to create web forms, configure authentication using web.config files, add a login page that authenticates against a SQL database, and customize the user experience including remembering user logins.
Delivering changes for applications and databases @ AzureEduardo Piairo
This document discusses delivering changes for databases and applications in Azure. It covers introducing the value stream for continuous delivery of databases and applications, and the problem when they are out of sync. It also covers chapters on applications, infrastructure as code, databases, and DevOps practices. The database chapter discusses challenges with databases, the need for automation through source control, migrations vs state-based approaches, and using Flyway for database migrations. Infrastructure chapters discuss physical machines, virtual machines, platform as a service, and serverless computing.
Input validation slides of web application workshopPayampardaz
The document discusses various techniques for attacking web applications through input validation vulnerabilities, including buffer overflows, SQL injection, cross-site scripting, and command execution. It provides examples of how to craft payloads to exploit these vulnerabilities, bypass client-side validation, and evade input sanitization controls. The document also offers some mitigation strategies for securing applications against these input validation attacks.
The document provides an introduction to ASP.NET Web API and discusses key concepts related to web services and HTTP including:
1. Web API allows exposing data and services to different devices by taking advantage of full HTTP features like URIs, headers, caching, and supporting various content formats like XML and JSON.
2. SOAP and HTTP are common protocols for implementing web services, with SOAP using HTTP and XML for serialization and HTTP serving as a more lightweight alternative supporting any content over the protocol.
3. Key HTTP concepts discussed include requests, responses, status codes, headers, and the stateless nature of the protocol, with HTTP providing a standard for communication between client and server applications.
This is a step-by-step guide on installing the WebLogic Server, starting the admin server, and accessing the admin console. We will need this later for our ATG Installation & Configuration step-by-step guide.
The document introduces performance testing basics and methodology using Oracle Application Testing Suite. It covers types of performance testing like load testing, stress testing, and volume testing. It emphasizes the importance of setting up realistic user scenarios and test scripts. The testing environment should replicate production and use dedicated agent machines to generate load. Performance testing helps identify bottlenecks and determine scalability.
The document discusses considerations for analyzing and reproducing errors in web-based applications. There are 5 key points:
1. Errors seen by users may be symptoms of errors elsewhere in the system, so the underlying cause must be diagnosed.
2. Errors can depend on environment variables and may not appear in all environments, making reproduction difficult.
3. Errors can be in code, configuration, or any system layer and determining the root cause is challenging.
4. Both static and dynamic operating environments introduce different types of errors and require tailored testing approaches.
5. Identifying which system layer - client, server, or network - contains the root cause is essential for effective error analysis and reproduction.
load speed problems of web resources on the client side classification and ...INFOGAIN PUBLICATION
This article is concerned about client side issues of web resources load process related to user agents (browsers) behavior. a lot of modern problems such as improving global availability and reducing bandwidth, the main problem they address is latency: the amount of time it takes for the host server to receive, process, and deliver on a request for a page resource (images, css files, etc.). latency depends largely on how far away the user is from the server, and it’s compounded by the number of resources a web page contains; current load algorithms are investigated and all known solutions with their area or efficiency are explained. We have described four main optimization methods.
Starting Your DevOps Journey – Practical Tips for OpsDynatrace
To watch, please see:
https://info.dynatrace.com/apm_wc_getting_started_with_devops_na_registration.html
Starting Your DevOps Journey: Practical Tips for Ops
In this webinar, Andreas Grabner, Chief DevOps Activist at Dynatrace, shares practical tips that all IT groups from Dev to Ops can use to start their DevOps journey quickly. With experience from hundreds of DevOps deployments, Andi provides insights it would take your team months or years to learn firsthand.
- Learn how everyone on your Ops team can use APM to better understand and monitor SLAs, Performance and End User Impact of their applications.
- Foster better collaboration between Ops and architects by extending basic system monitoring to monolith and microservices architectures.
- Shift-left your testing and QA by working with metrics that you and the architects agreed on up front, resulting in early relevant feedback and faster code deployments.
- Hear why changing the cultural mindset from “fear of change” to “Continuous Innovation and Optimization” is critical for success.
Andi is joined by guest speaker, Brian Chandler, Systems Engineer at Raymond James, who shares commonly used Ops dashboards that increase collaboration across IT teams and pro-actively break down silos!
The document discusses various types of non-functional and functional testing for web applications. It describes seven types of non-functional testing - configuration, usability, performance, scalability, security, recoverability, and reliability testing. For each type, it provides details on what should be tested and how test cases can be created. It also discusses two types of functional testing - browser-page testing and transaction testing. The document emphasizes that both non-functional and functional testing methods are needed to test critical aspects like performance, security, and user interfaces for trouble-free website operation.
1) Traditional load testing is limited in its ability to accurately measure end-user experience and identify issues with third-party components.
2) Load testing 2.0 uses real user testing from geographically distributed locations to more realistically drive large volumes of load and uncover regional response time discrepancies and external errors.
3) An online retailer used load testing 2.0 to identify that a third-party component was insufficient under load, affecting the performance of their overall application.
Are You Ready For More Visitors Cognizant Gomez Jan20Compuware APM
1) Traditional load testing is limited in its ability to accurately measure end-user experience and identify issues with third-party components.
2) Load testing 2.0 uses real user testing from geographically distributed locations to better understand regional response times and external factors that impact performance.
3) A case study showed that load testing 2.0 uncovered poor response times for key revenue regions that traditional load testing failed to detect.
The document summarizes the results of performance testing on a system. It provides throughput and scalability numbers from tests, graphs of metrics, and recommendations for developers to improve performance based on issues identified. The performance testing process and approach are also outlined. The resultant deliverable is a performance and scalability document containing the test results but not intended as a formal system sizing guide.
The document discusses various techniques for hacking web applications and web services, including:
1. Profiling infrastructure, attacking authentication and authorization, exploiting data connectivity, attacking client-side vulnerabilities, and denial of service attacks against web applications.
2. Using automated scanning tools to discover servers, services, and vulnerabilities. Common vulnerabilities in Apache, SQL injection, and insecure web service descriptions are described.
3. Attacking web application management interfaces through insecure protocols like Telnet and exploiting features like WebDAV that allow remote file manipulation.
The document discusses quality assurance processes for automated testing including creating an automation framework using Java, Selenium, TestNG, Git, Maven and Jenkins. It provides steps for configuring the automation project, describes functional testing processes and types of testing including load and performance testing using JMeter, security testing by scanning for vulnerabilities, and best practices for implementing page object models in test automation.
The document provides guidance on auditing the configuration of network infrastructure, application platforms, file extensions handling, backup/unreferenced files, admin interfaces, and HTTP methods for various web application security testing categories. It describes reviewing configuration of interconnected infrastructure components, application servers, file extensions handling on web servers, old/unreferenced files for sensitive data, discovering and accessing admin interfaces, and testing HTTP methods configuration to identify risks from improper settings. The guidance references specific OWASP testing steps for each category.
The document discusses quality assurance processes for automated testing including developing an automation framework using Java, Selenium, TestNG, Git, Maven and Jenkins. It provides steps for configuring the automation project, describes functional testing as creating test suites and tracking bug status, and discusses best practices for load and performance testing, security testing, and using the page object model in test automation.
The document discusses common performance bottlenecks and how to identify and address them. It identifies the most common sources of bottlenecks as the application (35%), database server (45%), and web server (12%). The top causes of database server bottlenecks are inefficient SQL statements (24%) and missing indexes (9%). For application servers, the top causes are memory leaks (15%) and inefficient garbage collection (12%). Monitoring tools and metrics for each component are also discussed.
The document provides an overview of web application security. It discusses what web application security entails, which is achieving an acceptable level of security for a web application solution. It explains why web application security is important given increased reliance on web apps and their global accessibility. It outlines some common security risks like browser hijacking, cookie theft, and denial of service attacks. It also discusses how security problems should be addressed earlier in the development lifecycle to reduce costs. The document then delves into specific vulnerabilities like hidden field manipulation, cookie poisoning, buffer overflows, and cross-site scripting attacks. Examples are provided to illustrate how attackers can exploit these vulnerabilities.
This document provides a tutorial with 15 exercises to teach how to create a basic ASP.Net web application with user authentication and authorization. The exercises guide the user to create web forms, configure authentication using web.config files, add a login page that authenticates against a SQL database, and customize the user experience including remembering user logins.
Delivering changes for applications and databases @ AzureEduardo Piairo
This document discusses delivering changes for databases and applications in Azure. It covers introducing the value stream for continuous delivery of databases and applications, and the problem when they are out of sync. It also covers chapters on applications, infrastructure as code, databases, and DevOps practices. The database chapter discusses challenges with databases, the need for automation through source control, migrations vs state-based approaches, and using Flyway for database migrations. Infrastructure chapters discuss physical machines, virtual machines, platform as a service, and serverless computing.
Input validation slides of web application workshopPayampardaz
The document discusses various techniques for attacking web applications through input validation vulnerabilities, including buffer overflows, SQL injection, cross-site scripting, and command execution. It provides examples of how to craft payloads to exploit these vulnerabilities, bypass client-side validation, and evade input sanitization controls. The document also offers some mitigation strategies for securing applications against these input validation attacks.
The document provides an introduction to ASP.NET Web API and discusses key concepts related to web services and HTTP including:
1. Web API allows exposing data and services to different devices by taking advantage of full HTTP features like URIs, headers, caching, and supporting various content formats like XML and JSON.
2. SOAP and HTTP are common protocols for implementing web services, with SOAP using HTTP and XML for serialization and HTTP serving as a more lightweight alternative supporting any content over the protocol.
3. Key HTTP concepts discussed include requests, responses, status codes, headers, and the stateless nature of the protocol, with HTTP providing a standard for communication between client and server applications.
This is a step-by-step guide on installing the WebLogic Server, starting the admin server, and accessing the admin console. We will need this later for our ATG Installation & Configuration step-by-step guide.
The document introduces performance testing basics and methodology using Oracle Application Testing Suite. It covers types of performance testing like load testing, stress testing, and volume testing. It emphasizes the importance of setting up realistic user scenarios and test scripts. The testing environment should replicate production and use dedicated agent machines to generate load. Performance testing helps identify bottlenecks and determine scalability.
The document discusses considerations for analyzing and reproducing errors in web-based applications. There are 5 key points:
1. Errors seen by users may be symptoms of errors elsewhere in the system, so the underlying cause must be diagnosed.
2. Errors can depend on environment variables and may not appear in all environments, making reproduction difficult.
3. Errors can be in code, configuration, or any system layer and determining the root cause is challenging.
4. Both static and dynamic operating environments introduce different types of errors and require tailored testing approaches.
5. Identifying which system layer - client, server, or network - contains the root cause is essential for effective error analysis and reproduction.
load speed problems of web resources on the client side classification and ...INFOGAIN PUBLICATION
This article is concerned about client side issues of web resources load process related to user agents (browsers) behavior. a lot of modern problems such as improving global availability and reducing bandwidth, the main problem they address is latency: the amount of time it takes for the host server to receive, process, and deliver on a request for a page resource (images, css files, etc.). latency depends largely on how far away the user is from the server, and it’s compounded by the number of resources a web page contains; current load algorithms are investigated and all known solutions with their area or efficiency are explained. We have described four main optimization methods.
Starting Your DevOps Journey – Practical Tips for OpsDynatrace
To watch, please see:
https://info.dynatrace.com/apm_wc_getting_started_with_devops_na_registration.html
Starting Your DevOps Journey: Practical Tips for Ops
In this webinar, Andreas Grabner, Chief DevOps Activist at Dynatrace, shares practical tips that all IT groups from Dev to Ops can use to start their DevOps journey quickly. With experience from hundreds of DevOps deployments, Andi provides insights it would take your team months or years to learn firsthand.
- Learn how everyone on your Ops team can use APM to better understand and monitor SLAs, Performance and End User Impact of their applications.
- Foster better collaboration between Ops and architects by extending basic system monitoring to monolith and microservices architectures.
- Shift-left your testing and QA by working with metrics that you and the architects agreed on up front, resulting in early relevant feedback and faster code deployments.
- Hear why changing the cultural mindset from “fear of change” to “Continuous Innovation and Optimization” is critical for success.
Andi is joined by guest speaker, Brian Chandler, Systems Engineer at Raymond James, who shares commonly used Ops dashboards that increase collaboration across IT teams and pro-actively break down silos!
The document discusses various types of non-functional and functional testing for web applications. It describes seven types of non-functional testing - configuration, usability, performance, scalability, security, recoverability, and reliability testing. For each type, it provides details on what should be tested and how test cases can be created. It also discusses two types of functional testing - browser-page testing and transaction testing. The document emphasizes that both non-functional and functional testing methods are needed to test critical aspects like performance, security, and user interfaces for trouble-free website operation.
1) Traditional load testing is limited in its ability to accurately measure end-user experience and identify issues with third-party components.
2) Load testing 2.0 uses real user testing from geographically distributed locations to more realistically drive large volumes of load and uncover regional response time discrepancies and external errors.
3) An online retailer used load testing 2.0 to identify that a third-party component was insufficient under load, affecting the performance of their overall application.
Are You Ready For More Visitors Cognizant Gomez Jan20Compuware APM
1) Traditional load testing is limited in its ability to accurately measure end-user experience and identify issues with third-party components.
2) Load testing 2.0 uses real user testing from geographically distributed locations to better understand regional response times and external factors that impact performance.
3) A case study showed that load testing 2.0 uncovered poor response times for key revenue regions that traditional load testing failed to detect.
The document summarizes the results of performance testing on a system. It provides throughput and scalability numbers from tests, graphs of metrics, and recommendations for developers to improve performance based on issues identified. The performance testing process and approach are also outlined. The resultant deliverable is a performance and scalability document containing the test results but not intended as a formal system sizing guide.
The document discusses various techniques for hacking web applications and web services, including:
1. Profiling infrastructure, attacking authentication and authorization, exploiting data connectivity, attacking client-side vulnerabilities, and denial of service attacks against web applications.
2. Using automated scanning tools to discover servers, services, and vulnerabilities. Common vulnerabilities in Apache, SQL injection, and insecure web service descriptions are described.
3. Attacking web application management interfaces through insecure protocols like Telnet and exploiting features like WebDAV that allow remote file manipulation.
The document discusses quality assurance processes for automated testing including creating an automation framework using Java, Selenium, TestNG, Git, Maven and Jenkins. It provides steps for configuring the automation project, describes functional testing processes and types of testing including load and performance testing using JMeter, security testing by scanning for vulnerabilities, and best practices for implementing page object models in test automation.
The document provides guidance on auditing the configuration of network infrastructure, application platforms, file extensions handling, backup/unreferenced files, admin interfaces, and HTTP methods for various web application security testing categories. It describes reviewing configuration of interconnected infrastructure components, application servers, file extensions handling on web servers, old/unreferenced files for sensitive data, discovering and accessing admin interfaces, and testing HTTP methods configuration to identify risks from improper settings. The guidance references specific OWASP testing steps for each category.
The document discusses quality assurance processes for automated testing including developing an automation framework using Java, Selenium, TestNG, Git, Maven and Jenkins. It provides steps for configuring the automation project, describes functional testing as creating test suites and tracking bug status, and discusses best practices for load and performance testing, security testing, and using the page object model in test automation.
The document discusses common performance bottlenecks and how to identify and address them. It identifies the most common sources of bottlenecks as the application (35%), database server (45%), and web server (12%). The top causes of database server bottlenecks are inefficient SQL statements (24%) and missing indexes (9%). For application servers, the top causes are memory leaks (15%) and inefficient garbage collection (12%). Monitoring tools and metrics for each component are also discussed.
The document provides an overview of web application security. It discusses what web application security entails, which is achieving an acceptable level of security for a web application solution. It explains why web application security is important given increased reliance on web apps and their global accessibility. It outlines some common security risks like browser hijacking, cookie theft, and denial of service attacks. It also discusses how security problems should be addressed earlier in the development lifecycle to reduce costs. The document then delves into specific vulnerabilities like hidden field manipulation, cookie poisoning, buffer overflows, and cross-site scripting attacks. Examples are provided to illustrate how attackers can exploit these vulnerabilities.
The document provides tips to improve web application performance. It recommends minimizing HTTP requests by combining images, CSS, and JavaScript files. Other tips include enabling HTTP compression, using appropriate image formats, compressing assets, placing CSS at the top and JavaScript at the bottom of pages, using a content delivery network, caching appropriately, and reducing cookie size. The document emphasizes reducing the number of server roundtrips to improve response time.
Internet applications (IAs) are web applications that have features of desktop apps and run in web browsers. IAs transfer most processing to the client but keep data on application servers. IAs can run locally in web browsers without installation and can connect intermittently. While more responsive than traditional web apps, IAs have some limitations like restricted access to system resources and potential loss of integrity if client modifies structure.
Performance testing is done to determine a system's responsiveness under different loads. It aims to optimize user experience. Types of performance testing include load, stress, soak/endurance, volume, scalability, and spike testing. The goals are to assess production readiness, compare platforms, evaluate configurations, and check against criteria. Pre-requisites include a stable test environment similar to production. The testing process involves establishing baselines and benchmarks, running tests, and analyzing results to identify bottlenecks and decide on fixes. Common issues relate to servers, databases, networks, and applications. Optimization involves improvements, upgrades, and tuning. Challenges include setting up the test environment and analyzing large amounts of test data.
Reliability Improvement with PSP of Web-Based Software ApplicationsCSEIJJournal
In diverse industrial and academic environments, the quality of the software has been evaluated using
different analytic studies. The contribution of the present work is focused on the development of a
methodology in order to improve the evaluation and analysis of the reliability of web-based software
applications. The Personal Software Process (PSP) was introduced in our methodology for improving the
quality of the process and the product. The Evaluation + Improvement (Ei) process is performed in our
methodology to evaluate and improve the quality of the software system. We tested our methodology in a
web-based software system and used statistical modeling theory for the analysis and evaluation of the
reliability. The behavior of the system under ideal conditions was evaluated and compared against the
operation of the system executing under real conditions. The results obtained demonstrated the
effectiveness and applicability of our methodology
Quality Attributes of Web Software Applications ∗hasnainqayyum1
Quality Attributes of Web Software Applications
Quality Attributes of Web Software Applications ∗
Quality Attributes of Web Software Applications ∗
Quality Attributes of Web Software Applications ∗
Quality Attributes of Web Software Applications ∗
Webinar: Designing a schema for a Data WarehouseFederico Razzoli
Are you new to data warehouses (DWH)? Do you need to check whether your data warehouse follows the best practices for a good design? In both cases, this webinar is for you.
A data warehouse is a central relational database that contains all measurements about a business or an organisation. This data comes from a variety of heterogeneous data sources, which includes databases of any type that back the applications used by the company, data files exported by some applications, or APIs provided by internal or external services.
But designing a data warehouse correctly is a hard task, which requires gathering information about the business processes that need to be analysed in the first place. These processes must be translated into so-called star schemas, which means, denormalised databases where each table represents a dimension or facts.
We will discuss these topics:
- How to gather information about a business;
- Understanding dictionaries and how to identify business entities;
- Dimensions and facts;
- Setting a table granularity;
- Types of facts;
- Types of dimensions;
- Snowflakes and how to avoid them;
- Expanding existing dimensions and facts.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Testing web applications
1. T
he testing of Web-based
applications has much in
common with the testing
of desktop systems: You
need to test the usual func-
tionality, configuration,
and compatibility, as well as perform-
ing all the standard test types. But
Web application testing is more diffi-
cult because complexities are multi-
plied by all the distributed system
components that interact with the ap-
plication. When we see an error in a
Web environment, it’s often difficult
to pinpoint where the error occurs,
and, because the behavior we see or
the error message we receive may be
the result of errors happening on dif-
ferent parts of the Web system, the er-
ror may be difficult to reproduce. So
how do we analyze errors within a
Web-based system, and what consid-
erations should be made for reproduc-
ing such errors?
When we have an understanding
of the underlying technology, we are
better able to maximize testing effi-
ciencies—writing more reproducible
bug reports and finding more errors
in less time. This is easier said than
done…especially in Web environ-
ments. Web environments are dense
with error-prone technology vari-
ables. Here are five fundamental con-
siderations of Web-application test-
ing:
1. When we see an error on the
client side, we are seeing the
symptom of an error—not the er-
ror itself.
2. Errors may be environment-de-
pendent and may not appear in
different environments.
3. Errors may be in the code or in
the configuration.
4. Errors may reside in any of sever-
al layers.
5. Examining the two classes of op-
erating environments—static
versus dynamic—demands dif-
ferent approaches.
Now let’s take a look at each of these
five considerations in more detail:
What are we really
seeing–an error
or a symptom?
Without diagnosing the environment,
we can’t be certain what causes a
symptom to appear. If one of the en-
vironment-specific variables from ei-
ther the client side or the server side
is removed or altered, we might not
be able to reproduce the problem.
Here is an example. I’m testing a
Web-based defect tracking applica-
tion, and going through the process
of creating a new bug report. When I
select the NEW button, I receive an
error message:
Microsoft OLE DB Provider for ODBC
Drivers error '80040e14'
After spending some time investigat-
ing my browser environment, I dis-
cover that JavaScript is disabled in
1
May/June 2000 Software Testing & Quality Engineering www.stqemagazine.com
23
TestingTesting
Testing
Web-based
Applications
Analyzing and reproducing errors in a Web environment
by Hung Q. Nguyen
Q U I C K L O O K
s Why errors in Web-based
applications are hard to reproduce
s Analyzing these errors in a way
that saves testing time
2. the browser preferences dialog box.
Enabling JavaScript eliminates the
error. (Whether or not this is a bug is
not part of this discussion.) The idea
here is that if I add additional infor-
mation regarding the JavaScript set-
ting to the bug report, I can save our
team some time in analyzing this
problem. Furthermore, “disabling
JavaScript” is added to my test suite
from this point on; it will be applied
to all areas of the application so that
all potentially related errors can be
uncovered.
Is the error
environment-
dependent?
To reproduce an environment-de-
pendent error we have to perfectly
replicate both the exact sequence of
activities and the environment con-
ditions (operating system, browser
version, add-on components, data-
base server, Web server, third-party
components, server/client re-
sources, network bandwidth and
traffic, etc.) in which the application
operates. For example, when you try
to log into your Web application
while using a 28.8 kbps dial-up con-
nection, you experience login fail-
ures due to timeout in the authenti-
cation process—but the same login
steps will authenticate successfully
if you are on a T-1 connection at
1.54 mbps. In this case, you have
an environment-dependent error
where the dependency is in the
bandwidth.
Environment-independent er-
rors, on the other hand, are relatively
easier to reproduce—it’s not neces-
sary to replicate the operating envi-
ronment. With environment-inde-
pendent errors, all that need be
replicated is the steps that reveal the
error. For example, if the company
name is misspelled on all of the prod-
uct’s online pages as WebTessting.
Con, you will always see this error—
independent of the hardware, soft-
ware, and resource variables in your
operating environment. More com-
monly, we refer to environment-in-
dependent errors as functionality-
specific errors.
Is it a coding error
or a configuration
problem?
Errors (or the symptoms of sup-
posed errors) may be resolved with
code fixes (assuming the errors are
in fact real) or system reconfigura-
tion (client, server, or network).
Don’t jump too quickly to the conclu-
sion that it’s a bug!
Microsoft OLE DB Provider for ODBC
Drivers error '80004005'
Here is an example illustrating the
challenge of identifying possible
configuration problems as opposed
to actual software errors. It shows
an error message caused by a
“failed login” that has been generat-
ed by a Web application. By simply
looking at this error message, it is
impossible to determine whether
this error is the result of a software
bug, a server-side configuration is-
sue, a compatibility issue, a browser
configuration issue, or all of the
above.
After further analyzing the fail-
ure, I discover several possible con-
ditions that might generate this error
message:
IIS (Web server) virtual directory has not
been set up properly When the virtual
directory is not properly configured,
the requested files, scripts, or data
will not be found. Typically, this is a
server configuration issue. However,
if the installation program failed to
programmatically configure the Web
server according to specification,
then this is a software error. If a
system administrator fails to proper-
ly configure the Web server accord-
ing to specification, this then be-
comes a user error.
Application directory has not been con-
figured properly to execute scripts A
typical application-server directory
contains scripts to be executed when
they are called by a Web server on
the behalf of a client. For security
reasons, a Web server can be config-
ured to allow or disallow scripts to
be executed within certain directo-
ries. If your application-server direc-
tory is designed to contain scripts
that will be executed—but the Web
server is configured to disable script
execution in that directory—the ap-
plication will not work. Is this a soft-
ware error or a configuration
problem?
Default Web page has not been set up
properly The issue is similar to the
problem above.
SQL Server is not running The appli-
cation server needs to connect to the
backend database living on the SQL
server in order to execute queries,
store procedures, and access data. If
the SQL server process itself is not
running, then obviously the applica-
tion will not work.
DLL/COM objects are missing or were
unsuccessfully registered Perhaps the
installation program failed to copy
all the DLLs used by the application
server during setup. If any DLL need-
ed by the application server is miss-
ing, the application will not work.
Perhaps the installation program
correctly copied all the needed mod-
ules, but failed to register one or
3
2
www.stqemagazine.com Software Testing & Quality Engineering May/June 2000
24
To reproduce an environment-dependent error
we have to perfectly replicate both the exact sequence
of activities and the environment conditions.
3. CREDITCREDITCREDIT
EDITPASS05/21/99
May/June 2000 Software Testing & Quality Engineering www.stqemagazine.com
25
more of them. For example, with OLE-
based objects such as COM or DCOM,
their class ID (CLSID) must be regis-
tered in the Registry Database before
they can be used. If an application
tries to access a COM object that was
not registered successfully, the appli-
cation will not work.
This problem is often caused by
errors in the installation procedures.
If, on the other hand, the compo-
nents must be manually registered
then this becomes a configuration
issue.
Browser-side JavaScript setting has
been disabled This is a browser-side
configuration problem since the ap-
plication requires the browser to
have JavaScript enabled. Is this a
software error, a configuration prob-
lem, or a technical support issue?
Which layer
really causes
the problem?
Errors in Web systems are often dif-
ficult to consistently reproduce be-
cause of the many variables intro-
duced by the distributed nature of
client/server architecture (i.e., serv-
er, client, and networking compo-
nents). There are at least three usu-
al suspects in a Web environment:
The client, the server, and the net-
work.
Both the client and the server
carry configuration and compatibili-
ty issues that are similar to PC envi-
ronments, where all components are
in one box. Issues multiply within
client/server systems, however, be-
cause there may be many clients and
servers connected on a network.
Typical client/server configuration
and compatibility issues involve the
hardware and operating system mix
(UNIX-based boxes versus Windows-
based boxes, for example) and the
software mix on the server side (Web
server packages, database server
packages, firewalls, COM objects,
CORBA objects, etc.). Issues may also
involve the software mix on the
client side (TCP/IP stacks, dialer
software, helper components, brows-
er brands, and browser versions).
Additionally, browser settings, such
as general settings, connection set-
tings, security settings (including Ac-
4
s Check if the client operating system, versions, and patches
meet system requirements
s Check if the correct version of the browser is installed on
the client machine
s Check if the browser is properly installed on the machine
(for example, the JVM is also successfully installed)
s Check the browser settings
s Try the same set of steps with different browsers (e.g.,
Netscape Navigator versus Internet Explorer)
s Try the same set of steps with different supported versions
of the same browsers (e.g., 3.1, 3.2, 4.2, 4.3, etc.)
s Check to ensure that all servers are running
s Check to ensure that all service-based components have
been started
s Check to ensure that application access privileges are
properly set up
s Check for missing components on the server (DLLs,
scripts, etc.)
s Check for proper registration of components (COMs,
Java, etc.)
s Check to ensure that DNS is properly configured
s Check if firewall configuration is causing packets to drop
or blocking access
s Check if a slow connection is causing the application to
time-out
s Check for potential race or time-related conditions
s Check for potential network inaccessibility issues on the
client machines
s Check for potential network inaccessibility issues on the
server machines
s Check if the server operating system version and patches
meet system requirements
s Check if the proper versions of the server software such
as Web server, SQL database, and other middle-ware
packages are installed
s Check server configurations for proper settings
Making Your
Web Application Test Report
More Reproducible
4. www.stqemagazine.com Software Testing & Quality Engineering May/June 2000
26
tiveX controls, plug-ins, Java, script-
ing, downloads, user authentication,
etc.), content settings, program set-
tings, and other advanced settings
(including browsing options, multi-
media options, Java VM options,
printing options, and HTTP options)
introduce a multitude of variables
that should be tested and included in
analyses.
The network offers another set
of variables. The network affects the
Web application in several ways, in-
cluding timing-related issues (race
conditions, performance, time-outs,
etc.) due to bandwidth and latency,
potential configuration and compati-
bility issues due to hardware devices
such as gateways and routers, and
side effects related to security imple-
mentations.
Static and
dynamic operating
environments
are different.
In general, there are two classes of
operating environments—each with
its own unique testing implications:
Static Environments (i.e., configura-
tion and compatibility errors) in
which incompatibility issues may ex-
ist regardless of variable conditions
such as processing speed and avail-
able memory.
Dynamic Environments (i.e., resource
and time-related errors) in which
otherwise compatible components
may exhibit errors due to memory-
related errors and latency condi-
tions. (We’ll discuss dynamic envi-
ronments in more detail later in this
section.)
Static Operating
Environment: Configuration
and Compatibility Variables
Configuration and compatibility issues
may occur at any point within a Web
system: client, server, or network.
Configuration issues involve various
server software and hardware set-ups,
browser settings, network connec-
tions, and TCP/IP stack set-ups. The
browser setting/JavaScript example
discussed earlier illustrated one type
of configuration issue. A different type
of configuration issue is shown in Fig-
ures 1 and 2, with two possible physi-
cal server configurations: one-box and
two-box configurations.
Our sample application under
test has some charting capabilities
that enable a user to generate met-
rics reports, such as bar charts and
line charts. When a user requests a
metrics report, the application server
pseudo code runs as follows:
1. Connect to the database server
and run the query.
2. Write the query result to a file
named c:tempchart.val
3. Execute the Chart JavaApplet.
Read from c:tempchart.val and
use the data to draw a graph.
4. Send the JavaApplet to the
browser.
During testing for this application, I
discovered that the charting feature
worked on one of the above configu-
rations, but not the other. After I in-
vestigated further, I learned that the
problem only occurred in the two-
box configuration. After examining
the code, I realized that the problem
is in steps 2 and 3. In step 2, the
query result is written to
c:tempchart.val of the database serv-
er local drive. In step 3, the Chart
JavaApplet is running on the applica-
tion server that is not in the same
5
Database
Server
Client Client
Physical Server
Web
Server
Application
Server
Ethernet
FIGURE 1 Web server, application server, and database server in one box
Client Client
Physical Server 1
Ethernet
Physical Server 2
Web
Server
Application
Server
Database
Server
FIGURE 2 Web server and application server in one box; database server in
another box
ANNIEBISSETT
5. May/June 2000 Software Testing & Quality Engineering www.stqemagazine.com
27
box with the database server. When
it attempts to open the file
c:tempchart.val on the application
server local drive, the file is not
there.
In this case, I am not suggesting
that we read the code every time we
come across an error; I leave the de-
bugging work for the developers. I
merely want to point out that it is es-
sential to identify which server con-
figurations are problematic, and in-
clude such information in bug
reports. I would also run a cursory
suite of test cases on all distributed
configurations that are supported by
the application server under test.
Compatibility issues are also
important in static operating envi-
ronments. As an example, in Figure 3
we see a compatibility difference be-
tween Netscape Navigator and Inter-
net Explorer.
This is not to say that Internet
Explorer is better than Netscape
Navigator; it simply means that there
are incompatibility issues between
browsers—and that the code should
not assume that relative paths work
for all browsers. More importantly, it
suggests that when you experience
an error in one environment, the
same error may not appear in a dif-
ferent environment if it’s an environ-
ment-dependent error.
Dynamic Operating
Environment: Things
Don’t Stay the Same
When the value of a specific environ-
ment attribute does not stay constant
each time a test procedure is execut-
ed, it causes the operating environ-
ment to become dynamic. The
attribute can be anything from re-
source-specific (available RAM, disk
space, etc.) to timing-specific (net-
work latency, the order of user trans-
actions being submitted, etc.).
When a test case depends on
the exact replication of both the set
of steps and the operating envi-
ronment but the operating environ-
ment cannot be replicated (due to
its dynamic nature), the error be-
comes irreproducible or hard-to-re-
produce.
By the way, this is the reason
that memory-related errors are often
hard to reproduce. When a memory-
overwrite error exists in the code,
for example, it will always cause a
memory-overwritten problem. How-
ever, from a black-box testing per-
spective, we will never have a chance
to see the symptom of this error until
the specific overwritten byte(s) of
code or data is executed or read. In
this example, the set of steps repre-
sents the exact set of black-box ac-
tivities. The memory-overwrite error
represents the actual error in the
code. The condition in which the
overwritten byte is executed or read
represents the dynamic operating en-
vironment or condition needed to re-
veal (reproduce) the error.
Here is a Web application exam-
ple of a dynamic environment-related
error in which we will examine a
time-related error. The specification
requires that:
s Project names within the system must be
unique
FIGURE 3 Compatibility issue between browsers
The home directory path for the Web server on the host myserver is mapped to:
C:INETPUBWWWROOT
When a page is requested from http://myserver/ data will be pulled from:
C:INETPUBWWWROOT
A filename (mychart.jar) is stored at C:INETPUBWWWROOTMYAPPBIN.
The application session path (relative path) is pointing to
C:INETPUBWWWROOTMYAPPBIN, and a file is requested from .LIB.
If I use Internet Explorer version 3.x, the Web server looks for the file in
C:INETPUBWWWROOTMYAPPBINLIB because the browser relies on the relative
paths. This is the intended behavior and the file will be found; this tells me that my
application will work as expected using Internet Explorer 3.x.
If instead I use Netscape Navigator version 3.x (a browser that doesn’t like .), the Web
server defaults to C:INETPUBWWWROOTLIB and tries to look for mychart.jar from
there instead. This is a problem for this particular application because the file
(mychart.jar) will not be found there—so I know this feature will not work using Netscape
3.x.
When I brought up the Java Console, I saw the following, which confirmed my finding:
#Unable to load archive
http://myserver/lib/mychart.jar:java.io.IOException:<null>
I am not suggesting that we read the code
every time we come across an error...I merely
want to point out that it is essential to
identify which server configurations are problematic,
and include such information in bug reports.
I would also run a cursory suite of test cases
on all distributed configurations that are supported
by the application server under test.
6. www.stqemagazine.com Software Testing & Quality Engineering May/June 2000
28
s Error detection and handling for potential
duplication be performed on the client-
side using JavaScript
s Users will be able to add or delete project
names by requesting the Setting Up Proj-
ects page
s When a user creates a new project name,
a browser-side JavaScript checks the in-
put name against the select list embed-
ded in the HTML page (as illustrated in
Figure 4)
Take a look at the time-related error
illustrated in Figure 5. These before
and after screenshots of the Setting
Up Projects page illustrate that the
application failed to detect the dupli-
cate name “Doomed.” Figure 4 walks
you through the explanation of this
time-related error that involves two
users adding new project names to
the same database.
As illustrated in Table 1, User A
and User B create new projects si-
multaneously, but without knowl-
edge of each other’s actions. In step
3, User A adds a project named An-
other. Since that project name
already exists, his browser’s
JavaScript displays a message
prompting him for a different proj-
ect name.
User B adds a project named
Doomed. Her browser’s JavaScript
does not detect Doomed as a preexist-
ing project name and so adds it to
both the database and the returned
list. The updated project name list is
sent back to User B.
User A subsequently adds the
same name, Doomed, to the project
list. His browser’s JavaScript does
not detect the name on the HTML list,
so it adds the name Doomed to the
database again—as well as to the re-
turned list. The updated project
name list is sent back to User A with
two Doomed entries included.
This result fails to meet the
product’s specification. Unless this
situation happens to be a well-de-
signed test case, accidentally discov-
ering this error and attempting to re-
produce it is not a simple task. In
this example, the actual error is in
the failure of the application to
check for server-side duplicate
names (in addition to client-side
checking). The steps include User A’s
...
<td width="80" bgcolor=#00CCCC> </td>
<td width="80" bgcolor=#00CCCC align="left" height="9">
<font size=1 face="Arial" color="#400040">
Project:<br></font>
<select name="namelist" size="9" OnChange="ListSelected()">
<option value="Another">Another</option>
<option value="NewProj">NewProj</option>
</select></td>
<td width="100" bgcolor=#00CCCC> </td>
...
FIGURE 4 Browser-side JavaScript checks the input name against the values in
the namelist
FIGURE 5 TOP: Before the project name “Doomed” has been entered by the user;
BOTTOM: After the application failed to detect the duplicate project named “Doomed”
BEFOREAFTER
7. May/June 2000 Software Testing & Quality Engineering www.stqemagazine.com
29
activities. The dynamic operating en-
vironment is created by User B’s ac-
tivities—which are hidden or un-
known to User A.
In Conclusion
To be effective in analyzing and re-
producing errors in a Web environ-
ment, you need to have a command
over the operating environment. You
also need to understand how envi-
ronment-specific variables may af-
fect your ability to replicate errors.
With the application of some of the
skills covered in this article, I hope
that your Web testing experience will
be less frustrating and more enjoy-
able.
Remember that nothing will re-
place your testing skills—your ability
to come up with good test cases, ask
relevant what-if questions, keep
careful notes, and methodically in-
vestigate hard-to-reproduce errors. It
is these skills that will assist you in
finding not only the errors that you
are investigating, but also the undis-
covered errors that are related to
them. STQE
Hung Q. Nguyen (hungn@logigear.
com) is the president and CEO of
LogiGear Corporation, a full-ser-
vice consulting firm offering out-
sourced testing, QA training, and
TRACKGEAR™ (a Web-based de-
fect tracking solution). He is co-au-
thor of Testing Computer Software
and author of the soon-to-be-pub-
lished Testing Web Applications.
S T E P R E Q U E S T H T M L L I S T B E F O R E H T M L L I S T A F T E R DATA B A S E B E F O R E DATA B A S E A F T E R
1 USER A gets the Another Another Another
Setting Up Project NewProj NewProj NewProj
Page
2 USER B gets the Another Another Another
Setting Up Project NewProj NewProj NewProj
Page
3 USER A adds a Another Another Another Another
new project named NewProj NewProj NewProj NewProj
"Another"
4 USER B adds a Another Another Another Another
new project named NewProj NewProj NewProj NewProj
"Doomed" Doomed Doomed
5 USER A adds a Another Another Another Another
new project named NewProj NewProj NewProj NewProj
"Doomed" Doomed Doomed Doomed
Doomed Doomed
TABLE 1 User A and User B activities