The document discusses considerations for analyzing and reproducing errors in web-based applications. There are 5 key points:
1. Errors seen by users may be symptoms of errors elsewhere in the system, so the underlying cause must be diagnosed.
2. Errors can depend on environment variables and may not appear in all environments, making reproduction difficult.
3. Errors can be in code, configuration, or any system layer and determining the root cause is challenging.
4. Both static and dynamic operating environments introduce different types of errors and require tailored testing approaches.
5. Identifying which system layer - client, server, or network - contains the root cause is essential for effective error analysis and reproduction.
Impact2014: Introduction to the IBM Java ToolsChris Bailey
IBM provides a number of free tools to assist in monitoring and diagnosing issues when running any Java application - from Hello World to IBM or third-party, middleware-based applications. This session introduces attendees to those tools, highlights how they have been extended with IBM middleware product knowledge, how they have been integrated into IBMs development tools, and how to use them to investigate and resolve real-world problem scenarios.
Java Insecurity: How to Deal with the Constant VulnerabilitiesLumension
Just over a decade ago, the outcry over Microsoft’s security problems reached such a deafening level that it finally got the attention of Bill Gates, who wrote the famous Trustworthy Computing memo. Today, many would say that Microsoft leads the industry in security and vulnerability handling.
Now, it’s Java that’s causing the uproar. But has Oracle learned anything from Microsoft in handling these seemingly ceaseless problems? I’ll start by reviewing the wide-ranging Java security changes Oracle is promising to make. They sound so much like the improvements Microsoft made back with Trustworthy Computing that I’m amazed it hasn’t been done before! We’ll move on to discuss what you can do now to address Java security in your environment.
One of the banes of security with Java is the presence of multiple versions of Java, often on the same computer. Sometimes you really need multiple versions of Java to support applications with version dependencies (crazy, I know). But other times, multiple copies of Java are there “just because.” In this webinar, we’ll talk about the current Java mess and how you can get out of it, including:
Assessment. We’ll discuss ways and tools for cataloging what versions of Java are actually out there on your endpoints.
Identification. We’ll look at methods for identifying which versions are actually required by your users; for instance, I’ll show you how you might use Process Tracking and File Access events in the Windows Security Log to see which Java files are being accessed, by whom, and by which programs.
Disabling. Can you just disable Java? Maybe not for everyone, but what if you could disable it for certain roles within your company that make up 25% – or even 75% – of your workforce? That would be worth it. We’ll explore how you might go about such a measure.
Hardening. We’ll dive into the technical details of hardening Java and reducing your Java attack surface, where possible.
Filtering. Another way to reduce your Java risk is by filtering Java content at your gateway. Again not full coverage control – but what is?
Patching. Then, we’ll delve into the Java patching nightmare. Depending on self-updaters on each endpoint, is could be a recipe for disaster, and I’ll explain why. Basically the only way out of the Java mess is a 3rd party solution that can perform centralized patch management and remediation and that’s where our sponsor, Lumension, will come in.
This will be a brief discussion on Pen Testing Web Services in 2012, though OWASP have testing guides which describes various methods and tools for performing black box and white box security testing on web services but they’re all outdated. The key points of the presentation will revolve around how to pen test web services, what are the pre-requisites, methodology, tools used, etc.
JavaOne2013: Secure Engineering Practices for JavaChris Bailey
Developing programs that are inherently immune to attack requires sound software engineering practices. This session looks at the overall software engineering lifecycle and the critical points at which software security is a specific consideration. From the requirements for third-party suppliers to in-house development, your process must offer a level of confidence that the software functions as intended and is free of vulnerabilities. The presentation shows how using threat models, code pattern analysis tooling, targeted reviews, and more enhances Java security.
Tips to achieve continuous integration/delivery using HP ALM, Jenkins, and S...Skytap Cloud
To gain a competitive advantage in today's hyper competitive markets, businesses must constantly strive to develop, test, and release better software faster. This is made possible by means of continuously integrating, testing, and delivering new applications.
In this webinar, Skytap and Orasi will share tips to improve software quality and velocity with the automated creation and management of on-demand, scalable test environments. It will focus on best practices for continuous integration through the joint use of HP Application Lifecycle Management (ALM), Jenkins and Skytap.
Specifically you learn how to:
-Integrate Jenkins with HP ALM
-Extend Dev/Test workloads to the cloud
-Integrate build automation with automated test management
Impact2014: Introduction to the IBM Java ToolsChris Bailey
IBM provides a number of free tools to assist in monitoring and diagnosing issues when running any Java application - from Hello World to IBM or third-party, middleware-based applications. This session introduces attendees to those tools, highlights how they have been extended with IBM middleware product knowledge, how they have been integrated into IBMs development tools, and how to use them to investigate and resolve real-world problem scenarios.
Java Insecurity: How to Deal with the Constant VulnerabilitiesLumension
Just over a decade ago, the outcry over Microsoft’s security problems reached such a deafening level that it finally got the attention of Bill Gates, who wrote the famous Trustworthy Computing memo. Today, many would say that Microsoft leads the industry in security and vulnerability handling.
Now, it’s Java that’s causing the uproar. But has Oracle learned anything from Microsoft in handling these seemingly ceaseless problems? I’ll start by reviewing the wide-ranging Java security changes Oracle is promising to make. They sound so much like the improvements Microsoft made back with Trustworthy Computing that I’m amazed it hasn’t been done before! We’ll move on to discuss what you can do now to address Java security in your environment.
One of the banes of security with Java is the presence of multiple versions of Java, often on the same computer. Sometimes you really need multiple versions of Java to support applications with version dependencies (crazy, I know). But other times, multiple copies of Java are there “just because.” In this webinar, we’ll talk about the current Java mess and how you can get out of it, including:
Assessment. We’ll discuss ways and tools for cataloging what versions of Java are actually out there on your endpoints.
Identification. We’ll look at methods for identifying which versions are actually required by your users; for instance, I’ll show you how you might use Process Tracking and File Access events in the Windows Security Log to see which Java files are being accessed, by whom, and by which programs.
Disabling. Can you just disable Java? Maybe not for everyone, but what if you could disable it for certain roles within your company that make up 25% – or even 75% – of your workforce? That would be worth it. We’ll explore how you might go about such a measure.
Hardening. We’ll dive into the technical details of hardening Java and reducing your Java attack surface, where possible.
Filtering. Another way to reduce your Java risk is by filtering Java content at your gateway. Again not full coverage control – but what is?
Patching. Then, we’ll delve into the Java patching nightmare. Depending on self-updaters on each endpoint, is could be a recipe for disaster, and I’ll explain why. Basically the only way out of the Java mess is a 3rd party solution that can perform centralized patch management and remediation and that’s where our sponsor, Lumension, will come in.
This will be a brief discussion on Pen Testing Web Services in 2012, though OWASP have testing guides which describes various methods and tools for performing black box and white box security testing on web services but they’re all outdated. The key points of the presentation will revolve around how to pen test web services, what are the pre-requisites, methodology, tools used, etc.
JavaOne2013: Secure Engineering Practices for JavaChris Bailey
Developing programs that are inherently immune to attack requires sound software engineering practices. This session looks at the overall software engineering lifecycle and the critical points at which software security is a specific consideration. From the requirements for third-party suppliers to in-house development, your process must offer a level of confidence that the software functions as intended and is free of vulnerabilities. The presentation shows how using threat models, code pattern analysis tooling, targeted reviews, and more enhances Java security.
Tips to achieve continuous integration/delivery using HP ALM, Jenkins, and S...Skytap Cloud
To gain a competitive advantage in today's hyper competitive markets, businesses must constantly strive to develop, test, and release better software faster. This is made possible by means of continuously integrating, testing, and delivering new applications.
In this webinar, Skytap and Orasi will share tips to improve software quality and velocity with the automated creation and management of on-demand, scalable test environments. It will focus on best practices for continuous integration through the joint use of HP Application Lifecycle Management (ALM), Jenkins and Skytap.
Specifically you learn how to:
-Integrate Jenkins with HP ALM
-Extend Dev/Test workloads to the cloud
-Integrate build automation with automated test management
Is Human Reproductive Cloning Morally Permissible?Gwynne Brunet
The subject of human reproductive cloning is a complicated one which contains many issues that need to be understood, and considered; before a course of action can be taken. In regards to cloning, any decision that will be agreed upon, in our distant future, will not be simply black and white, but instead it will be a colorful array of restrictions, rules, laws, supervision, and ethical standards. In this paper, I will evaluate the facts, and determine, through moral reasoning, whether human reproductive cloning is morally permissible.
Why On-Demand Provisioning Enables Tighter Alignment of Test and Production E...Cognizant
To improve their test environments and application quality, organizations are turning to the cloud for on-demand provisioning, as well as build and deployment automation.
Modern Enterprise Software Systems (MESS) is all
about envisioning, developing, managing and evolving
enterprise applications to fulfill business requirements. This
may entail many challenges like rapidly changing business
scenario, increase in complexity, shorter time to market and
business agility. In order to deal with this natural evolution,
achieving modularity across MESS is essential. In this paper,
we describe by way of an example application, some of the
common problems encountered while delivering & managing
enterprise software. We demonstrate that one of the root causes
for these is inadequate support for modularity at the physical
level viz. packaging & deployment. We look at the different
options available for extending the modularity across packaging
and deployment e.g. Impala and Open Service Gateway
initiative (OSGi). Based on our explorations and experiments
we provide a comparison between the two. We conclude the
paper with a note on the future directions for physical
modularity.
Just like anything in IT, automation is a tool. And any tool can be used incorrectly. In this talk, we discuss a few examples of automation (or lack thereof) gone wrong.
Cloud scale anomaly detection for software misconfigurationsLN Renganarayana
We present a framework and tool called EnCore to automatically detect software misconfigurations. EnCore takes
into account two important factors that are unexploited before: the interaction between the configuration settings and
the executing environment, as well as the rich correlations
between configuration entries. We embrace the emerging
trend of viewing systems as data, and exploit this to extract information about the execution environment in which
a configuration setting is used. EnCore learns configuration
rules from a given set of sample configurations. With training data enriched with the execution context of configurations, EnCore is able to learn a broad set of configuration
anomalies that spans the entire system. EnCore is effective
in detecting both injected errors and known real-world problems – it finds 37 new misconfigurations in Amazon EC2
public images and 24 new configuration problems in a commercial private cloud. By systematically exploiting environment information and by learning correlation rules across
multiple configuration settings, EnCore detects 1.6x to 3.5x
more misconfiguration anomalies than previous approaches.
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Applitools
** Full webinar recording: **
Two leading developers -- from Jira/ Atlassian and Pushpay -- shared their insights, tip, tricks, and best practices on how to maintain quality across the Dev-Test-Release cycle, without losing speed or coverage.
Talk 1: Reducing the Risk of Rapid Development and Continuous Delivery -- by David Corbett (Director of Engineering @ Pushpay)
In this talk, David showed us what goes on under the hood of Pushpay's development cycle.
He also talked about the ways in which Pushpay is empowering Dev and Test teams to be more autonomous, and prompting them to use advanced test automation tools & techniques, such as visual validation, in order to gain confidence in deploying many times each day.
Talk 2: Testing Hourglass at Jira Frontend -- by Alexey Shpakov (Sr. Developer - Jira Frontend @ Atlassian)
We often hear people talk about the testing pyramid.
In Jira Frontend, we talk about testing hourglass -- that means we expect our developers to be responsible for the whole lifecycle of the code -- starting from creating tests and finishing with running a 24/7 on-call.
In this talk, Alexey did a deep-dive into the various types of testing they have in Jira Frontend, and discussed the various tools that allow them to deliver Jira to customers in a low-risk manner.
Is Human Reproductive Cloning Morally Permissible?Gwynne Brunet
The subject of human reproductive cloning is a complicated one which contains many issues that need to be understood, and considered; before a course of action can be taken. In regards to cloning, any decision that will be agreed upon, in our distant future, will not be simply black and white, but instead it will be a colorful array of restrictions, rules, laws, supervision, and ethical standards. In this paper, I will evaluate the facts, and determine, through moral reasoning, whether human reproductive cloning is morally permissible.
Why On-Demand Provisioning Enables Tighter Alignment of Test and Production E...Cognizant
To improve their test environments and application quality, organizations are turning to the cloud for on-demand provisioning, as well as build and deployment automation.
Modern Enterprise Software Systems (MESS) is all
about envisioning, developing, managing and evolving
enterprise applications to fulfill business requirements. This
may entail many challenges like rapidly changing business
scenario, increase in complexity, shorter time to market and
business agility. In order to deal with this natural evolution,
achieving modularity across MESS is essential. In this paper,
we describe by way of an example application, some of the
common problems encountered while delivering & managing
enterprise software. We demonstrate that one of the root causes
for these is inadequate support for modularity at the physical
level viz. packaging & deployment. We look at the different
options available for extending the modularity across packaging
and deployment e.g. Impala and Open Service Gateway
initiative (OSGi). Based on our explorations and experiments
we provide a comparison between the two. We conclude the
paper with a note on the future directions for physical
modularity.
Just like anything in IT, automation is a tool. And any tool can be used incorrectly. In this talk, we discuss a few examples of automation (or lack thereof) gone wrong.
Cloud scale anomaly detection for software misconfigurationsLN Renganarayana
We present a framework and tool called EnCore to automatically detect software misconfigurations. EnCore takes
into account two important factors that are unexploited before: the interaction between the configuration settings and
the executing environment, as well as the rich correlations
between configuration entries. We embrace the emerging
trend of viewing systems as data, and exploit this to extract information about the execution environment in which
a configuration setting is used. EnCore learns configuration
rules from a given set of sample configurations. With training data enriched with the execution context of configurations, EnCore is able to learn a broad set of configuration
anomalies that spans the entire system. EnCore is effective
in detecting both injected errors and known real-world problems – it finds 37 new misconfigurations in Amazon EC2
public images and 24 new configuration problems in a commercial private cloud. By systematically exploiting environment information and by learning correlation rules across
multiple configuration settings, EnCore detects 1.6x to 3.5x
more misconfiguration anomalies than previous approaches.
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Applitools
** Full webinar recording: **
Two leading developers -- from Jira/ Atlassian and Pushpay -- shared their insights, tip, tricks, and best practices on how to maintain quality across the Dev-Test-Release cycle, without losing speed or coverage.
Talk 1: Reducing the Risk of Rapid Development and Continuous Delivery -- by David Corbett (Director of Engineering @ Pushpay)
In this talk, David showed us what goes on under the hood of Pushpay's development cycle.
He also talked about the ways in which Pushpay is empowering Dev and Test teams to be more autonomous, and prompting them to use advanced test automation tools & techniques, such as visual validation, in order to gain confidence in deploying many times each day.
Talk 2: Testing Hourglass at Jira Frontend -- by Alexey Shpakov (Sr. Developer - Jira Frontend @ Atlassian)
We often hear people talk about the testing pyramid.
In Jira Frontend, we talk about testing hourglass -- that means we expect our developers to be responsible for the whole lifecycle of the code -- starting from creating tests and finishing with running a 24/7 on-call.
In this talk, Alexey did a deep-dive into the various types of testing they have in Jira Frontend, and discussed the various tools that allow them to deliver Jira to customers in a low-risk manner.
What is Selenium Testing?
Selenium Testing refers to the process of using the Selenium framework to automate the testing of web applications. It is a popular open-source toolset that provides a way to interact with web browsers in an automated manner. Selenium allows testers and developers to write scripts in various programming languages (such as Java, Python, C#, etc.) to simulate user interactions with a web application, perform functional testing, and validate the application’s behavior.
Key features and components of Selenium Testing include:
Selenium WebDriver: This is the core component of Selenium that provides an API for interacting with web browsers. It allows you to write code that simulates user actions like clicking buttons, filling forms, navigating pages, etc. WebDriver supports multiple browsers such as Chrome, Firefox, Safari, Edge, and more.
Selenium IDE (Integrated Development Environment): A browser plugin that allows testers to record and playback interactions with a web application. While WebDriver provides more flexibility and control, Selenium IDE is more beginner-friendly and useful for quick tests.
Selenium Grid: This feature enables the distribution of test scripts across multiple browsers and operating systems simultaneously. It helps in achieving parallel testing and ensures compatibility across different environments
Test Frameworks: Selenium can be integrated with various testing frameworks like JUnit, TestNG, NUnit, etc., to manage test cases, generate reports, and handle assertions.
Supported Languages: Selenium supports multiple programming languages, making it versatile and accessible to developers and testers with different language preferences.
Selenium Testing is commonly used for:
Functional Testing: Verifying that the application functions correctly by automating user interactions and validating expected behaviors.
Regression Testing: Running tests to ensure that new code changes haven’t introduced any unintended side effects or bugs in the existing functionality.
Cross-Browser Testing: Ensuring that the web application works consistently across different web browsers and versions.
Load Testing: Using Selenium scripts to simulate multiple users interacting with the application simultaneously to test its performance under heavy load.
UI Testing: Verifying the correctness of the user interface elements, layouts, and visual aspects of the application.
Selenium Testing offers several benefits, including faster test execution, improved accuracy, increased test coverage, and the ability to catch regressions early in the development cycle. It has become a fundamental tool in the world of web application testing and quality assurance.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Testing Web Based Applications[1]
1. Testing
QUICK LOOK
s Why errors in Web-based
Testing
applications are hard to reproduce
s Analyzing these errors in a way
that saves testing time
Web-based
Applications
Analyzing and reproducing errors in a Web environment
by Hung Q. Nguyen
he testing of Web-based done … especially in Web environ-
T 1
applications has much in ments. Web environments are dense
common with the testing with error-prone technology vari-
of desktop systems: You ables. Here are five fundamental con-
need to test the usual func- siderations of Web-application test- What are we really
tionality, configuration, ing:
and compatibility, as well as perform- seeing–an error
ing all the standard test types. But 1. When we see an error on the
Web application testing is more diffi- client side, we are seeing the or a symptom?
cult because complexities are multi- symptom of an error—not the er-
plied by all the distributed system ror itself. Without diagnosing the environment,
components that interact with the ap- we can’t be certain what causes a
plication. When we see an error in a 2. Errors may be environment-de- symptom to appear. If one of the en-
Web environment, it’s often difficult pendent and may not appear in vironment-specific variables from ei-
to pinpoint where the error occurs, different environments. ther the client side or the server side
and, because the behavior we see or is removed or altered, we might not
the error message we receive may be be able to reproduce the problem.
3. Errors may be in the code or in
the result of errors happening on dif- Here is an example. I’m testing a
the configuration.
ferent parts of the Web system, the er- Web-based defect tracking applica-
ror may be difficult to reproduce. So tion, and going through the process
how do we analyze errors within a 4. Errors may reside in any of sever- of creating a new bug report. When I
Web-based system, and what consid- al layers. select the NEW button, I receive an
erations should be made for reproduc- error message:
ing such errors? 5. Examining the two classes of op-
When we have an understanding erating environments — static Microsoft OLE DB Provider for ODBC
of the underlying technology, we are versus dynamic—demands dif- Drivers error '80040e14'
better able to maximize testing effi- ferent approaches.
ciencies—writing more reproducible After spending some time investigat-
bug reports and finding more errors Now let’s take a look at each of these ing my browser environment, I dis-
in less time. This is easier said than five considerations in more detail: cover that JavaScript is disabled in
23
May/June 2000 Software Testing & Quality Engineering www.stqemagazine.com
2. the browser preferences dialog box. operating environment. More com- server configuration issue. However,
Enabling JavaScript eliminates the monly, we refer to environment-in- if the installation program failed to
error. (Whether or not this is a bug is dependent errors as functionality- programmatically configure the Web
not part of this discussion.) The idea specific errors. server according to specification,
here is that if I add additional infor- then this is a software error. If a
mation regarding the JavaScript set- system administrator fails to proper-
ting to the bug report, I can save our ly configure the Web server accord-
team some time in analyzing this
problem. Furthermore, “disabling
JavaScript” is added to my test suite
3 ing to specification, this then be-
comes a user error.
from this point on; it will be applied
to all areas of the application so that
Is it a coding error Application directory has not been con-
figured properly to execute scripts A
all potentially related errors can be
uncovered.
or a configuration typical application-server directory
contains scripts to be executed when
problem? they are called by a Web server on
the behalf of a client. For security
Errors (or the symptoms of sup- reasons, a Web server can be config-
2
To reproduce an environment-dependent error
Is the error
environment- we have to perfectly replicate both the exact sequence
dependent? of activities and the environment conditions.
To reproduce an environment-de-
pendent error we have to perfectly posed errors) may be resolved with ured to allow or disallow scripts to
replicate both the exact sequence of code fixes (assuming the errors are be executed within certain directo-
activities and the environment con- in fact real) or system reconfigura- ries. If your application-server direc-
ditions (operating system, browser tion (client, ser ver, or network). tory is designed to contain scripts
version, add-on components, data- Don’t jump too quickly to the conclu- that will be executed—but the Web
base server, Web server, third-party sion that it’s a bug! server is configured to disable script
components, ser ver/client re- execution in that directory—the ap-
sources, network bandwidth and Microsoft OLE DB Provider for ODBC plication will not work. Is this a soft-
traffic, etc.) in which the application Drivers error '80004005' ware error or a configuration
operates. For example, when you try problem?
to log into your Web application Here is an example illustrating the
while using a 28.8 kbps dial-up con- challenge of identifying possible Default Web page has not been set up
nection, you experience login fail- configuration problems as opposed properly The issue is similar to the
ures due to timeout in the authenti- to actual software errors. It shows problem above.
cation process—but the same login an error message caused by a
steps will authenticate successfully “failed login” that has been generat- SQL Server is not running The appli-
if you are on a T-1 connection at ed by a Web application. By simply cation server needs to connect to the
1.54 mbps. In this case, you have looking at this error message, it is backend database living on the SQL
an environment-dependent error impossible to determine whether server in order to execute queries,
where the dependency is in the this error is the result of a software store procedures, and access data. If
bandwidth. bug, a server-side configuration is- the SQL server process itself is not
Environment-independent er- sue, a compatibility issue, a browser running, then obviously the applica-
rors, on the other hand, are relatively configuration issue, or all of the tion will not work.
easier to reproduce—it’s not neces- above.
sary to replicate the operating envi- After further analyzing the fail- DLL/COM objects are missing or were
ronment. With environment-inde- ure, I discover several possible con- unsuccessfully registered Perhaps the
pendent errors, all that need be ditions that might generate this error installation program failed to copy
replicated is the steps that reveal the message: all the DLLs used by the application
error. For example, if the company server during setup. If any DLL need-
name is misspelled on all of the prod- IIS (Web server) virtual directory has not ed by the application server is miss-
uct’s online pages as WebTessting. been set up properly When the virtual ing, the application will not work.
Con, you will always see this error— directory is not properly configured, Perhaps the installation program
independent of the hardware, soft- the requested files, scripts, or data correctly copied all the needed mod-
ware, and resource variables in your will not be found. Typically, this is a ules, but failed to register one or
24
www.stqemagazine.com Software Testing & Quality Engineering May/June 2000
3. more of them. For example, with OLE- ty issues that are similar to PC envi-
based objects such as COM or DCOM,
their class ID (CLSID) must be regis-
4 ronments, where all components are
in one box. Issues multiply within
tered in the Registry Database before client/server systems, however, be-
they can be used. If an application Which layer cause there may be many clients and
tries to access a COM object that was ser vers connected on a network.
not registered successfully, the appli- really causes Typical client/server configuration
cation will not work. and compatibility issues involve the
This problem is often caused by the problem? hardware and operating system mix
errors in the installation procedures. (UNIX-based boxes versus Windows-
If, on the other hand, the compo- Errors in Web systems are often dif- based boxes, for example) and the
nents must be manually registered ficult to consistently reproduce be- software mix on the server side (Web
then this becomes a configuration cause of the many variables intro- server packages, database server
issue. duced by the distributed nature of packages, firewalls, COM objects,
client/server architecture (i.e., serv- CORBA objects, etc.). Issues may also
Browser-side JavaScript setting has er, client, and networking compo- involve the software mix on the
been disabled This is a browser-side nents). There are at least three usu- client side (TCP/IP stacks, dialer
configuration problem since the ap- al suspects in a Web environment: software, helper components, brows-
plication requires the browser to The client, the server, and the net- er brands, and browser versions).
have JavaScript enabled. Is this a work. Additionally, browser settings, such
software error, a configuration prob- Both the client and the server as general settings, connection set-
EDIT PASS 05/21/99
lem, or a technical support issue? carry configuration and compatibili- tings, security settings (including Ac-
Making Your
Web Application Test Report
More Reproducible
s Check if the client operating system, versions, and patches s Check for proper registration of components (COMs,
meet system requirements Java, etc.)
s Check if the correct version of the browser is installed on s Check to ensure that DNS is properly configured
the client machine
s Check if firewall configuration is causing packets to drop
s Check if the browser is properly installed on the machine or blocking access
(for example, the JVM is also successfully installed)
s Check if a slow connection is causing the application to
s Check the browser settings time-out
s Try the same set of steps with different browsers (e.g., s Check for potential race or time-related conditions
Netscape Navigator versus Internet Explorer)
s Check for potential network inaccessibility issues on the
s Try the same set of steps with different supported versions client machines
of the same browsers (e.g., 3.1, 3.2, 4.2, 4.3, etc.)
s Check for potential network inaccessibility issues on the
s Check to ensure that all servers are running server machines
s Check to ensure that all service-based components have s Check if the server operating system version and patches
been started meet system requirements
s Check to ensure that application access privileges are s Check if the proper versions of the server software such
CREDIT CREDIT CREDIT
properly set up as Web server, SQL database, and other middle-ware
packages are installed
s Check for missing components on the server (DLLs,
scripts, etc.) s Check server configurations for proper settings
25
May/June 2000 Software Testing & Quality Engineering www.stqemagazine.com
4. Dynamic Environments (i.e., resource
Physical Server and time-related errors) in which
Client Client
Database otherwise compatible components
Server may exhibit errors due to memory-
Web related errors and latency condi-
Server tions. (We’ll discuss dynamic envi-
Application ronments in more detail later in this
Server section.)
Static Operating
Ethernet
Environment: Configuration
and Compatibility Variables
Configuration and compatibility issues
FIGURE 1 Web server, application server, and database server in one box
may occur at any point within a Web
system: client, server, or network.
Physical Server 1 Configuration issues involve various
Client Client server software and hardware set-ups,
browser settings, network connec-
tions, and TCP/IP stack set-ups. The
Database
Server browser setting/JavaScript example
discussed earlier illustrated one type
of configuration issue. A different type
of configuration issue is shown in Fig-
ures 1 and 2, with two possible physi-
Ethernet cal server configurations: one-box and
two-box configurations.
Our sample application under
test has some charting capabilities
Web
Server that enable a user to generate met-
rics reports, such as bar charts and
line charts. When a user requests a
Application metrics report, the application server
Server
pseudo code runs as follows:
Physical Server 2
1. Connect to the database server
and run the query.
FIGURE 2 Web server and application server in one box; database server in
another box 2. Write the query result to a file
named c:tempchart.val
tiveX controls, plug-ins, Java, script-
ing, downloads, user authentication, 5 3. Execute the Chart JavaApplet.
Read from c:tempchart.val and
etc.), content settings, program set- use the data to draw a graph.
tings, and other advanced settings
(including browsing options, multi-
Static and 4. Send the JavaApplet to the
media options, Java VM options,
printing options, and HTTP options)
dynamic operating browser.
introduce a multitude of variables
that should be tested and included in
environments During testing for this application, I
discovered that the charting feature
analyses.
The network offers another set
are different. worked on one of the above configu-
rations, but not the other. After I in-
of variables. The network affects the In general, there are two classes of vestigated further, I learned that the
Web application in several ways, in- operating environments—each with problem only occurred in the two-
cluding timing-related issues (race its own unique testing implications: box configuration. After examining
conditions, performance, time-outs, the code, I realized that the problem
etc.) due to bandwidth and latency, Static Environments (i.e., configura- is in steps 2 and 3. In step 2, the
potential configuration and compati- tion and compatibility errors) in quer y result is written to
bility issues due to hardware devices which incompatibility issues may ex- c:tempchart.val of the database serv-
ANNIE BISSETT
such as gateways and routers, and ist regardless of variable conditions er local drive. In step 3, the Chart
side effects related to security imple- such as processing speed and avail- JavaApplet is running on the applica-
mentations. able memory. tion server that is not in the same
26
www.stqemagazine.com Software Testing & Quality Engineering May/June 2000
5. I am not suggesting that we read the code ment cannot be replicated (due to
its dynamic nature), the error be-
comes irreproducible or hard-to-re-
every time we come across an error...I merely produce.
By the way, this is the reason
want to point out that it is essential to that memory-related errors are often
hard to reproduce. When a memory-
identify which server configurations are problematic, overwrite error exists in the code,
for example, it will always cause a
memory-overwritten problem. How-
and include such information in bug reports. ever, from a black-box testing per-
spective, we will never have a chance
I would also run a cursory suite of test cases to see the symptom of this error until
the specific overwritten byte(s) of
code or data is executed or read. In
on all distributed configurations that are supported this example, the set of steps repre-
sents the exact set of black-box ac-
by the application server under test. tivities. The memory-overwrite error
represents the actual error in the
code. The condition in which the
box with the database server. When each time a test procedure is execut- overwritten byte is executed or read
it attempts to open the file ed, it causes the operating environ- represents the dynamic operating en-
c:tempchart.val on the application ment to become dynamic. The vironment or condition needed to re-
ser ver local drive, the file is not attribute can be anything from re- veal (reproduce) the error.
there. source-specific (available RAM, disk Here is a Web application exam-
In this case, I am not suggesting space, etc.) to timing-specific (net- ple of a dynamic environment-related
that we read the code every time we work latency, the order of user trans- error in which we will examine a
come across an error; I leave the de- actions being submitted, etc.). time-related error. The specification
bugging work for the developers. I When a test case depends on requires that:
merely want to point out that it is es- the exact replication of both the set
sential to identify which server con- of steps and the operating envi- s Project names within the system must be
figurations are problematic, and in- ronment but the operating environ- unique
clude such information in bug
reports. I would also run a cursory
suite of test cases on all distributed The home directory path for the Web server on the host myserver is mapped to:
configurations that are supported by C:INETPUBWWWROOT
the application server under test.
Compatibility issues are also When a page is requested from http://myserver/ data will be pulled from:
important in static operating envi- C:INETPUBWWWROOT
ronments. As an example, in Figure 3
we see a compatibility difference be- A filename (mychart.jar) is stored at C:INETPUBWWWROOTMYAPPBIN.
tween Netscape Navigator and Inter-
net Explorer. The application session path (relative path) is pointing to
This is not to say that Internet C:INETPUBWWWROOTMYAPPBIN, and a file is requested from .LIB.
Explorer is better than Netscape
If I use Internet Explorer version 3.x, the Web server looks for the file in
Navigator; it simply means that there
C:INETPUBWWWROOTMYAPPBINLIB because the browser relies on the relative
are incompatibility issues between
paths. This is the intended behavior and the file will be found; this tells me that my
browsers—and that the code should
application will work as expected using Internet Explorer 3.x.
not assume that relative paths work
for all browsers. More importantly, it If instead I use Netscape Navigator version 3.x (a browser that doesn’t like .), the Web
suggests that when you experience server defaults to C:INETPUBWWWROOTLIB and tries to look for mychart.jar from
an error in one environment, the there instead. This is a problem for this particular application because the file
same error may not appear in a dif- (mychart.jar) will not be found there—so I know this feature will not work using Netscape
ferent environment if it’s an environ- 3.x.
ment-dependent error.
When I brought up the Java Console, I saw the following, which confirmed my finding:
Dynamic Operating #Unable to load archive
Environment: Things http://myserver/lib/mychart.jar:java.io.IOException:<null>
Don’t Stay the Same
When the value of a specific environ-
ment attribute does not stay constant FIGURE 3 Compatibility issue between browsers
27
May/June 2000 Software Testing & Quality Engineering www.stqemagazine.com
6. s Error detection and handling for potential
duplication be performed on the client- ...
side using JavaScript <td width=quot;80quot; bgcolor=#00CCCC> </td>
<td width=quot;80quot; bgcolor=#00CCCC align=quot;leftquot; height=quot;9quot;>
s Users will be able to add or delete project
<font size=1 face=quot;Arialquot; color=quot;#400040quot;>
names by requesting the Setting Up Proj-
ects page Project:<br></font>
<select name=quot;namelistquot; size=quot;9quot; OnChange=quot;ListSelected()quot;>
s When a user creates a new project name, <option value=quot;Anotherquot;>Another</option>
a browser-side JavaScript checks the in- <option value=quot;NewProjquot;>NewProj</option>
put name against the select list embed-
</select></td>
ded in the HTML page (as illustrated in
Figure 4) <td width=quot;100quot; bgcolor=#00CCCC> </td>
...
Take a look at the time-related error
illustrated in Figure 5. These before
and after screenshots of the Setting FIGURE 4 Browser-side JavaScript checks the input name against the values in
Up Projects page illustrate that the the namelist
application failed to detect the dupli-
cate name “Doomed.” Figure 4 walks
BEFORE
you through the explanation of this
time-related error that involves two
users adding new project names to
the same database.
As illustrated in Table 1, User A
and User B create new projects si-
multaneously, but without knowl-
edge of each other’s actions. In step
3, User A adds a project named An-
other. Since that project name
already exists, his browser’s
JavaScript displays a message
prompting him for a different proj-
ect name.
User B adds a project named
Doomed. Her browser’s JavaScript
does not detect Doomed as a preexist-
ing project name and so adds it to
both the database and the returned
AFTER
list. The updated project name list is
sent back to User B.
User A subsequently adds the
same name, Doomed, to the project
list. His browser’s JavaScript does
not detect the name on the HTML list,
so it adds the name Doomed to the
database again—as well as to the re-
turned list. The updated project
name list is sent back to User A with
two Doomed entries included.
This result fails to meet the
product’s specification. Unless this
situation happens to be a well-de-
signed test case, accidentally discov-
ering this error and attempting to re-
produce it is not a simple task. In
this example, the actual error is in
the failure of the application to
check for ser ver-side duplicate
names (in addition to client-side FIGURE 5 TOP : Before the project name “Doomed” has been entered by the user;
checking). The steps include User A’s BOTTOM : After the application failed to detect the duplicate project named “Doomed”
28
www.stqemagazine.com Software Testing & Quality Engineering May/June 2000
7. activities. The dynamic operating en- fect your ability to replicate errors. are investigating, but also the undis-
vironment is created by User B’s ac- With the application of some of the covered errors that are related to
tivities—which are hidden or un- skills covered in this article, I hope them. STQE
known to User A. that your Web testing experience will
be less frustrating and more enjoy- Hung Q. Nguyen (hungn@logigear.
able. com) is the president and CEO of
In Conclusion Remember that nothing will re-
place your testing skills—your ability
LogiGear Corporation, a full-ser-
vice consulting firm offering out-
To be effective in analyzing and re- to come up with good test cases, ask sourced testing, QA training, and
producing errors in a Web environ- relevant what-if questions, keep TRACKGEAR™ (a Web-based de-
ment, you need to have a command careful notes, and methodically in- fect tracking solution). He is co-au-
over the operating environment. You vestigate hard-to-reproduce errors. It thor of Testing Computer Software
also need to understand how envi- is these skills that will assist you in and author of the soon-to-be-pub-
ronment-specific variables may af- finding not only the errors that you lished Testing Web Applications.
STEP REQUEST HTML LIST BEFORE HTML LIST AFTER D ATA B A S E B E F O R E D ATA B A S E A F T E R
1 USER A gets the Another Another Another
Setting Up Project NewProj NewProj NewProj
Page
2 USER B gets the Another Another Another
Setting Up Project NewProj NewProj NewProj
Page
3 USER A adds a Another Another Another Another
new project named NewProj NewProj NewProj NewProj
quot;Anotherquot;
4 USER B adds a Another Another Another Another
new project named NewProj NewProj NewProj NewProj
quot;Doomedquot; Doomed Doomed
5 USER A adds a Another Another Another Another
new project named NewProj NewProj NewProj NewProj
quot;Doomedquot; Doomed Doomed Doomed
Doomed Doomed
TABLE 1 User A and User B activities
29
May/June 2000 Software Testing & Quality Engineering www.stqemagazine.com