Because the cloud introduces additional system risks—Internet dependencies, security challenges, performance concerns, and more—you, as a test manager, need to broaden your scope and update your team’s practices and processes. Ruud Teunissen shares a unique approach that directly addresses more than 140 new testing concerns and risks you may encounter in the cloud. Learn how to identify cloud-specific requirements and the risks that can ensue from those requirements. Then, explore the test strategies you'll need to adopt to mitigate those risks. Explore cloud services selection, implementation, and operations. Then, take a dive in to the wider scope of test management in the cloud. Take back the ammunition you need to convince senior management that test managers should participate during the cloud services selection to help avoid risks before implementation and, further, why you should work with IT operations to extend test activities after the system goes live.
The cloud can deliver services over the Internet in three ways—software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). Each of these approaches requires testers to focus on more than classical functional testing. Ruud Teunissen explores the new techniques and skills testers need to master for testing cloud services. Examples include testing for elasticity; testing fall back scenarios to guarantee continuity of business processes; testing for adherence to laws and regulations; and testing apps, web services, and the numerous platforms that need to be supported. Join Ruud and learn how to test these additional cloud requirements to get a grip on technical test issues, explore cloud services operations, and jump-start the broader scope of testing in the cloud. Take back practical approaches for tuning and tweaking your present test techniques to fly high in the cloud.
BSIMM: Bringing Science to Software SecurityCigital
There is an old management adage that says “You can’t manage what you don’t measure.” The Building Security in Maturity Model (BSIMM) applies scientific principles to the field of software security to effectively measure security activities across industries and business units. The BSIMM enables experts like you to discover what exists in the application security universe, how those things work today, how they worked in the past and how they are likely to work in the future.
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Peter1020
-The Current Global Digital Threat Climate
-Cyber-Trends Against The U.S. Financial Service Sector
-Considerations Prior To Outsourcing
-Pitfalls In International Partnerships
-Communications, Connections, And Security Considerations Between Locations
-Dealing With Data Exposures
-5 Things You Can Do To Protect Your Existing Outsourcing Right Now
Session 2 10:30am-11:30am
-Technology Outsourcing Trends
-Secure Outsourcing Technologies
-Collaboration Methods With Remote Teams
-How To Connect People With The Right Information At The Right Time And The Right Place
-How To Connect People With Fellow Employees, Vendors, Partners Or Other External Contacts Outside Of the Organization
-Project Management Technology Of Remote Resources
Companies are constantly seeking ways to ensure their application code is secure and effectively managed. For example, M&A assessors conduct one-time code audits on companies they are buying to avoid legal, operational or security pitfalls. Other organizations are proactive, using an ongoing solution to make sure their application code is secure and well managed on a day-to-day basis. Increasingly, many companies are opting to use both approaches.Join Bob Genshaft, Director Strategic Programs at Wolters Kluwer, and Black Duck's VP and General Manager On-Demand Audits Phil Odence for a discussion that will address key open source security and management questions:
· When is it appropriate to conduct an audit?
When should your company consider an ongoing solution?
· What are the benefits of doing both?
. What does an effective Open Source Policy look like?
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Black Duck by Synopsys
This webinar focuses on the issues related to improper use of open source software and how this can impact M&A and other partnering opportunities. Attendees will learn techniques to uncover potential issues and the benefits of properly managing your software assets to minimize delays and risks. Russell Hartz of SAP’s Corporate Development organization discusses their strategy and perspective on the subject and how they approach this kind of technical due diligence.
The cloud can deliver services over the Internet in three ways—software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). Each of these approaches requires testers to focus on more than classical functional testing. Ruud Teunissen explores the new techniques and skills testers need to master for testing cloud services. Examples include testing for elasticity; testing fall back scenarios to guarantee continuity of business processes; testing for adherence to laws and regulations; and testing apps, web services, and the numerous platforms that need to be supported. Join Ruud and learn how to test these additional cloud requirements to get a grip on technical test issues, explore cloud services operations, and jump-start the broader scope of testing in the cloud. Take back practical approaches for tuning and tweaking your present test techniques to fly high in the cloud.
BSIMM: Bringing Science to Software SecurityCigital
There is an old management adage that says “You can’t manage what you don’t measure.” The Building Security in Maturity Model (BSIMM) applies scientific principles to the field of software security to effectively measure security activities across industries and business units. The BSIMM enables experts like you to discover what exists in the application security universe, how those things work today, how they worked in the past and how they are likely to work in the future.
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Peter1020
-The Current Global Digital Threat Climate
-Cyber-Trends Against The U.S. Financial Service Sector
-Considerations Prior To Outsourcing
-Pitfalls In International Partnerships
-Communications, Connections, And Security Considerations Between Locations
-Dealing With Data Exposures
-5 Things You Can Do To Protect Your Existing Outsourcing Right Now
Session 2 10:30am-11:30am
-Technology Outsourcing Trends
-Secure Outsourcing Technologies
-Collaboration Methods With Remote Teams
-How To Connect People With The Right Information At The Right Time And The Right Place
-How To Connect People With Fellow Employees, Vendors, Partners Or Other External Contacts Outside Of the Organization
-Project Management Technology Of Remote Resources
Companies are constantly seeking ways to ensure their application code is secure and effectively managed. For example, M&A assessors conduct one-time code audits on companies they are buying to avoid legal, operational or security pitfalls. Other organizations are proactive, using an ongoing solution to make sure their application code is secure and well managed on a day-to-day basis. Increasingly, many companies are opting to use both approaches.Join Bob Genshaft, Director Strategic Programs at Wolters Kluwer, and Black Duck's VP and General Manager On-Demand Audits Phil Odence for a discussion that will address key open source security and management questions:
· When is it appropriate to conduct an audit?
When should your company consider an ongoing solution?
· What are the benefits of doing both?
. What does an effective Open Source Policy look like?
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Black Duck by Synopsys
This webinar focuses on the issues related to improper use of open source software and how this can impact M&A and other partnering opportunities. Attendees will learn techniques to uncover potential issues and the benefits of properly managing your software assets to minimize delays and risks. Russell Hartz of SAP’s Corporate Development organization discusses their strategy and perspective on the subject and how they approach this kind of technical due diligence.
Legal Liability for IOT Cybersecurity VulnerabilitiesPriyanka Aash
There has been much discussion of "software liability," and whether new laws are needed to encourage or require safer software. My presentation will discuss how -- regardless of whether new laws are passed -- a tidal wave of litigation over defective IoT cybersecurity is just over the horizon.
The presentation will focus on a well-known example: Charlie Miller and Chris Valasek's 2015 Jeep hack. I'm lead counsel in the ongoing federal litigation over the cybersecurity defects Charlie and Chris exposed, and that are shared by 1.4 million Chrysler vehicles. As far as I know, our case is one of the first, and the biggest, that involves claims that consumers should be compensated for inadequate cybersecurity in IoT products.
This case is the tip of the iceberg. IOT products are ubiquitous, and in general their cybersecurity is feeble, at best. In the event of a cyberphysical IoT hack that causes injury, there are established legal doctrines that can be used to impose liability every company involved in the design, manufacturing, and distribution of an exploited IoT device or even its cyber-related components. Such liability could be crippling, if not fatal, for organizations that don't know how to properly handle and prepare for potential lawsuits.
Taking steps to minimize legal exposure before an accident happens or a lawsuit is filed—in the design, manufacture, product testing, and marketing phases of an IoT product—can be the difference between life and death for IoT companies. Knowing what steps to take and how to take them requires an understanding of the core legal principles that will be applied in determining whether a company is liable.
Protecting endpoints from targeted attacksAppSense
On this AppSense webinar, guest speaker Chris Sherman, Forrester Research analyst, shared five principles for an effective endpoint security strategy. Anti-virus software isn't enough anymore.
Dan O'Farrell, Sr. Director of Product Marketing for Cloud Computing at Dell, shared how highly-regulated industries have embraced VDI to increase security and reduce costs.
And Bassam Khan discussed how AppSense offers privilege management with just-in-time self-elevation and application control through trusted ownership. This allows you to manage and secure your endpoints while providing a great user experience. And our latest product, AppSense Insight, offers endpoint analytics. Contact us to request a demo at iwanttoknowmore@appsense.com.
Patching software is a constant challenge. The Equifax hack and subsequent FTC investigation has shown us that required patches aren’t limited to those published by commercial vendors. Open source updates are just as critical; tracing new vulnerabilities and updates to applications in which those components are used isn’t just a good practice, it’s a regulatory requirement.
A focused approach to managing open source risk is essential as the legal landscape quickly evolves, including requirements under the FTC Act, HIPAA, and the European Union’s General Data Protection Regulation (GDPR). Coupled with heightened regulatory enforcement, these requirements increase the pressures on companies to maintain data privacy and security. This session will cover common misconceptions about these requirements, and explain why open source management is essential to your overall security strategy.
As legislators continue to expand the scope of the laws governing information security, we will take a look at some of the new European-level laws in this area from an open source perspective, and consider their impact on OSS management practices. The session will focus on the General Data Protection Regulation, not only because it applies to everyone, but also because its requirements are in many ways the most detailed and prescriptive. During the session we will also touch on some industry-specific developments like the Network and Information Services Directive and the Electronic Identification Regulation. Dan will cover what the new laws say (and perhaps more importantly what they don’t say), how to go about applying them to your OSS management regime, and what you might need to think about changing as a result.
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
IT Security Initiatives create strategic and operational value to all enterprises; however, many IT professionals do not know how to economically quantify and forecast the benefits of IT security. Additionally, the new digital business ecosystem is resulting in rapid business cycles, which require faster speed and agility in all IT areas and IT services. The new ecosystem, largely caused by the Internet-of-Things, mobility and the Cloud, create a challenge for selecting and prioritizing IT security tools and projects. This session will present an overview of principles, models, trends and best practices, which can have been adopted by individuals and organizations to get right IT security initiatives approved.
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Denim Group
HP Protect 2015 Presentation with Denim Group's John Dickson and HP's Bruce Jenkins - Software security historically has been a bolt-on afterthought, frequently a "nice to do" and not a "must do" activity in many organizations. Despite the obvious need to build security in from the outset, organizations continue to struggle to gain momentum and focus resources in support of a structured and measurable software security assurance program. How can organizations determine the best-fit activities and appropriate resource allocation levels to adequately address software risk? How can security leaders know what other organizations are doing to produce more secure software? This session provides an overview of the Open Software Assurance Maturity Model (OpenSAMM) framework and illustrates how organizations can use it to give their security program the edge necessary to stay competitive in today's DevOps world and need-for-speed go-to-market strategies. The session includes case studies on how organizations are using comparative data and OpenSAMM benchmarking to realize measurable software security improvement.
Originally shared here - https://sessioncatalog.hpglobalevents.com/go/agendabuilder.sessions/?l=19&sid=4026_2744&locale=en_US
Incubated in IIT Kharagpur
Focused on addressing data theft, data loss with security analytics from on-premise and cloud platform, product christened as “inDefend” targeted for Enterprise, SMB and End-Consumers
Many organizations never achieve the significant benefits that are promised from automated test execution. Surprisingly often, this is not due to technical factors but to management issues. Dot Graham describes the most important management issues you must address for test automation success, and helps you understand and choose the best approaches for your organization—no matter which automation tools you use or your current state of automation. Dot explains how automation affects staffing, who should be responsible for which automation tasks, how managers can best support automation efforts leading to success, and what return on investment means in automated testing and what you can realistically expect. Dot also reviews the key technical issues that can make or break the automation effort. Come away with an example set of automation objectives and measures, and a draft test automation strategy that you can use to plan or improve your own automation.
Sometimes software testers overvalue the adherence to the collective wisdom embodied in organizational processes and the mechanical execution of tasks. Overly directive procedures work—to a point—projecting an impression of firm, clear control. But do they generate test results that are valuable to our stakeholders? Is there a way to orchestrate everyone’s creative contributions without inviting disorganized confusion? Is there a model that leverages the knowledge and creativity of the people doing the work, yet exerts reliable control in a non-directive way? Griffin Jones shares just such a model, describing its prescriptive versus discretionary parts and its dynamic and adaptive nature. Task activities are classified into types and control preferences. Griffin explores archetypes of control and their associated underlying values. Leave with an understanding of how you can leverage the wisdom and creativity of your people to make your testing more valuable and actionable.
Test Automation for Packaged Systems: Yes, You Can!TechWell
Today, most businesses are heavily dependent on packaged systems, sometimes called commercial off-the-shelf software, for large parts of their operation. Highly-customizable packages such as BMC’s Remedy, Oracle's Maxim, and many others run the show at many of the world’s largest companies. While offering many features and feature options, these packages provide rich software development environments and a “configuration” that is a highly complex programming exercise. Chris Bushell explores why packaged systems, which are just as vulnerable to defects as custom-developed software, have been missing out on the many benefits of early automated testing. Chris argues that it's time for a change. Drawing from hands-on experience working with customized packaged systems, Chris explains that these packages offer ease of customization over testability and offers information on overcoming their limitations. Take away tips to reduce defects, lower testing costs, and improve time to market with your company’s packaged systems.
It’s All Fun and Games: Using Play to Improve Tester CreativityTechWell
The number of software test tools keeps expanding, and individual tools are continuously becoming more advanced. However, there is no doubt that a tester’s most important—yet often neglected and underused—tool is the mind. As testers, we need to employ our intelligence, imagination, and creativity to gain information about the system under test. Humans are biologically designed to learn through play, and even as adults we can exploit this and harness the power of play to encourage and drive our creativity. Christin Wiedemann shows how you and your team can employ games and puzzles to practice and enhance cognitive skills that are especially important to testers including critical thinking, pattern recognition, and the ability to quickly process and understand new information. Not only will play make you a better tester but it will also make testing more fun. Learn to think critically and question your testing assumptions.
Make the Cloud Less Cloudy: A Perspective for Software Development TeamsTechWell
With so many technologies branded as “cloud” products, it can be difficult to distinguish good technology from good marketing. The resulting confusion complicates the work of software development teams who are trying not only to architect software effectively but also trying to accelerate building, testing, and delivering software. To cut through this confusion, Bill Wilder defines key cloud terms, compares the different types of clouds, and drills into concrete examples of specific cloud services. Introducing several software architecture concepts and patterns, Bill illustrates how to position applications to run reliably, at high scale (if needed), and with maximum cost efficiency on modern cloud platforms. Specific examples are drawn from the Windows Azure and Amazon cloud platforms, though the concepts are generally applicable. Leave with an understanding of relevant cloud concepts, a better idea of how moving to the “cloud” can impact application architecture, and some practical ideas for exploiting the cloud to improve software development team productivity.
Dealing with Estimation, Uncertainty, Risk, and CommitmentTechWell
Software projects are known to have challenges with estimation, uncertainty, risk, and commitment—and the most valuable projects often carry the most risk. Other industries also encounter risk and generate value by understanding and managing that risk effectively. Todd Little explores techniques used in a number of risky businesses—product development, oil and gas exploration, investment banking, medicine, weather forecasting, and gambling—and shares what those industries have done to manage uncertainty. With studies of software development estimations and uncertainties, Todd discusses how software practitioners can learn from a better understanding of uncertainty and its dynamics. In addition, he introduces techniques and approaches to estimation and risk management including utilizing real options and one of its key elements—understanding commitment. Take away a better understanding of the challenges of estimation and what software practitioners can do to better manage estimation, risks, and their commitments.
Are you overwhelmed by the number of mobile devices you need to test? The device market is large and new devices become available almost weekly. Karen Johnson discusses three key challenges to mobile testing—device selection, user interface, and device and application settings—and leads you through each. Learn how to select which devices to test and how to keep up-to-date in the ever-changing mobile market. Need to learn about user interface testing on mobile? Karen reviews mobile UX concepts and design. Wonder what device settings can impact your mobile app testing? Karen reviews common settings you need to consider. In addition to these mobile testing challenges, Karen guides you on how to conduct a competitive analysis of mobile apps. Learning how to conduct a survey of mobile apps and becoming aware of your competitors’ offerings are important to grow your own mobile knowledge.
To be most effective, test managers must develop and use metrics to help direct the testing effort and make informed recommendations about the software’s release readiness and associated risks. Because one important testing activity is to “measure” the quality of the software, test managers must measure the results of both the development and testing processes. Collecting, analyzing, and using metrics is complicated because many developers and testers are concerned that the metrics will be used against them. Join Rick Craig as he addresses common metrics—measures of product quality, defect removal efficiency, defect density, defect arrival rate, and testing status. Learn the guidelines for developing a test measurement program, rules of thumb for collecting data, and ways to avoid “metrics dysfunction.” Rick identifies several metrics paradigms—including Goal-Question-Metric—and discusses the pros and cons of each. Delegates are urged to bring their metrics problems and issues for use as discussion points.
Agile at Scale with Scrum: The Good, the Bad, and the UglyTechWell
Come hear the story of how a business unit at one of the world's largest networking companies transitioned to Scrum in eighteen months. The good-more than forty teams in one part of the company moved quickly and are going gangbusters. The bad-an adjacent part failed in its transition. The ugly-if you're in a large company with globally distributed teams, it's not hard to torpedo Scrum adoption. Steve Spearman and Heather Gray describe Scrum adoption challenges for a multi-million line, monolithic system developed across multiple locations worldwide. They share the techniques and tools that helped them implement Scrum in just two project cycles and the reasons part of the company failed to make the leap. Find out how they gained critical executive support, moved from component-based specialization to Scrum's generalizing specialists, found enough ScrumMasters, adjusted to twelve-hour time differences, and dealt with classical PMOs. Take away concrete approaches to improve your enterprise agile conversion-and an appreciation for problems you will surely face.
Risk-based Testing: Not for the FaintheartedTechWell
If you’ve tried to make testing really count, you know that “risk” plays a fundamental part in deciding where to direct your testing efforts and how much testing is enough. Unfortunately, project managers often do not understand or fully appreciate the test team’s view of risk—until it is too late. Is it their problem or is it ours? After spending a year on a challenging project that was set up as purely a risk mitigation exercise, George Wilkinson saw first-hand how risk management can play a vital role in providing focus for our testing activities, and how sometimes we as testers need to improve our communication of those risks to the project stakeholders. George provides a foundation for anyone who is serious about understanding risk and employing risk-based testing on projects. He describes actions and behaviors we should demonstrate to ensure the risks are understood, thus allowing us to be more effective during testing.
Even today, to the detriment of agile success, most organizational cultures remain delivery date-driven—resulting in delivery teams that are not focused on creating value for the customer. So how can we redirect stakeholders, the business, and the project team to concentrate on delivering the greatest value rather than simply meeting dates? Pollyanna Pixton describes the tools she has used in collaboration sessions to help all stakeholders and team members begin the process of adopting customer-centric agile methods. These tools include laying out an end-to-end customer journey, forming reusable decision filters to help prioritize backlogs, converting features into actionable user stories, and developing a solid process for making group decisions and communicating those decisions. Pollyanna shares questions that product owners and managers can use to define the problem while making sure they don't solve the problem prematurely. After all, that is the responsibility of the delivery team.
Creating Great User Experiences: Tips and TechniquesTechWell
Many software people look at creating great user experiences as a black art, something to guess at and hope for the best. It doesn't have to be that way! Jennifer Fraser explores the key ingredients for great user experience (UX) designs and shares the techniques she employs early-and often-during development. Find out how Jennifer fosters communications with users and devs, and works pro-actively to ensure true collaboration among UX designers and the rest of the team. Whether your team employs a formal agile methodology or not, Jennifer asserts that you need an iterative and incremental approach for creating great UX experiences. She shares her toolkit of communication techniques-blue-sky brainstorming sessions, structured conversation, and more-to use with different personality types and describes which types may approach decisions objectively versus empathetically. Leave with examples of UX design methods-personas, use scenarios, and user stories-to get you started on your current and upcoming projects.
“People are the most important asset of any organization.” Even though we hear that a lot, leaders and managers actually spend very little time focusing on the people side of testing. The skills and makeup of a test team are important and must be managed and cultivated properly. Individuals are very different and will react differently to various situations. Lloyd Roden describes the “tester’s style analysis questionnaire” and four types of testers—the pragmatist, the facilitator, the analyst, and the pioneer. When we recognize and acknowledge individual differences, we can use the individual’s strengths rather than dwell on the weaknesses. Lloyd examines how conflicts arise and how this style analysis questionnaire can help defuse conflicts to bring out the best in teams. Recruiting can be difficult, too. How do we recognize good testers during interviews? Once again, the style analysis can help. Lloyd provides Seven Top Tips for motivating your team to become more productive. Join Lloyd and take back ideas to help you assemble your most effective team.
Legal Liability for IOT Cybersecurity VulnerabilitiesPriyanka Aash
There has been much discussion of "software liability," and whether new laws are needed to encourage or require safer software. My presentation will discuss how -- regardless of whether new laws are passed -- a tidal wave of litigation over defective IoT cybersecurity is just over the horizon.
The presentation will focus on a well-known example: Charlie Miller and Chris Valasek's 2015 Jeep hack. I'm lead counsel in the ongoing federal litigation over the cybersecurity defects Charlie and Chris exposed, and that are shared by 1.4 million Chrysler vehicles. As far as I know, our case is one of the first, and the biggest, that involves claims that consumers should be compensated for inadequate cybersecurity in IoT products.
This case is the tip of the iceberg. IOT products are ubiquitous, and in general their cybersecurity is feeble, at best. In the event of a cyberphysical IoT hack that causes injury, there are established legal doctrines that can be used to impose liability every company involved in the design, manufacturing, and distribution of an exploited IoT device or even its cyber-related components. Such liability could be crippling, if not fatal, for organizations that don't know how to properly handle and prepare for potential lawsuits.
Taking steps to minimize legal exposure before an accident happens or a lawsuit is filed—in the design, manufacture, product testing, and marketing phases of an IoT product—can be the difference between life and death for IoT companies. Knowing what steps to take and how to take them requires an understanding of the core legal principles that will be applied in determining whether a company is liable.
Protecting endpoints from targeted attacksAppSense
On this AppSense webinar, guest speaker Chris Sherman, Forrester Research analyst, shared five principles for an effective endpoint security strategy. Anti-virus software isn't enough anymore.
Dan O'Farrell, Sr. Director of Product Marketing for Cloud Computing at Dell, shared how highly-regulated industries have embraced VDI to increase security and reduce costs.
And Bassam Khan discussed how AppSense offers privilege management with just-in-time self-elevation and application control through trusted ownership. This allows you to manage and secure your endpoints while providing a great user experience. And our latest product, AppSense Insight, offers endpoint analytics. Contact us to request a demo at iwanttoknowmore@appsense.com.
Patching software is a constant challenge. The Equifax hack and subsequent FTC investigation has shown us that required patches aren’t limited to those published by commercial vendors. Open source updates are just as critical; tracing new vulnerabilities and updates to applications in which those components are used isn’t just a good practice, it’s a regulatory requirement.
A focused approach to managing open source risk is essential as the legal landscape quickly evolves, including requirements under the FTC Act, HIPAA, and the European Union’s General Data Protection Regulation (GDPR). Coupled with heightened regulatory enforcement, these requirements increase the pressures on companies to maintain data privacy and security. This session will cover common misconceptions about these requirements, and explain why open source management is essential to your overall security strategy.
As legislators continue to expand the scope of the laws governing information security, we will take a look at some of the new European-level laws in this area from an open source perspective, and consider their impact on OSS management practices. The session will focus on the General Data Protection Regulation, not only because it applies to everyone, but also because its requirements are in many ways the most detailed and prescriptive. During the session we will also touch on some industry-specific developments like the Network and Information Services Directive and the Electronic Identification Regulation. Dan will cover what the new laws say (and perhaps more importantly what they don’t say), how to go about applying them to your OSS management regime, and what you might need to think about changing as a result.
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
IT Security Initiatives create strategic and operational value to all enterprises; however, many IT professionals do not know how to economically quantify and forecast the benefits of IT security. Additionally, the new digital business ecosystem is resulting in rapid business cycles, which require faster speed and agility in all IT areas and IT services. The new ecosystem, largely caused by the Internet-of-Things, mobility and the Cloud, create a challenge for selecting and prioritizing IT security tools and projects. This session will present an overview of principles, models, trends and best practices, which can have been adopted by individuals and organizations to get right IT security initiatives approved.
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Denim Group
HP Protect 2015 Presentation with Denim Group's John Dickson and HP's Bruce Jenkins - Software security historically has been a bolt-on afterthought, frequently a "nice to do" and not a "must do" activity in many organizations. Despite the obvious need to build security in from the outset, organizations continue to struggle to gain momentum and focus resources in support of a structured and measurable software security assurance program. How can organizations determine the best-fit activities and appropriate resource allocation levels to adequately address software risk? How can security leaders know what other organizations are doing to produce more secure software? This session provides an overview of the Open Software Assurance Maturity Model (OpenSAMM) framework and illustrates how organizations can use it to give their security program the edge necessary to stay competitive in today's DevOps world and need-for-speed go-to-market strategies. The session includes case studies on how organizations are using comparative data and OpenSAMM benchmarking to realize measurable software security improvement.
Originally shared here - https://sessioncatalog.hpglobalevents.com/go/agendabuilder.sessions/?l=19&sid=4026_2744&locale=en_US
Incubated in IIT Kharagpur
Focused on addressing data theft, data loss with security analytics from on-premise and cloud platform, product christened as “inDefend” targeted for Enterprise, SMB and End-Consumers
Many organizations never achieve the significant benefits that are promised from automated test execution. Surprisingly often, this is not due to technical factors but to management issues. Dot Graham describes the most important management issues you must address for test automation success, and helps you understand and choose the best approaches for your organization—no matter which automation tools you use or your current state of automation. Dot explains how automation affects staffing, who should be responsible for which automation tasks, how managers can best support automation efforts leading to success, and what return on investment means in automated testing and what you can realistically expect. Dot also reviews the key technical issues that can make or break the automation effort. Come away with an example set of automation objectives and measures, and a draft test automation strategy that you can use to plan or improve your own automation.
Sometimes software testers overvalue the adherence to the collective wisdom embodied in organizational processes and the mechanical execution of tasks. Overly directive procedures work—to a point—projecting an impression of firm, clear control. But do they generate test results that are valuable to our stakeholders? Is there a way to orchestrate everyone’s creative contributions without inviting disorganized confusion? Is there a model that leverages the knowledge and creativity of the people doing the work, yet exerts reliable control in a non-directive way? Griffin Jones shares just such a model, describing its prescriptive versus discretionary parts and its dynamic and adaptive nature. Task activities are classified into types and control preferences. Griffin explores archetypes of control and their associated underlying values. Leave with an understanding of how you can leverage the wisdom and creativity of your people to make your testing more valuable and actionable.
Test Automation for Packaged Systems: Yes, You Can!TechWell
Today, most businesses are heavily dependent on packaged systems, sometimes called commercial off-the-shelf software, for large parts of their operation. Highly-customizable packages such as BMC’s Remedy, Oracle's Maxim, and many others run the show at many of the world’s largest companies. While offering many features and feature options, these packages provide rich software development environments and a “configuration” that is a highly complex programming exercise. Chris Bushell explores why packaged systems, which are just as vulnerable to defects as custom-developed software, have been missing out on the many benefits of early automated testing. Chris argues that it's time for a change. Drawing from hands-on experience working with customized packaged systems, Chris explains that these packages offer ease of customization over testability and offers information on overcoming their limitations. Take away tips to reduce defects, lower testing costs, and improve time to market with your company’s packaged systems.
It’s All Fun and Games: Using Play to Improve Tester CreativityTechWell
The number of software test tools keeps expanding, and individual tools are continuously becoming more advanced. However, there is no doubt that a tester’s most important—yet often neglected and underused—tool is the mind. As testers, we need to employ our intelligence, imagination, and creativity to gain information about the system under test. Humans are biologically designed to learn through play, and even as adults we can exploit this and harness the power of play to encourage and drive our creativity. Christin Wiedemann shows how you and your team can employ games and puzzles to practice and enhance cognitive skills that are especially important to testers including critical thinking, pattern recognition, and the ability to quickly process and understand new information. Not only will play make you a better tester but it will also make testing more fun. Learn to think critically and question your testing assumptions.
Make the Cloud Less Cloudy: A Perspective for Software Development TeamsTechWell
With so many technologies branded as “cloud” products, it can be difficult to distinguish good technology from good marketing. The resulting confusion complicates the work of software development teams who are trying not only to architect software effectively but also trying to accelerate building, testing, and delivering software. To cut through this confusion, Bill Wilder defines key cloud terms, compares the different types of clouds, and drills into concrete examples of specific cloud services. Introducing several software architecture concepts and patterns, Bill illustrates how to position applications to run reliably, at high scale (if needed), and with maximum cost efficiency on modern cloud platforms. Specific examples are drawn from the Windows Azure and Amazon cloud platforms, though the concepts are generally applicable. Leave with an understanding of relevant cloud concepts, a better idea of how moving to the “cloud” can impact application architecture, and some practical ideas for exploiting the cloud to improve software development team productivity.
Dealing with Estimation, Uncertainty, Risk, and CommitmentTechWell
Software projects are known to have challenges with estimation, uncertainty, risk, and commitment—and the most valuable projects often carry the most risk. Other industries also encounter risk and generate value by understanding and managing that risk effectively. Todd Little explores techniques used in a number of risky businesses—product development, oil and gas exploration, investment banking, medicine, weather forecasting, and gambling—and shares what those industries have done to manage uncertainty. With studies of software development estimations and uncertainties, Todd discusses how software practitioners can learn from a better understanding of uncertainty and its dynamics. In addition, he introduces techniques and approaches to estimation and risk management including utilizing real options and one of its key elements—understanding commitment. Take away a better understanding of the challenges of estimation and what software practitioners can do to better manage estimation, risks, and their commitments.
Are you overwhelmed by the number of mobile devices you need to test? The device market is large and new devices become available almost weekly. Karen Johnson discusses three key challenges to mobile testing—device selection, user interface, and device and application settings—and leads you through each. Learn how to select which devices to test and how to keep up-to-date in the ever-changing mobile market. Need to learn about user interface testing on mobile? Karen reviews mobile UX concepts and design. Wonder what device settings can impact your mobile app testing? Karen reviews common settings you need to consider. In addition to these mobile testing challenges, Karen guides you on how to conduct a competitive analysis of mobile apps. Learning how to conduct a survey of mobile apps and becoming aware of your competitors’ offerings are important to grow your own mobile knowledge.
To be most effective, test managers must develop and use metrics to help direct the testing effort and make informed recommendations about the software’s release readiness and associated risks. Because one important testing activity is to “measure” the quality of the software, test managers must measure the results of both the development and testing processes. Collecting, analyzing, and using metrics is complicated because many developers and testers are concerned that the metrics will be used against them. Join Rick Craig as he addresses common metrics—measures of product quality, defect removal efficiency, defect density, defect arrival rate, and testing status. Learn the guidelines for developing a test measurement program, rules of thumb for collecting data, and ways to avoid “metrics dysfunction.” Rick identifies several metrics paradigms—including Goal-Question-Metric—and discusses the pros and cons of each. Delegates are urged to bring their metrics problems and issues for use as discussion points.
Agile at Scale with Scrum: The Good, the Bad, and the UglyTechWell
Come hear the story of how a business unit at one of the world's largest networking companies transitioned to Scrum in eighteen months. The good-more than forty teams in one part of the company moved quickly and are going gangbusters. The bad-an adjacent part failed in its transition. The ugly-if you're in a large company with globally distributed teams, it's not hard to torpedo Scrum adoption. Steve Spearman and Heather Gray describe Scrum adoption challenges for a multi-million line, monolithic system developed across multiple locations worldwide. They share the techniques and tools that helped them implement Scrum in just two project cycles and the reasons part of the company failed to make the leap. Find out how they gained critical executive support, moved from component-based specialization to Scrum's generalizing specialists, found enough ScrumMasters, adjusted to twelve-hour time differences, and dealt with classical PMOs. Take away concrete approaches to improve your enterprise agile conversion-and an appreciation for problems you will surely face.
Risk-based Testing: Not for the FaintheartedTechWell
If you’ve tried to make testing really count, you know that “risk” plays a fundamental part in deciding where to direct your testing efforts and how much testing is enough. Unfortunately, project managers often do not understand or fully appreciate the test team’s view of risk—until it is too late. Is it their problem or is it ours? After spending a year on a challenging project that was set up as purely a risk mitigation exercise, George Wilkinson saw first-hand how risk management can play a vital role in providing focus for our testing activities, and how sometimes we as testers need to improve our communication of those risks to the project stakeholders. George provides a foundation for anyone who is serious about understanding risk and employing risk-based testing on projects. He describes actions and behaviors we should demonstrate to ensure the risks are understood, thus allowing us to be more effective during testing.
Even today, to the detriment of agile success, most organizational cultures remain delivery date-driven—resulting in delivery teams that are not focused on creating value for the customer. So how can we redirect stakeholders, the business, and the project team to concentrate on delivering the greatest value rather than simply meeting dates? Pollyanna Pixton describes the tools she has used in collaboration sessions to help all stakeholders and team members begin the process of adopting customer-centric agile methods. These tools include laying out an end-to-end customer journey, forming reusable decision filters to help prioritize backlogs, converting features into actionable user stories, and developing a solid process for making group decisions and communicating those decisions. Pollyanna shares questions that product owners and managers can use to define the problem while making sure they don't solve the problem prematurely. After all, that is the responsibility of the delivery team.
Creating Great User Experiences: Tips and TechniquesTechWell
Many software people look at creating great user experiences as a black art, something to guess at and hope for the best. It doesn't have to be that way! Jennifer Fraser explores the key ingredients for great user experience (UX) designs and shares the techniques she employs early-and often-during development. Find out how Jennifer fosters communications with users and devs, and works pro-actively to ensure true collaboration among UX designers and the rest of the team. Whether your team employs a formal agile methodology or not, Jennifer asserts that you need an iterative and incremental approach for creating great UX experiences. She shares her toolkit of communication techniques-blue-sky brainstorming sessions, structured conversation, and more-to use with different personality types and describes which types may approach decisions objectively versus empathetically. Leave with examples of UX design methods-personas, use scenarios, and user stories-to get you started on your current and upcoming projects.
“People are the most important asset of any organization.” Even though we hear that a lot, leaders and managers actually spend very little time focusing on the people side of testing. The skills and makeup of a test team are important and must be managed and cultivated properly. Individuals are very different and will react differently to various situations. Lloyd Roden describes the “tester’s style analysis questionnaire” and four types of testers—the pragmatist, the facilitator, the analyst, and the pioneer. When we recognize and acknowledge individual differences, we can use the individual’s strengths rather than dwell on the weaknesses. Lloyd examines how conflicts arise and how this style analysis questionnaire can help defuse conflicts to bring out the best in teams. Recruiting can be difficult, too. How do we recognize good testers during interviews? Once again, the style analysis can help. Lloyd provides Seven Top Tips for motivating your team to become more productive. Join Lloyd and take back ideas to help you assemble your most effective team.
Agile practices have proven to help software teams develop better software products while shortening delivery cycles to weeks and even days. To respond to the new challenges of cloud computing, mobility, big data, social media, and more, organizations need to extend these agile practices and principles beyond software engineering departments and into the broader organization. Adaptive leadership principles offer managers and development professionals the tools they need to accelerate the move toward agility throughout IT and the enterprise. Jim Highsmith presents the three dimensions of adaptive leadership and offers an integrated approach for helping you spread agile practices across your wider organization. Jim introduces the “riding paradox” and explores the elements of an exploring, engaging, and adaptive leadership style. Learn about the good things that can happen when you coherently articulate why agility is so critical today and then follow up with a plan of action. Find out how to build a continuous delivery capability within your company-at the team, department, and organization levels.
Designing Self-maintaining UI Tests for Web ApplicationsTechWell
Test automation scripts are in a constant state of obsolescence. New features are added, changes are made, and testers learn about these changes long after they've been implemented. Marcus Merrell helped design a system in which a "model" is created each time a developer changes code that affects the UI. That model is checked against the suite of automated tests for validity. Changes that break the tests are apparent to the developer before his code is even checked in. Then, when features are added, the model is regenerated and automation can immediately address brand-new areas of the UI. Marcus describes fundamental test design and architecture best practices, applicable to any project. Then he demonstrates this new approach: parsing an application's presentation layer to generate an addressable model for testing. Marcus shows several case studies and successful implementations, as well as an open-source project that can have you prototyping your own model before you leave for home.
Data Collection and Analysis for Better RequirementsTechWell
According to studies, 64 percent of features in systems are rarely—or never—used. How does this happen? Today, the work of eliciting the customers' true needs, which often remains elusive, can be enhanced using data-driven requirements techniques. Brandon Carlson describes why traditional requirements analysis is so difficult and presents a set of seven data collection approaches and analysis techniques you can employ on your projects right away. Learn how to instrument existing applications and develop new requirements based on operational profiles of the current system. Learn to use A/B testing—a technique for trying out and analyzing alternative implementations—on your current system to determine which new features will deliver the most business value. With these tools at hand, you can help users and business stakeholders decide the best approaches and new features to meet their real needs. Now is the time to take the guesswork out of requirements and get the facts.
Cause-Effect Graphing: Rigorous Test Case DesignTechWell
A tester’s toolbox today contains a number of test case design techniques—classification trees, pairwise testing, design of experiments-based methods, and combinatorial testing. Each of these methods is supported by automated tools. Tools provide consistency in test case design, which can increase the all-important test coverage in software testing. Cause-effect graphing, another test design technique, is superior from a test coverage perspective, reducing the number of test cases needed to provide excellent coverage. Gary Mogyorodi describes these black box test case design techniques, summarizes the advantages and disadvantages of each technique, and provides a comparison of the features of the tools that support them. Using an example problem, he compares the number of test cases derived and the test coverage obtained using each technique, highlighting the advantages of cause-effect graphing. Join Gary to see what new techniques you might want to add to your toolbox.
Free? Is anything free these days? Based on her experience working with organizational leaders and her research into what drives organizational performance, Pollyanna Pixton shares six ideas—and the keys to their effective implementation—to help assure the success of your agile teams. As a bonus, her suggestions won’t cost you a thing. Pollyanna’s first free idea is how to create a culture of trust—the keystone of open collaboration—within your team and organization. The second free idea is about ownership—how to give it and not take it back. Third is empowering teams to make decisions by helping them understand and internalize the project and product’s purpose and value. The number four idea is that you can only fix processes, not people. Invest your energy toward the correct target. Idea five is to match people’s roles to their passion. Her final free idea is that integrity does matter—and matters most. Explore with Pollyanna why each of these ideas is important and how you can adopt them on your agile team.
EuroSTAR Software Testing Conference 2012 presentation on Testing Cloud Services by Blokland & Mengerink. See more at: http://conference.eurostarsoftwaretesting.com/past-presentations/
Going Cloudy? How to test SaaS? with Kees Blokland TEST Huddle
View webinar: http://www.eurostarconferences.com/community/member/webinar-archive/webinar-80-going-cloudy-how-to-test-saas
The introduction of cloud computing has changed the playing field for testing. Testing needs to evolve and innovate to address the newly introduced risks that come with "going cloudy" with application services. How do we make sure that the continuity of services is guaranteed? In this webinar Kees Blokland introduces new solutions to tackle the new risks that arise with SaaS. How to use innovative combinations of testing techniques to cope with this phenomenon.
On September 17 Polteq contributed to the EuroSTAR online event ”Software Testing Summit” with a webinar about testing cloud services with title ”Going Cloudy? How to test SaaS?”
Moving into the Cloud: Make Sure your Test Approach is Cloud Proof by Ruud Te...TEST Huddle
Ruud Teunissen shares with you an experience based approach for testing cloud services, and helps you find out how to link cloud related risks inventively to new and updated test measures. Join this webinar to learn to identify specific requirements, risks, and test strategies for your company to migrate applications to the cloud. Get a grip on selection and operation of cloud services and a jump-start in the widened scope of testing in the cloud. This presentation was given to the EuroSTAR Software Testing Community at a webinar in April 2012.
The Catastrophic change and disruption in IT are imposing quality challenges, testing organisations need to be equipped for this massive change in a pragmatic and robust test strategy.
Gitte Ottosen - Agility and Process Maturity, Of Course They Mix!TEST Huddle
EuroSTAR Software Testing Conference 2008 presentation on Agility and Process Maturity, Of Course They Mix! by Gitte Ottosen. See more at conferences.eurostarsoftwaretesting.com/past-presentations/
Mark Sage (AREA): Fulfilling the Potential of AR for EnterpriseAugmentedWorldExpo
A talk from the Work Track at AWE USA 2018 - the World's #1 XR Conference & Expo in Santa Clara, California May 30- June 1, 2018.
Mark Sage (AREA): Fulfilling the Potential of AR for Enterprise
Want to understand the status of the Enterprise AR market? Find out about the latest research, initiatives and benefits the only global alliance focused on developing the enterprise AR ecosystem is working on. This is a must see session for anyone interested in enterprise AR!
http://AugmentedWorldExpo.com
Continuous Delivery for people who do not write code - Matthew Skelton - ConfluxMatthew Skelton
Continuous Delivery is a proven set of practices for reliable software releases through build, test, and deployment automation. Organisations around the world have adopted Continuous Delivery (CD) to increase speed and safety of software changes whilst reducing errors and problems in Production.
This talk is an overview of Continuous Delivery for people who do not write code. If you are a delivery manager, project manager, release manager, operations person, business analyst, or anyone else involved in the building, testing, releasing, and running of software systems, this talk will give you an understanding of what Continuous Delivery is about and how it feels to be part of a CD organisation.
(From a talk given in Leeds, UK on 24 Sept 2018)
Cloud computing is rapidly changing the way systems are developed, tested, and deployed. New system hosting capabilities—software as a service (SaaS), platform as a service (PaaS), infrastructure as a service (IaaS)—are forcing us to review and revise our testing processes. At the same time, cloud computing is affording us opportunities to employ new test tooling solutions, which we call testing as a service (TaaS). In this technical session, Martin Pol and Jeroen Mengerink focus on testing SaaS systems, describing relevant IaaS and PaaS capabilities along the way. They discuss how to test performance of the cloud itself and ways to take advantage of the resource elasticity afforded by cloud computing. Martin and Jeroen explore the risks―some traditional, others completely new—that arise when organizations implement cloud computing and describe the tests you need to design to mitigate these risks.
In today’s complex and dynamic environment with growing digital business demands, IT often struggles to gain adequate visibility and control, and to ensure compliance with security policies and regulatory guidelines. Effective security policy management that accommodates the dynamic nature of today’s organizations is a key challenge for many IT departments.
Cloud computing can be safe, uncomplicated and move the organization forward IF YOU DO YOUR DUE DILIGENCE!!
It's your data and your neck so don't be afraid to ask the right questions and get them in writing
Over the last decade, large number of commercial & open source test tools have entered the field of testing. However, these tools still do not address gaps that are not big enough yet cannot be ignored. Testing IP backed by leadership in test engineering and management can help accelerate various testing activities through out the software test life cycle. Non-linear growth is the way forward for services industry and in particular software testing services. Conventional FTE based models do not add value anymore. Helping clients jump-start the QA initiatives in terms of productivity, quality and cost through Testing IP is the future.
ComResource's Agency Solutions Offering - Focused on Cybersecurity awareness for Nationwide Insurance agents. For more information, please visit: https://bit.ly/AgencySolutions
Do you ever feel you have lost confidence in your own abilities? Why does this happen? Isabel Evans spends a lot of time painting. Someone once commented, “Why are you doing this, when you are not very good at it?” And gradually she stopped drawing and painting, after being intimidated by a conventional vision of what good art should look like. At the same time, she experienced a parallel loss of confidence in her professional abilities. Attempting creative pursuits like drawing and painting is essential to cognitive, emotional, creative abilities and she began to understand the correlation between her creative activities and her confidence. Making errors, being wrong, failing – that is a generous gift we receive when we practice outside our skill level. By staying in a comfort zone and repeating successes, we stagnate. As Isabel started to create again she thought “I don’t feel good at it, I do feel good doing it” The difference was that she was learning, having ideas and the act of re-engaging with failure, together with the comradeship of friends and colleagues, including at Women Who Test, Isabel has regained her confidence in her professional abilities, and been able to reboot her career and joy. Join Isabel to share a journey from self-perceived failure, to recovery and renewed learning.
Instill a DevOps Testing Culture in Your Team and Organization TechWell
The DevOps movement is here. Companies across many industries are breaking down siloed IT departments and federating them into product development teams. Testing and its practices are at the heart of these changes. Traditionally, IT organizations have been staffed with mostly manual testers and a limited number of automation and performance engineers. To keep pace with development in the new “you build it, you own it” environment, testing teams and individuals must develop new technical skills and even embrace coding to stay relevant and add greater value to the business. DevOps really starts with testing. Join Adam Auerbach as he explains what DevOps is and how it relates to testing. He describes how testing must change from top to bottom and how to access your own environment to identify improvement opportunities. Adam dives into practices like service virtualization, test data management, and continuous testing so you can understand where you are now and identify steps needed to instill a DevOps testing culture in your team and organization.
Test Design for Fully Automated Build ArchitectureTechWell
Imagine this … As soon as any developed functionality is submitted into the code repository, it is automatically subjected to the appropriate battery of tests and then released straight into production. Setting up the pipeline capable of doing just that is becoming more and more common and something you need to know about. But most organizations hit the same stumbling block—just what IS the appropriate battery of tests? Automated build architectures don't always lend themselves well to the traditional stages of testing. In this hands-on tutorial, Melissa Benua introduces you to key test design principles—applicable to organizations both large and small—that allow you to take full advantage of the pipeline's capabilities without introducing unnecessary bottlenecks. Learn how to make highly reliable tests that run fast and preserve just enough information to let testers and developers determine exactly what went wrong and how to reproduce the error locally. Explore ways to reduce overlap while still maintaining adequate test coverage. Take back ideas about which test areas could benefit from being combined into a single suite and which areas could benefit most from being broken out altogether.
System-Level Test Automation: Ensuring a Good StartTechWell
Many organizations invest a lot of effort in test automation at the system level but then have serious problems later on. As a leader, how can you ensure that your new automation efforts will get off to a good start? What can you do to ensure that your automation work provides continuing value? This tutorial covers both “theory” and “practice”. Dot Graham explains the critical issues for getting a good start, and Chris Loder describes his experiences in getting good automation started at a number of companies. The tutorial covers the most important management issues you must address for test automation success, particularly when you are new to automation, and how to choose the best approaches for your organization—no matter which automation tools you use. Focusing on system level testing, Dot and Chris explain how automation affects staffing, who should be responsible for which automation tasks, how managers can best support automation efforts to promote success, what you can realistically expect in benefits and how to report them. They explain—for non-techies—the key technical issues that can make or break your automation effort. Come away with your own clarified automation objectives, and a draft test automation strategy to use to plan your own system-level test automation.
Build Your Mobile App Quality and Test StrategyTechWell
Let’s build a mobile app quality and testing strategy together. Whether you have a web, hybrid, or native app, building a quality and testing strategy means (1) knowing what data and tools you have available to make agile decisions, (2) understanding your customers and your competitors, and (3) testing your app under real-world conditions. Jason Arbon guides you through the latest techniques, data, and tools to ensure the awesomeness of your mobile app quality and testing strategy. Leave this interactive session with a strategy for your very own app—or one you pretend to own. The information Jason shares is based on data from Appdiff’s next-gen mobile app testing platform, lessons from Applause/uTest’s crowd, text mining hundreds of millions of app store reviews, and in-depth discussions with top mobile app development teams.
Testing Transformation: The Art and Science for SuccessTechWell
Technologies, testing processes, and the role of the tester have evolved significantly in the past few years with the advent of agile, DevOps, and other new technologies. It is critical that we testing professionals evaluate ourselves and continue to add tangible value to our organizations. In your work, are you focused on the trivial or on real game changers? Jennifer Bonine describes critical elements that help you artfully blend people, process, and technology to create a synergistic relationship that adds value. Jennifer shares ideas on mastering politics, maneuvering core vs. context, and innovating your technology strategies and processes. She explores how new processes can be introduced in an organization, what the role of organizational culture is in determining the success of a project, and how you can know what tools will add value vs. simply adding overhead and complexity. Jennifer reviews critically needed tester skills and discusses a continual learning model to evolve your skills and stay relevant. This discussion can lead you to technologies, processes, and skills you can stake your career on.
We’ve all been there. We work incredibly hard to develop a feature and design tests based on written requirements. We build a detailed test plan that aligns the tests with the software and the documented business needs. And when we put the tests to the software, it all falls apart because the requirements were changed without informing everyone. Mary Thorn says help is at hand. Enter behavior-driven development (BDD), and Cucumber and SpecFlow, tools for running automated acceptance tests and facilitating BDD. Mary explores the nuances of Cucumber and SpecFlow, and shows you how to implement BDD and agile acceptance testing. By fostering collaboration for implementing active requirements via a common language and format, Cucumber and SpecFlow bridge the communication gap between business stakeholders and implementation teams. In this workshop, practice writing feature files with the best practices Mary has discovered over numerous implementations. If you experience developers not coding to requirements, testers not getting requirements updates, or customers who feel out of the loop and don’t get what they ask for, Mary has answers for you.
Develop WebDriver Automated Tests—and Keep Your SanityTechWell
Many teams go crazy because of brittle, high-maintenance automated test suites. Jim Holmes helps you understand how to create a flexible, maintainable, high-value suite of functional tests using Selenium WebDriver. Learn the basics of what to test, what not to test, and how to avoid overlapping with other types of testing. Jim includes both philosophical concepts and hands-on coding. Testers who haven't written code should not be intimidated! We'll pair you up to make sure you're successful. Learn to create practical tests dealing with advanced situations such as input validation, AJAX delays, and working with file downloads. Additionally, discover when you need to work together with developers to create a system that's more easily testable. This tutorial focuses primarily on automating web tests, but many of the same concepts can be applied to other UI environments. Demos and labs will be in C# and Java using WebDriver. Leave this tutorial having learned how to write high-value WebDriver tests—and stay sane while doing so.
DevOps is a cultural shift aimed at streamlining intergroup communication and improving operational efficiency for development and operations groups. Over time, inclusion of other IT groups under the DevOps umbrella has become the norm for many organizations. But even broadening the boundaries of DevOps, the conversation has been largely devoid of the business units’ place at the table. A common mistake organizations make while going through the DevOps transformation is drawing a line at the IT boundary. If that occurs, a larger, more inclusive silo within the organization is created, operating in an informational vacuum and causing operational inefficiency and goal misalignment. Sharing his experiences working on both sides of the fence, Leon Fayer describes the importance of including business units in order to align technology decisions with business goals. Leon discusses inclusion of business units in existing agile processes, benefits of cross-departmental monitoring, and a business-first approach to technology decisions.
Eliminate Cloud Waste with a Holistic DevOps StrategyTechWell
Chris Parlette maintains that renting infrastructure on demand is the most disruptive trend in IT in decades. In 2016, enterprises spent $23B on public cloud IaaS services. By 2020, that figure is expected to reach $65B. The public cloud is now used like a utility, and like any utility, there is waste. Who's responsible for optimizing the infrastructure and reducing wasted expenses? It’s DevOps. The excess expense, known as cloud waste, comprises several interrelated problems: services running when they don't need to be, improperly sized infrastructure, orphaned resources, and shadow IT. There are a few core tenets of DevOps—holistic thinking, no silos, rapid useful feedback, and automation—that can be applied to reducing your cloud waste. Join Chris to learn why you should include continuous cost optimization in your DevOps processes. Automate cost control, reduce your cloud expenses, and make your life easier.
Transform Test Organizations for the New World of DevOpsTechWell
With the recent emergence of DevOps across the industry, testing organizations are being challenged to transform themselves significantly within a short period of time to stay meaningful within their organizations. It’s not easy to plan and approach these changes considering the way testing organizations have remained structured for ages. These challenges start from foundational organizational structures and can cut across leadership influence, competencies, tools strategy, infrastructure, and other dimensions. Sumit Kumar shares his experience assisting various organizations to overcome these challenges using an organized DevOps enablement framework. The framework includes radical restructuring, turning the tools strategy upside down, a multidimensional workforce enablement supported by infrastructure changes, redeveloped collaborations models, and more. From his real world experiences Sumit shares tips for approaching this journey and explains the roadmap for testing organizations to transform themselves to lead the quality in DevOps.
The Fourth Constraint in Project Delivery—LeadershipTechWell
All too often, the triple constraints—time, cost, and quality—are bandied about as if they are the be-all, end-all. While they are important, leadership—the fourth and larger underpinning constraint—influences the first three. Statistics on project success and failure abound, and these measurements are usually taken against the triple constraints. According to the Project Management Institute, only 53 percent of projects are completed within budget, and only 49 percent are completed on time. If so many projects overrun budget and are late, we can’t really say, “Good, fast, or cheap—pick two.” Rob Burkett talks about leadership at every level of a team. He shares his insights and stories gleaned from his years of IT and project management experience. Rob speaks to some of the glaring difficulties in the workplace in general and some specifically related to IT delivery and project management. Leave with a clearer understanding of how to communicate with teams and team members, and gain a better understanding of how you can be a leader—up and down your organization.
Resolve the Contradiction of Specialists within Agile TeamsTechWell
As teams grow, organizations often draw a distinction between feature teams, which deliver the visible business value to the user, and component teams, which manage shared work. Steve Berczuk says that this distinction can help organizations be more productive and scale effectively, but he recognizes that not all shared work fits into this model. Some work is best handled by “specialists,” that is people with unique skills. Although teams composed entirely of T-shaped people is ideal, certain skills are hard to come by and are used irregularly across an organization. Since these specialists often need to work closely with teams, rather than working from their own backlog, they don’t fit into the component team model. The use of shared resources presents challenges to the agile planning model. Steve Berczuk shares how teams such as those providing infrastructure services and specialists can fit into a feature+component team model, and how variations such as embedding specialists in a scrum team can both present process challenges and add significant value to both the team and the larger organization.
Pin the Tail on the Metric: A Field-Tested Agile GameTechWell
Metrics don’t have to be a necessary evil. If done right, metrics can help guide us to make better forward-looking decisions, rather than being used for simply managing or monitoring. They can help us identify trade-offs between options for what to do next versus punitive or worse, purely managerial measures. Steve Martin won’t be giving the Top Ten List of field-tested metrics you should use. Instead, in this interactive mini-workshop, he leads you through the critical thinking necessary for you to determine what is right for you to measure. First, Steve explores why you want to measure something—whether it’s for a team, a portfolio, or even an agile transformation. Next, he provides multiple real-life metrics examples to help drive home concepts behind characteristics of good and bad metrics. Finally, Steve shows how to run his field-tested agile game—Pin the Tail on the Metric. Take back this activity to help you guide metrics conversations at your organization.
Agile Performance Holarchy (APH)—A Model for Scaling Agile TeamsTechWell
A hierarchy is an organizational network that has a top and a bottom, and where position is determined by rank, importance, and value. A holarchy is a network that has no top or bottom and where each person’s value derives from his ability, rather than position. As more companies seek the benefits of agile, leaders need to build and sustain delivery capability while scaling agile without introducing unnecessary process and overhead. The Agile Performance Holarchy (APH) is an empirical model for scaling and sustaining agility while continuing to deliver great products. Jeff Dalton designed the APH by drawing from lessons learned observing and assessing hundreds of agile companies and teams. The APH helps implement a holarchy—a system composed of interacting organizational units called holons—centered on a series of performance circles that embody the behaviors of high performing agile organizations. Jeff describes how APH provides guidelines in the areas of leadership, values, teaming, visioning, governing, building, supporting, and engaging within an all-agile organization. Join Jeff to see what the APH is all about and how you can use it in your team and organization.
A Business-First Approach to DevOps ImplementationTechWell
DevOps is a cultural shift aimed at streamlining intergroup communication and improving operational efficiency for development and operations groups. Over time, inclusion of other IT groups under the DevOps umbrella has become the norm for many organizations. But even broadening the boundaries of DevOps, the conversation has been largely devoid of the business units’ place at the table. A common mistake organizations make while going through the DevOps transformation is drawing a line at the IT boundary. If that occurs, a larger, more inclusive silo within the organization is created, operating in an informational vacuum and causing operational inefficiency and goal misalignment. Sharing his experiences working on both sides of the fence, Leon Fayer describes the importance of including business units in order to align technology decisions with business goals. Leon discusses inclusion of business units in existing agile processes, benefits of cross-departmental monitoring, and a business-first approach to technology decisions.
Databases in a Continuous Integration/Delivery ProcessTechWell
DevOps is transforming software development with many organizations adopting lean development practices, implementing continuous integration (CI), and performing regular continuous deployment (CD) to their production environments. However, the database is largely ignored and often seen as a bottleneck in the DevOps process. Steve Jones discusses the challenges of database development and why many developers find the database to be an impediment to the CD process. Steve shares the techniques you can use to fit a database into the DevOps process. Learn how to store database code in a version control system, and the differences between that and application code. Steve demonstrates a CI process with SQL code and uses automated testing frameworks to check the code. Steve then shows how automated releases with manual gates can reduce the stress and risk of database deployments while ensuring consistent, reliable, repeatable releases to QA, UAT, and production.
Mobile Testing: What—and What Not—to AutomateTechWell
Organizations are moving rapidly into mobile technology, which has significantly increased the demand for testing of mobile applications. David Dangs says testers naturally are turning to automation to help ease the workload, increase potential test coverage, and improve testing efficiency. But should you try to automate all things mobile? Unfortunately, the answer is not always clear. Mobile has its own set of complications, compounded by a wide variety of devices and OS platforms. Join David to learn what mobile testing activities are ripe for automation—and those items best left to manual efforts. He describes the various considerations for automating each type of mobile application: mobile web, native app, and hybrid applications. David also covers device-level testing, types of testing, available automation tools, and recommendations for automation effectiveness. Finally, based on his years of mobile testing experience, David provides some tips and tricks to approach mobile automation. Leave with a clear plan for automating your mobile applications.
Cultural Intelligence: A Key Skill for SuccessTechWell
Diversity is becoming the norm in everyday life. However, introducing global delivery models without a proper understanding of intercultural differences can lead to difficulty, frustration, and reduced productivity. Priyanka Sharma and Thena Barry say that in our diverse world, we need teams with people who can cross these boundaries, communicate effectively, and build the diverse networks necessary to avoid problems. We need to learn about cultural intelligence (CI) and cultural quotient (CQ). CI is the ability to relate and work effectively across cultures. CQ is the cognitive, motivational, and behavioral capacity to understand and respond to beliefs, values, attitudes, and behaviors of individuals and groups. Together, CI and CQ can help us build behavioral capacities that aid motivation, behavior, and productivity in teams as well as individuals. Priyanka and Thena show how to build a more culturally intelligent place with tools and techniques from Leading with Cultural Intelligence, as well as content from the Hofstede cultural model. In addition, they illustrate the model with real-life experiences and demonstrate how they adapted in similar circumstances.
Turn the Lights On: A Power Utility Company's Agile TransformationTechWell
Why would a century-old utility with no direct competitors take on the challenge of transforming its entire IT application organization to an agile methodology? In an increasingly interconnected world, the expectations of customers continue to evolve. From smart meters to smart phones, IoT is creating a crisis point for industries not accustomed to rapid change. Glen Morris explains that pizzas can be tracked by the minute and packages at every stop, and customers now expect this same customer service model should exist for all industries—including power. Glen examines how to create momentum and transform non-IT-focused industries to an agile model. If you are struggling with gaining traction in your pursuit of agile within your business, Glen gives you concrete, practical experiences to leverage in your pursuit. Finally, he communicates how to gain buy-in from business partners who have no idea or concern about agile or its methodologies. If your business partners look at you with amusement when you mention the need for a dedicated Product Owner, join Glen as he walks you through the approaches to overcoming agile skepticism.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Test Management for Cloud-based Applications
1. TG
AM Tutorial
4/30/13 8:30AM
Test Management for Cloud-based
Applications
Presented by:
Ruud Teunissen
Polteq Test Services BV
Brought to you by:
340 Corporate Way, Suite 300, Orange Park, FL 32073
888-268-8770 ∙ 904-278-0524 ∙ sqeinfo@sqe.com ∙ www.sqe.com
2. Ruud Teunissen
An international test consultant at Polteq Test Services BV, Ruud Teunissen has performed several test
functions in a number of IT projects: tester, test specialist, test consultant, and test manager. Ruud
participated in the development of the structured testing methodology TMap®—Test Management
Approach. Together with Martin Pol and Erik van Veenendaal, Ruud is coauthor of several books on
structured testing, including Software Testing: A Guide to the TMap® Approach.
3. Test Management for
Cloud Based Applications
Ruud Teunissen
Polteq Test Services BV
The Netherlands
1
5. Develop and Test
Email
Surf
Transfer
redundancy, proliferation
limitations
80% unused
storage claim
environmentally unfriendly
Operate and Manage
Store
5
Develop and Test
Email
Surf
Transfer
SOA
internet technology
virtualization
standard software
Operate and Manage
bandwidth
Store
6
3
7. Question
Please list your top 5 reasons
why you are moving to the
cloud
9
Top 5 Reasons
1
2
3
4
5
10
5
8. Essential characteristics
On-demand service
Self service provisioning, pay-per-use
No human interaction
US: National Institute of Standards and Technology
http://www.nist.gov
Essential characteristics
On-demand service
Broad network access
Standard mechanisms over networks
“Any” client
US: National Institute of Standards and Technology
http://www.nist.gov
6
9. Essential characteristics
On-demand service
Broad network access
Resource pooling
Multi-tenant
Storage, processing, memory, virtual machines, …
Location independent
US: National Institute of Standards and Technology
http://www.nist.gov
Essential characteristics
On-demand service
Broad network access
Resource pooling
Rapid elasticity
Rapid scale in and out
“Any quantity” at any time
US: National Institute of Standards and Technology
http://www.nist.gov
7
10. Essential characteristics
On-demand service
Broad network access
Resource pooling
Rapid elasticity
Measured service
Controlled resource use
Transparency, pay-per-use
US: National Institute of Standards and Technology
http://www.nist.gov
Essential characteristics
On-demand service
Broad network access
Resource pooling
Rapid elasticity
Measured service
Deployment models
– private cloud
– community cloud
– public cloud
– hybrid cloud
Service Models
Software as a Service
Platform as a Service
Infrastructure as a Service
US: National Institute of Standards and Technology
http://www.nist.gov
8
12. What is “done” in the cloud?
<500, SME
>500
Consumer
Public
Private
Hybride
Community
Public
*aaS
IaaS, PaaS, DaaS, SaaS
SaaS
Taas
*aaS
Mail
Storage
Infrastructure
CRM
Finance
Business processes
19
Data Centre
Data Management
Business processes
Surf and mail
Apps
Social media
Dropbox
Google services
Spotify
Picasa
Games
……………
Question – Group Discussion
Please list your top 5 cloud
related risks when you are
moving to the cloud
20
10
15. Performance
Security
The idea:
“it’s safe”
Availability & Continuity
Functionality
Everything over the web
Risks
Manageability
25
Legislation & Regulations
Home ground for
hackers
Suppliers & Outsourcing
Performance
Security
No free choice of
device.
Availability & Continuity
Functionality
Bring Your Own Device
Risks
Manageability
26
Legislation & Regulations
Endless
possibilities.
Suppliers & Outsourcing
13
16. Performance
Taken care of.
Security
Availability & Continuity
Functionality
Backup and recovery
Risks
Manageability
27
Legislation & Regulations
Who will support
me?
Suppliers & Outsourcing
Performance
Security
Planned and
controlled
Availability & Continuity
Functionality
Updates, patches, fixes,
Risks
Manageability
28
Legislation & Regulations
Do I have a
choice?
Suppliers & Outsourcing
14
17. Performance
In house.
Security
Availability & Continuity
Functionality
Where is my data?
And is that OK?
Risks
Manageability
29
Legislation & Regulations
Somewhere
Suppliers & Outsourcing
Performance
Security
Availability & Continuity
Functionality
Risks
Manageability
30
Legislation & Regulations
Suppliers & Outsourcing
15
18. Question – Group Session
Let’s look at the clustered risks
What test measures would you
consider applying?
31
Test Measures
1
2
3
4
5
32
16
19. Testing?
Interview
Check
Trial
Proof of concept
Intake
33
Performance Testing
Security Testing
Manageability Testing
Te s t M e a s u r e s
Te s t M e a s u r e s
Testing during Selection
Availability & Continuity
Testing
Interview
Proof ofProef
concept
Testen
Intake
Functional Testing
Migration Testing
Testing caused by
Legislation & Regulations
34
Testing in Production
17
20. Testing during Selection
Performance Testing
Security
Security Testing
Availability & Continuity
Manageability Testing
Functionality
Te s t M e a s u r e s
Te s t M e a s u r e s
Performance
Availability & Continuity
Testing
Functional Testing
Manageability
Risks
Migration Testing
35
Legislation & Regulations
Suppliers & Outsourcing
Testing in Production
Testing during Selection
Performance Testing
Security
Security Testing
Availability & Continuity
Manageability Testing
Functionality
Te s t M e a s u r e s
Te s t M e a s u r e s
Performance
Testing caused by
Legislation & Regulations
Availability & Continuity
Testing
Functional Testing
Manageability
Risks
Migration Testing
36
Legislation & Regulations
Suppliers & Outsourcing
Testing caused by
Legislation & Regulations
Testing in Production
18
21. Testing during Selection
Performance Testing
Security
Security Testing
Availability & Continuity
Manageability Testing
Functionality
Te s t M e a s u r e s
Te s t M e a s u r e s
Performance
Availability & Continuity
Testing
Functional Testing
Manageability
Risks
Migration Testing
37
Legislation & Regulations
Suppliers & Outsourcing
Testing in Production
Testing during Selection
Performance Testing
Security
Security Testing
Availability & Continuity
Manageability Testing
Architecture
Functionality
Te s t M e a s u r e s
Te s t M e a s u r e s
Performance
Testing caused by
Legislation & Regulations
Availability & Continuity
Testing
Risks
From “individual” risks
Functional Testing
to
Manageability
“individual” test measures
Migration Testing
38
Legislation & Regulations
Suppliers & Outsourcing
Testing caused by
Legislation & Regulations
Testing in Production
19
22. Performance Testing
Selection
Security Testing
Manageability Testing
Implementation
Te s t M e a s u r e s
Te s t M e a s u r e s
Testing during Selection
Availability & Continuity
Testing
Functional Testing
Production
Migration Testing
Testing caused by
Legislation & Regulations
Testing in Production
39
Testing during Selection
Performance Testing
Security
Security Testing
Availability & Continuity
Manageability Testing
Functionality
Te s t M e a s u r e s
Te s t M e a s u r e s
Performance
Availability & Continuity
Testing
Functional Testing
Manageability
Risks
Migration Testing
40
Legislation & Regulations
Suppliers & Outsourcing
Testing caused by
Legislation & Regulations
Testing in Production
20
23. Performance Testing
Security Testing
Manageability Testing
Selection Criteria
Te s t M e a s u r e s
Te s t M e a s u r e s
Testing during Selection
Availability & Continuity
Testing
Functional Testing
Migration Testing
Testing caused by
Legislation & Regulations
41
Testing in Production
Question – Group Session
What criteria will you put on
your list?
42
21
24. Knock Out List
1
2
3
4
5
43
“Inspiration List”
CRITERION
PRIO
Functional
Do the service and the specific business processes align?
Does the service fit well in the E2E business process?
Is the service sufficiently adaptable to specific requirements?
Are many adjustments needed?
Is customization possible
Is (a lot of) customization needed?
Are the required platforms supported?
Are “het nieuwe werken” and BYOD supported sufficiently?
Is it possible to connect / integrate the service with the other
systems?
Are sufficient manuals and/or courses available?
Implementation
Is the impact on current activities acceptable?
Is a feasible route for migration towards the service
available?
44
22
25. “Inspiration List”
CRITERION
PRIO
Support
Are changes in the service announced beforehand?
Are sufficient test facilities available around the service (test
environment, test tooling, testware, access to infrastructure,
…)?
Are there sufficient support facilities?
Is it clear how incidents can be reported?
Are incidents resolved fast enough?
Performance
Are response times low enough?
Is the number of possible simultaneous users high enough?
Is bandwidth sufficient?
Is sufficient potential for growth available?
Is the actual use charged correctly?
45
“Inspiration List”
CRITERION
PRIO
Security
Are adequate authorization and authentication possibilities in
place?
Is the physical security of the service locations sufficient?
Is the support access security of the service sufficient?
Is mutual access security between customers sufficient?
Are data changes traceable?
Is data storage for the service reliable?
Is deleting data in the service reliable?
Is security of the connection to the service sufficient?
Are security options for the customer sufficient?
Does the supplier have security certificates? (for example
SAS 70 type II)?
Availability
Is the level of availability for the service sufficient?
Are back-up / fail-over / disaster-recovery provisions
sufficient?
46
23
26. “Inspiration List”
CRITERION
PRIO
Law and regulations
Does the data location comply to all legal requirements?
Does the data processing comply to all legal requirements?
Do the terms contain parts that are conflicting to the duties
of the customer?
Supplier
Is clear what happens when the contract ends, or in case of
bankruptcy or conflict?
Is a good helpdesk available?
Does the supplier have experience in:
- Offering this particular service?
- Offering services in general?
- Developing services?
- The customer’s field?
- Developing, testing and supporting services (know how)?
Do methods used by supplier align with those of the
customer (if relevant)?
47
“Inspiration List”
CRITERION
Supplier
Is quality assurance arranged?
Is the supplier ahead in its field?
Is the size of the supplier in accordance with the
expectations of the customer?
Does the supplier have a good reputation (are there
references)?
Is providing services the core business of the supplier?
Does the supplier have opportunities for future expansion?
Does the supplier speak the same language?
Is transparency and flexibility of the supplier sufficient?
PRIO
48
24
27. Performance Testing
Security Testing
Manageability Testing
Proof of Concept
Te s t M e a s u r e s
Te s t M e a s u r e s
Testing during Selection
Availability & Continuity
Testing
Functional Testing
Migration Testing
Testing caused by
Legislation & Regulations
Testing in Production
49
Testing during Selection
Performance Testing
Security
Security Testing
Availability & Continuity
Manageability Testing
Functionality
Te s t M e a s u r e s
Te s t M e a s u r e s
Performance
Availability & Continuity
Testing
Functional Testing
Manageability
Risks
Migration Testing
50
Legislation & Regulations
Suppliers & Outsourcing
Testing caused by
Legislation & Regulations
Testing in Production
25
28. Performance Testing
Security Testing
Known measures
tuned and tweaked
Manageability Testing
Te s t M e a s u r e s
Te s t M e a s u r e s
Testing during Selection
Availability & Continuity
Testing
Functional Testing
New measures developed
Migration Testing
Testing caused by
Legislation & Regulations
Testing in Production
51
YOUR
Operational Profile
Performance Testing
Security Testing
Manageability Testing
Load Testing
Te s t M e a s u r e s
Te s t M e a s u r e s
Testing during Selection
Availability & Continuity
Testing
Functional Testing
Migration Testing
YOUR
Operational Profile
PLUS
ACTUAL MOMENT
52
Testing caused by
Legislation & Regulations
Testing in Production
26
29. Performance Testing
Security Testing
Manageability Testing
Online – Offline
Te s t M e a s u r e s
Te s t M e a s u r e s
Testing during Selection
Availability & Continuity
Testing
Functional Testing
Migration Testing
Use case testing.
Global testing.
53
Testing caused by
Legislation & Regulations
Testing in Production
Multiplatform
testing.
Performance Testing
Security Testing
Manageability Testing
Any device – any platform
Te s t M e a s u r e s
Te s t M e a s u r e s
Testing during Selection
Availability & Continuity
Testing
Functional Testing
Migration Testing
Multiplatform
testing.
54
Testing caused by
Legislation & Regulations
Testing in Production
27
30. Internet Explorer 6
Windows XP
Internet Explorer 7
Windows Vista
Internet Explorer 8
Windows 7
Firefox 3.5
Windows 2003 server
Firefox 3.6
Browsers
Windows 8
Firefox 4
Safari 4
Windows CE
Safari 5
Linux
Operating Systems
Chrome11
Unix
Opera11
Multiplatform
Mac OS Lion
PC
Mac OS Snowleopard
SUN
Computer
iOS
Macintosh
Android
iPhone ..
Windows Mobile
Samsung
Devices
NOKIA
Mobile
Xxx
ASUS..
Blackberry
Tablet
MOTOROLA
Xxx
55
Multiplatform
testing.
Performance Testing
Security Testing
Manageability Testing
Any device – any platform
Te s t M e a s u r e s
Te s t M e a s u r e s
Testing during Selection
Availability & Continuity
Testing
Functional Testing
Migration Testing
Multiplatform
testing.
56
Testing caused by
Legislation & Regulations
Testing in Production
28
31. Incidental testing.
Performance Testing
Security Testing
Legislation + Regulations
=
Test basis
Manageability Testing
Te s t M e a s u r e s
Te s t M e a s u r e s
Testing during Selection
Availability & Continuity
Testing
Functional Testing
Migration Testing
Testing caused by
Legislation & Regulations
Compliancy testing.
Testing in Production
57
Testing during Selection
Performance Testing
Security
Security Testing
Availability & Continuity
Manageability Testing
Functionality
Te s t M e a s u r e s
Te s t M e a s u r e s
Performance
Availability & Continuity
Testing
Functional Testing
Manageability
Risks
Migration Testing
58
Legislation & Regulations
Suppliers & Outsourcing
Testing caused by
Legislation & Regulations
Testing in Production
29
32. Performance Testing
Continuous
End-to-End Test
Security Testing
Manageability Testing
Te s t M e a s u r e s
Te s t M e a s u r e s
Testing during Selection
Availability & Continuity
Testing
Functionals
and
non-functionals
Functional Testing
Migration Testing
Testing caused by
Legislation & Regulations
59
Testing in Production
Question – Group Session
What would you like to
(continue) test(ing) in
production?
And why?
60
30
33. Testing in production
1
2
3
4
5
61
Testing in production?
• Continuity in case of
–
–
–
–
–
–
changes
changes
growth
changes
changes
changes
in the service
at the supplier
in the business process
in connected resources
in the internet
• Measuring guarantees
– Avalaibility
– Scalability
- Performance
- Security
• Evaluate original selection criteria
62
31
34. Production - Continuous End-to-End test
• Mechanism for Detection
– Important in an ever changing world
• Functionals and non-functionals
63
Standards
Cyber crime
Check
Continuity
Interview
Privacy
Legislation
Proof of concept
Trial
Multi platform
Intake
Impact organisation
32
35. Testing during Selection
Performance Testing
Security
Security Testing
Availability & Continuity
Manageability Testing
Te s t M e a s u r e s
Te s t M e a s u r e s
Performance
Availability
Test starts earlier & Continuity
Testing
Test scope is widened
Test will never Functional Testing
stop
Manageability
Functionality
Risks
Migration Testing
65
Legislation & Regulations
Suppliers & Outsourcing
Testing in Production
Testing during Selection
Performance Testing
Security
Security Testing
Availability & Continuity
Manageability Testing
Functionality
Te s t M e a s u r e s
Te s t M e a s u r e s
Performance
Testing caused by
Legislation & Regulations
Availability & Continuity
Testing
Questions?
Functional Testing
Manageability
Risks
Migration Testing
66
Legislation & Regulations
Suppliers & Outsourcing
Testing caused by
Legislation & Regulations
Testing in Production
33
36. Testing during Selection
Performance Testing
Security
Security Testing
Availability & Continuity
Manageability Testing
Functionality
Te s t M e a s u r e s
Te s t M e a s u r e s
Performance
Availability & Continuity
Testing
Thank you!
Functional Testing
Manageability
Risks
Migration Testing
67
Legislation & Regulations
Suppliers & Outsourcing
Testing caused by
Legislation & Regulations
Testing in Production
About the speaker
Ruud Teunissen
Polteq Test Services, The Netherlands
ruud.teunissen@polteq.com - http://www.polteq.com
In the testing world since 1989, Ruud Teunissen has held
numerous test functions in different organizations and
projects: tester, test specialist, test consultant, test manager,
etcetera. Ruud is co-author of several books on software
testing and is a frequent speaker at (inter)national
conferences and workshops. He was a member of the
program committee for Quality Week Europe and EuroSTAR.
Ruud is currently Senior Test Consultant at Polteq Test
Services BV and responsible for the quality of Polteq
services and assignments.
68
34