The automation break up: saying goodbye to full stack tests with task analysis

•Download as PPTX, PDF•

3 likes•309 views

Slides for the Selenium Conference London 2019 talk. The automation break-up: saying goodbye to full-stack tests with task analysis.

Technology

Automation in Testing - © Mark Winteringham - 2019Automation in Testing - © Mark Winteringham - 2019
The automation
‘breakup’
Saying goodbye to full stack tests with task analysis
Mark Winteringham
@2bittester

Automation in Testing - © Mark Winteringham - 2019Automation in Testing - © Mark Winteringham - 2019
How do we know if a
check is valuable?

Automation in Testing - © Mark Winteringham - 2019
User can log into an
application

Automation in Testing - © Mark Winteringham - 2019
Targeted?

Automation in Testing - © Mark Winteringham - 2019
Reliable?

Automation in Testing - © Mark Winteringham - 2019
Informative?

Automation in Testing - © Mark Winteringham - 2019
Maintainable?

Automation in Testing - © Mark Winteringham - 2019
Speedy?

Automation in Testing - © Mark Winteringham - 2019

Automation in Testing - © Mark Winteringham - 2019Automation in Testing - © Mark Winteringham - 2019
How do we identify and
implement valuable
checks?

Automation in Testing - © Mark Winteringham - 2019Automation in Testing - © Mark Winteringham - 2019
TASK ANALYSIS!

Automation in Testing - © Mark Winteringham - 2019
www.thunderboltkids.co.za

Automation in Testing - © Mark Winteringham - 2019
UI
JS
API
SVC
Click login
link
Build
login page
Interact
with Login
Send credentials
to Auth API
Parse
credential
s
Check credentials /
Create token
Send token
Flag as
logged in
Render
room comp.
View
rooms
Successful
login flow
Initial state:
• Single page app code loaded into browser
• Current state is not logged in Triggers
Seam /
LayerAction
Key:
JS/HTML
HTTP
JAVA
USER

Automation in Testing - © Mark Winteringham - 2019Automation in Testing - © Mark Winteringham - 2019
Risk analysis

Automation in Testing - © Mark Winteringham - 2019
Parse
credential
s
UI
JS
API
SVC
Click login
link
Build
login page
Interact
with Login
Send credentials
to Auth API
Check credentials /
Create token
Flag as
logged in
View
rooms
Successful
login flow Triggers
Seam /
LayerAction
Key:
JS/HTML
HTTP
JAVA
Send token
USER
🔎
Initial state:
• Single page app code loaded into browser
• Current state is not logged in
Check form is
rendered correctly
Visual check
🤖
Render
room comp.

Automation in Testing - © Mark Winteringham - 2019
UI
JS
API
SVC
Click login
link
Build
login page
Interact
with Login
Send credentials
to Auth API
Check credentials /
Create token
Flag as
logged in
View
rooms
Successful
login flow Triggers
Seam /
LayerAction
Key:
JS/HTML
HTTP
JAVA
Parse
credential
s
Send token
🤖 🔎
Initial state:
• Single page app code loaded into browser
• Current state is not logged in
Check API handles
request and response
correctly
API check
USER
Render
room comp.

Automation in Testing - © Mark Winteringham - 2019
Visual checks
Check form is
rendered
correctly
JavaScript unit
checks
Backend unit checks Backend API checks
Full stack smoke
check
Check API
handles request
and response
correctly
Check login page
HTML is correct
Check token is
created correctly

Automation in Testing - © Mark Winteringham - 2019Automation in Testing - © Mark Winteringham - 2019
In Summary

Automation in Testing - © Mark Winteringham - 2019
Are your checks TRIMS?
Apply task analysis
Use task analysis to identify targeted checks
Connect checks in a ‘chain of trust’

Automation in Testing - © Mark Winteringham - 2019
Mark Winteringham
@2bittester
www.mwtestconsultancy.co.uk
www.automationintesting.com
github.com/mwinteringham/restful-booker-platform

APIs are everywhere today and can be a great building block of modern applications. But all too often APIs are not truly great. Rather than love your API, developers curse it. How can you avoid that fate? In this session we'll look at the most common mistakes API providers make and you can avoid making them too. Do you offer a bad developer experience (DX)? Poor, inconsistent API design? Unreliable services? This talk is a deep dive on not just what to avoid but what to do instead. And you'll leave knowing how to get developers to love your API, not hate it.

Product Led Growth: The Rise of the User

OpenView

Making Continuous Security a Reality with OWASP’s AppSec Pipeline - Matt Tesa...

Matt Tesauro

You’ve probably heard many talks about DevSecOps and continuous security testing but how many provided the tools needed to actually start that testing? This talk does exactly that. It provides an overview of the open source AppSec Pipeline tool which has been used in real world companies to do real security work. Beyond a stand alone tool, the OWASP AppSec Pipeline provides numerous docker containers ready to automate, a specification to customize with the ability to create your own implementation and references to get you started. The talk will also cover how to add an AppSec Pipeline to your team’s arsenal and provide example templates of how best to run the automated tools provided. Finally, we’ll briefly cover using OWASP Defect Dojo to store and curate the issues found by your AppSec Pipeline. The goal of this talk is to share the field-tested methods of two AppSec professionals with nearly 20 years of experience between them. If you want to start your DevSecOps journey by continuously testing rather then hear about it, this talk is for you.

Agile Requirements Decomposition

Rick Austin

Implement API Gateway using Azure API Management

Alexander Laysha

API-centric architecture is very popular in IT world because of their value in achievement of new business goals, extending of trade channels and business offerings. But as usual nothing is free and this kind of architecture requires solid instrument for management of APIs in terms of limits & quotas, combining of APIs to business offerings, security, usage analytics, etc. During this presentation you’ll learn production experience on implementation of API Gateway using Azure API Management.

API Developer Experience: Why it Matters, and How Documenting Your API with S...

SmartBear

Whether you’re new to Swagger, or have already been using the framework for API design, there’s a good chance you still have questions about how to improve your API documentation. Creating API documentation your consumers will love can take some work, but the investment will have a significant payoff in the form of a great developer experience, easier implementation, and improved adoption of your API. This presentation covers good developer experience in detail, focusing on why and how to provide an optimal experience for developers using your API. We will also cover how Swagger has changed the API design and documentation landscape, and finally show some good practices for API documentation using Swagger in SwaggerHub’s integrated API development platform. Things to expect in this webinar: What is Developer Experience (DX)? What does it mean for an API to have good DX? API documentation in the context of good DX? An introduction to the Swagger framework Designing APIs from a usability perspective using Swagger and SwaggerHub

Building APIs is not just about technology. APIs enable many new business opportunities, but only if done correctly. Enter API Management platforms to provide the building blocks behind a successful API program. As a result of lucrative opportunities, many Software vendors have emerged or pivoted from their SOA management roots to provide API Management capabilities. In this session, Kent will introduce you to Microsoft’s Azure API Management platform by providing an overview that highlights its capabilities and the opportunities that emerge for organizations. As part of this presentation, Kent will demonstrate how developers can create their first API and discuss strategies for transforming existing services to leverage Azure API Management. This presentation will consist of general guidance on API Management, an Azure API Management portal walk-through and demos that re-enforce the concepts that were introduced.

Developer Experience (DX) for UX Professionals

Ian Jennings

Ian Jennings presents at the Austin UXPA meetup on November 12, 2019 at Visa. Developer Experience (DX) is the equivalent to User Experience (UX) when the user of the software or system is a developer. Sure, the science is the same, but this talk will teach you why developer experience is gaining traction as a new field. Between APIs, SDKs, code, documentation, demos, CLIs, tutorials, and developer portals, DX is a whole new beast. Learn about the emergence of Developer Experience, the similarities and differences between UX an DX, and the tools you need to apply your UX experience toward the field of DX. Speaker Bio: Ian Jennings is the founder of Haxor, a developer experience testing platform based in Austin TX. Haxor tests and measures APIs, SDKs, and developer products with on-demand feedback from real developers. Previously Ian co-founded developer meetup platform Hacker League (acquired by Mashery and Intel) before spending 6 years at PubNub establishing their developer experience strategy. He also operates DevPort, a developer portfolio site populated by thousands of developers.

API as-a-Product with Azure API Management (APIM)

Bishoy Demian

Transitions from a single App or a closed system to an open ecosystem that drives innovation and delivers value-add Apps and services for your end-users. Monetise your data with minimal hassle & cost. Reach your end-users on any platform. Enable your IoT strategy with a strong cloud-based API platform. Using Azure API Management, you can build a modern interactive developer portal for your APIs. Learn about your API usage patterns with analytics. Secure access, and manage subscriptions with quotas and throttling.

API Security Lifecycle

Apigee | Google Cloud

Azure API Management

Daniel Toomey

OWASP Top Ten API Project 2019

Fernando Galves

Peeling the Onion: Making Sense of the Layers of API Security

Matt Tesauro

APIs are everywhere. Any business with a mobile app, modern web apps (SPAs), using the cloud, doing a digital transformation, integrating with business partners, running microservices or using kubernetes has APIs. There's a good foundation of AppSec knowledge out there - thanks in part to OWASP but API Security isn't exactly the same as AppSec. Additional complexity is part of the landscape with multiple competing API technologies like REST, gRPC and GraphQL plus stakeholders spread across multiple parts of the business. How to do you make sense of API Security landscape? This talk will cover the three fundamental areas to consider, the various chess pieces and the many ways those pieces can be put on your API chessboard. The goal is for you to leave knowing how to map out your API Security landscape and reach a state of solid API Security.

Tips for Building a Compelling Product Vision by Amazon Sr PM

Product School

What the heck is Product-led Growth?

OpenView

Not just another buzzword…product-led growth is an important go-to-market strategy that underpins some of today’s most successful businesses. Think Dropbox, Slack, Intercom, Expensify and Datadog. At OpenView, we define product-led growth (PLG) as a strategy that puts the product front and center when it comes to how a company acquires, expands and retains customers. Relying on a product-led strategy yields rapid, extremely efficient growth. Although similar to a freemium approach, a product-led growth strategy doesn’t actually require that you offer your product for free. It does however necessitate an amazing product and customer experience. In fact, PLG companies make it frictionless for users to start using their products. They deliver value extremely quickly and target users rather than buyers.

Brian Balfour: Building A Growth Machine

Heavybit

Kuala Lumpur CTO Summit - How to fire employees

Eric Tachibana

User Stories

Tathagat Varma

Lessons from DevOps: Taking DevOps practices into your AppSec Life

Matt Tesauro

Bruce Lee once said “Don’t get set into one form, adapt it and build your own, and let it grow, be like water“. AppSec needs to look beyond itself for answers to solving problems since we live in a world of every increasing numbers of apps. Technology and apps have invaded our lives, so how to you lead a security counter-insurgency? One way is to look at the key tenants of DevOps and apply those that make sense to your approach to AppSec. Something has to change as the application landscape is already changing around us.

API Management in Digital Transformation

Aditya Thatte

API Monetization

Capgemini

Building a Lean Startup

Ash Maurya

API Security - Everything You Need to Know To Protect Your APIs

AaronLieberman5

With more APIs in circulation than ever before, there has been a direct correlation to the number of API abuses reported across industries. This is because APIs are such a valuable asset to bad actors, but many organizations have not yet woken up to the realities of the need to protect their APIs from abuse. If you couple that with the fact that attacks on APIs have become more sophisticated, with some attackers even using AI themselves, then you can see why even some of the more security-conscious organizations can have trouble properly securing their APIs. A robust API Security posture can be broken down into several areas including: Proper design and coding during the development process API governance and compliance through visibility of all your APIs (shadow too!) and a mapping of how they connect to each other. General application and API protection from tools such as API gateways, WAFs, NG-WAF, and RASPS An always-updating understanding of your user behaviors regarding your APIs. You won’t have comprehensive API security without solutions in each of these areas. We will also discuss: The roles of API developers, infosec, support, and enterprise architects as it relates to API security Microservices role in making it difficult to secure your APIs The importance of inventorying your APIs How technologies like Traceable can help protect your APIs against advanced attacks Key takeaways: Why your API's are a key attack surface for modern bad actors Why APi's are so much harder to secure than traditional web traffic What's necessary to secure your APIs Why yesterday's solutions can't solve today's new API security challenges

WSO2 API Platform: Vision and Roadmap

WSO2

To view recording of this webinar please use the below URL: http://wso2.com/library/webinars/2015/08/wso2-api-platform-vision-and-roadmap/ WSO2 API platform adopters are driving digital business and creating innovative business models. API platforms create a secure, self-service, managed, and monetized environment that increases safe connected business interactions. In this presentation, Chris and Shiro will describe: Key goals and challenges driving API platform adoption WSO2 API Platform capabilities and advantages Visionary platform use cases Innovative customer success stories

Five Ways to Automate API Testing with Postman

Postman

You know it’s the right thing to automate testing, workflows, and tedious processes. Automation saves you time, reduces errors, and allows your team to work more quickly. But where do you get started? This talk covers five ways to automate API testing, which can then be applied to any API workflows. Learn about testing as part of your CI/CD pipeline, uptime monitoring, and other APIOps practices.

2022 APIsecure_Shift Left API Security - The Right Way

APIsecure_ Official

[WSO2 Integration Summit Nairobi 2019] Identity and Access Management in an A...

WSO2

[WSO2 Integration Summit Johannesburg 2019] Identity and Access Management in...

WSO2

What's hot

API Management Part 1 - An Introduction to Azure API Management

BizTalk360

Developer Experience (DX) for UX Professionals

Ian Jennings

API as-a-Product with Azure API Management (APIM)

Bishoy Demian

API Security Lifecycle

Apigee | Google Cloud

Azure API Management

Daniel Toomey

OWASP Top Ten API Project 2019

Fernando Galves

Peeling the Onion: Making Sense of the Layers of API Security

Matt Tesauro

Tips for Building a Compelling Product Vision by Amazon Sr PM

Product School

What the heck is Product-led Growth?

OpenView

Brian Balfour: Building A Growth Machine

Heavybit

Kuala Lumpur CTO Summit - How to fire employees

Eric Tachibana

User Stories

Tathagat Varma

Lessons from DevOps: Taking DevOps practices into your AppSec Life

Matt Tesauro

API Management in Digital Transformation

Aditya Thatte

API Monetization

Capgemini

Building a Lean Startup

Ash Maurya

API Security - Everything You Need to Know To Protect Your APIs

AaronLieberman5

WSO2 API Platform: Vision and Roadmap

WSO2

Five Ways to Automate API Testing with Postman

Postman

2022 APIsecure_Shift Left API Security - The Right Way

APIsecure_ Official

What's hot (20)

API Management Part 1 - An Introduction to Azure API Management

Developer Experience (DX) for UX Professionals

API as-a-Product with Azure API Management (APIM)

API Security Lifecycle

Azure API Management

OWASP Top Ten API Project 2019

Peeling the Onion: Making Sense of the Layers of API Security

Tips for Building a Compelling Product Vision by Amazon Sr PM

What the heck is Product-led Growth?

Brian Balfour: Building A Growth Machine

Kuala Lumpur CTO Summit - How to fire employees

User Stories

Lessons from DevOps: Taking DevOps practices into your AppSec Life

API Management in Digital Transformation

API Monetization

Building a Lean Startup

API Security - Everything You Need to Know To Protect Your APIs

WSO2 API Platform: Vision and Roadmap

Five Ways to Automate API Testing with Postman

2022 APIsecure_Shift Left API Security - The Right Way

Similar to The automation break up: saying goodbye to full stack tests with task analysis

[WSO2 Integration Summit Nairobi 2019] Identity and Access Management in an A...

WSO2

[WSO2 Integration Summit Johannesburg 2019] Identity and Access Management in...

WSO2

[WSO2 Integration Summit Madrid 2019] Identity and Access Management in an AP...

WSO2

[WSO2 Integration Summit Stuttgart 2019] Identity and Access Management in an...

WSO2

WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - IAM in an API Driven ...

Yenlo

[WSO2 API Day Chicago 2019] Sustainable Competitive Advantage

WSO2

Sustainable competitive advantage, while once a necessary part of any strategy, is now increasingly obsolete for most firms. The new path to winning means capturing opportunities quickly and exploiting them decisively. It's all about learning to thrive in a transient advantage economy. Transient advantage is the central thesis of Rita McGrath's recent book on competitive advantage. These principles are especially relevant for agile companies that pursue digital-first business models. Quinnox has adopted this philosophy for its clients and its own business where we believe enterprise integration driven by API's is the bridge to digital transformation, speed to market, and frequency to market.

[WSO2 Summit Sydney 2019] Identity and Access Management in an API-driven World

WSO2

Takeaways from API Security Breaches Webinar

CA API Management

Examining today's biggest API breaches to mitigate API security vulnerabilities Data breaches have become the top news story. And APIs are quickly becoming the hacker's new favorite attack vector. They offer a direct path to critical information and business services that can be easily stolen or disrupted. And your private APIs can be exploited just as easily as a public API. So what measures can you take to strengthen your security position? This webinar explores recent API data breaches, the top API security vulnerabilities that are most impactful to today's enterprise and the protective measures that need to be taken to mitigate API and business exposure. You Will Learn -Recent breaches in the news involving APIs -Top attacks that compromise your business -Mitigating steps to protect your business from attacks and unauthorized access -API Management solutions that both enable and protect your business Learn about API Security at http://www.ca.com/api

How to avoid Java and .Net Application Performance Issues using Business Tran...

eG Innovations

Most APM tools offer user experience monitoring and transaction tracing capabilities, however APM by itself may not enable you to isolate performance issues across an entire digital business service ecosystem. View this webinar by John Worthington, Director of Product Marketing with eG Innovations, as he describes how real user monitoring and transaction tracing can be part of a unified monitoring strategy that leverages converged application (APM) and infrastructure (IPM) performance monitoring. In this informative session, you will learn how: - Business transaction tracing works to deliver code-level visibility, and why it is important for diagnosing web application slowdowns - The convergence of APM and IPM can provide holistic visibility and performance analysis of end-user experience, business transactions, application code, and infrastructure dependencies – all from a single pane of glass - A unified view of the application environment allows line of business owners and IT admins to easily isolate the root cause of issues You can learn how to ensure peak performance of your business-critical applications through development, testing, pre-production, and production roll out.

Continuous Testing vs Test Automation Share on Facebook Share on LinkedIn Sha...

DevOps.com

The past few years have brought a sea change in the way applications are architected, developed, and consumed—increasing both the complexity of testing and the business impact of software failures. How can the DevTest community keep pace with modern application delivery, given the trends that impact both architectures (cloud, microservices, and APIs) and processes (DevOps, agile, and continuous delivery)? This is where continuous testing comes in. Watch this webinar to discover why and how continuous testing is different from traditional test automation. You will learn: The three main differences between continuous testing and test automation Where traditional test automation falls short in modern development and delivery processes What’s needed to address each of the three key elements of continuous testing

Creating a Machine Learning Factory

Amazon Web Services

Going from a hypothesis to a working machine learning model that infers answers in production requires a lot of time and effort. Moreover, the ability to answer questions related to specific results—such as, “what version of the code and data produced a particular inference?”—is paramount in highly regulated industries such as Financial Services. Modern development practices like continuous integration and deployment can accelerate the machine learning development process and provide a way to answer questions about data lineage. During this talk, you will learn how to combine Amazon SageMaker (a fully managed service that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale) with Amazon CodeCommit, CodeBuild, and CodePipeline to create a pipeline that automatically triggers changes when either your model code or training data changes. Presenter: Felix Candelario, Principal Global Account Solutions Architect, AWS

IRJET- Agriculture Business to Business Website

IRJET Journal

A perspective on web testingsivaprasanth rentala

Eradicate Flaky Tests

Anand Bagmar

Fraud detection using machine learning with Amazon SageMaker - AIM306 - New Y...

Amazon Web Services

Fraud is a serious problem that can cost businesses billions of dollars annually and damage customer trust. Machine learning (ML) can provide flexible approach to fraud detection. ML models do not use pre-defined rules to determine whether activity is fraudulent. Instead, they are trained to recognize fraud patterns in datasets, and the models are self-learning, which enables them to adapt to new, unknown fraud patterns. In this session, we dive deep into a solution that automates the detection of potentially fraudulent activity and flags that activity for review. We discuss the architecture of the solution using Amazon SageMaker and other AWS services to provide an easy-to-deploy, end-to-end solution for fraud detection.

Navigating Identity and Access Management in the Modern Enterprise

WSO2

Key topics covered: - Understanding the basics of IAM and its significance in the modern enterprise. IAM in a platformless environment - Tackling real-world issues like prioritizing frictionless yet secure user access, securing high-value APIs, integrating to business, compliance, and adapting to cloud native environments with scalable solutions - Practical demonstrations of how WSO2 products can be instrumental in deploying efficient IAM solutions - Preparing for upcoming trends and innovations in identity management

Competitive EDGE - Data Driven Differentiation

Akamai Technologies

Data Driven Competitive Differentiation "Why would customers choose you?" We all need to answer this critical question for our businesses as in today’s digital economy customers have endless choices. User Experience is one of the key pillars of competitive differentiation and brand recognition to enable you to acquire new customers and retain the existing ones as they all turn to business who make it fast, seamless and engaging for them. "Real time Data" plays a crucial role in understanding what your user's are experiencing in real time and using it to drive positive business outcomes. But more often than not we are buried under piles of siloed data but hardly any actionable information. Join us as we share how our customers are achieving their goals by understanding the relationship between Performance and Business.

AlertSite Slideshow at Web 2.0 Expo 2009

AlertSite

AlertSite Slideshow for the Booth at Web 2.0 Expo 2009

AlertSite

Similar to The automation break up: saying goodbye to full stack tests with task analysis (20)

[WSO2 Integration Summit Nairobi 2019] Identity and Access Management in an A...

[WSO2 Integration Summit Johannesburg 2019] Identity and Access Management in...

[WSO2 Integration Summit Madrid 2019] Identity and Access Management in an AP...

[WSO2 Integration Summit Stuttgart 2019] Identity and Access Management in an...

WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - IAM in an API Driven ...

[WSO2 API Day Chicago 2019] Sustainable Competitive Advantage

[WSO2 Summit Sydney 2019] Identity and Access Management in an API-driven World

Takeaways from API Security Breaches Webinar

How to avoid Java and .Net Application Performance Issues using Business Tran...

Continuous Testing vs Test Automation Share on Facebook Share on LinkedIn Sha...

Creating a Machine Learning Factory

IRJET- Agriculture Business to Business Website

A perspective on web testing

Eradicate Flaky Tests

Fraud detection using machine learning with Amazon SageMaker - AIM306 - New Y...

Navigating Identity and Access Management in the Modern Enterprise

Competitive EDGE - Data Driven Differentiation

AlertSite Slideshow at Web 2.0 Expo 2009

AlertSite Slideshow for the Booth at Web 2.0 Expo 2009

Recently uploaded

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

A tale of scale & speed: How the US Navy is enabling software delivery from l...

sonjaschweigert1

Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved: - Reduction in onboarding time from 5 weeks to 1 day - Improved developer experience and productivity through actionable findings and reduction of false positives - Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO) Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production. We will cover: - How to remove silos in DevSecOps - How to build efficient development pipeline roles and component templates - How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence) - How to streamline operations with automated policy checks on container images

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

DevOps and Testing slides at DASA Connect

Kari Kakkonen

Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™

UiPathCommunity

In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni. 📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath: Autopilot per Studio Web Autopilot per Studio Autopilot per Apps Clipboard AI GenAI applicata alla Document Understanding 👨‍🏫👨‍💻 Speakers: Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath Andrei Tasca, RPA Solutions Team Lead @NTT Data

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

Recently uploaded (20)

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

How world-class product teams are winning in the AI era by CEO and Founder, P...

Elizabeth Buie - Older adults: Are we really designing for our future selves?

PCI PIN Basics Webinar from the Controlcase Team

UiPath Test Automation using UiPath Test Suite series, part 3

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

Monitoring Java Application Security with JDK Tools and JFR Events

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

A tale of scale & speed: How the US Navy is enabling software delivery from l...

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Essentials of Automations: Optimizing FME Workflows with Parameters

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

DevOps and Testing slides at DASA Connect

Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™

Leading Change strategies and insights for effective change management pdf 1.pdf

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Securing your Kubernetes cluster_ a step-by-step guide to success !

The automation break up: saying goodbye to full stack tests with task analysis

1. Automation in Testing - © Mark Winteringham - 2019Automation in Testing - © Mark Winteringham - 2019 The automation ‘breakup’ Saying goodbye to full stack tests with task analysis Mark Winteringham @2bittester

2. Automation in Testing - © Mark Winteringham - 2019Automation in Testing - © Mark Winteringham - 2019 How do we know if a check is valuable?

10. Automation in Testing - © Mark Winteringham - 2019Automation in Testing - © Mark Winteringham - 2019 How do we identify and implement valuable checks?

13. Automation in Testing - © Mark Winteringham - 2019 UI JS API SVC Click login link Build login page Interact with Login Send credentials to Auth API Parse credential s Check credentials / Create token Send token Flag as logged in Render room comp. View rooms Successful login flow Initial state: • Single page app code loaded into browser • Current state is not logged in Triggers Seam / LayerAction Key: JS/HTML HTTP JAVA USER

15. Automation in Testing - © Mark Winteringham - 2019 Parse credential s UI JS API SVC Click login link Build login page Interact with Login Send credentials to Auth API Check credentials / Create token Flag as logged in View rooms Successful login flow Triggers Seam / LayerAction Key: JS/HTML HTTP JAVA Send token USER 🔎 Initial state: • Single page app code loaded into browser • Current state is not logged in Check form is rendered correctly Visual check 🤖 Render room comp.

16. Automation in Testing - © Mark Winteringham - 2019 UI JS API SVC Click login link Build login page Interact with Login Send credentials to Auth API Check credentials / Create token Flag as logged in View rooms Successful login flow Triggers Seam / LayerAction Key: JS/HTML HTTP JAVA Parse credential s Send token 🤖 🔎 Initial state: • Single page app code loaded into browser • Current state is not logged in Check API handles request and response correctly API check USER Render room comp.

17. Automation in Testing - © Mark Winteringham - 2019 Parse credential s UI JS API SVC Click login link Build login page Interact with Login Send credentials to Auth API Check credentials / Create token Flag as logged in View rooms Successful login flow Triggers Seam / LayerAction Key: JS/HTML HTTP JAVA Send token Render room comp. 🤖 🔎 Initial state: • Single page app code loaded into browser • Current state is not logged in Check token is created correctly Unit check USER

18. Automation in Testing - © Mark Winteringham - 2019 Parse credential s UI JS API SVC Click login link Build login page Interact with Login Send credentials to Auth API Check credentials / Create token Flag as logged in View rooms Successful login flow Triggers Seam / LayerAction Key: JS/HTML HTTP JAVA Send token 🤖 🔎 Initial state: • Single page app code loaded into browser • Current state is not logged in Check login page HTML is correct Unit check USER Render room comp.

19. Automation in Testing - © Mark Winteringham - 2019 Visual checks Check form is rendered correctly JavaScript unit checks Backend unit checks Backend API checks Full stack smoke check Check API handles request and response correctly Check login page HTML is correct Check token is created correctly

21. Automation in Testing - © Mark Winteringham - 2019 Are your checks TRIMS? Apply task analysis Use task analysis to identify targeted checks Connect checks in a ‘chain of trust’

22. Automation in Testing - © Mark Winteringham - 2019 Mark Winteringham @2bittester www.mwtestconsultancy.co.uk www.automationintesting.com github.com/mwinteringham/restful-booker-platform

Editor's Notes

In this talk I am going to explore two questions: How do we know if a check is valuable How do we identify and implement valuable checks
So let’s start by working out whether a check is valuable or not. To demonstrate this we’re going to look at an End-to-end, full stack, UI driven, whatever you call it, check. So let’s take a look at our check in action…
To demonstrate how we can use Trims to analyse a check, I’ve created an automated check that follows a typical pattern. It’s designed to check that a user can log into an application so let’s see it in action Demo and run End-to-End check
So let’s analyse that E2E check Is it targeted? Not really. The check is doing everything on the UI layer, meaning if the intention is to check behavior in the backend it’s using the furthest layer from that implementations
Is it reliable? Perhaps. This will be heavily influenced by the state of the application under test BUT this check is working against a complex system with many moving parts of which any one could fail on us. Although that maybe desirable.
Is it informative? Let’s say something in the backend breaks causing our check to fail because it cannot find a specific element. That information is shallow at best and misleading at worst, meaning that it’s going to take considerable time to debug and react to. A risk can have many ways to impact a user
Is it maintainable? Depends on how it was developed, if we are to assume that this check uses page object models, data builder patterns and DRY practices then we could say we’re happy that it’s maintanable
Is it Speedy? Remember speed isn’t just time to run, but time to react to as well. Given that it’s not targeted and not very informative, then it’s fair to say that the feedback loop is going to be slow as we wade through the application and test code to work out what is exactly going on.
We cannot rely on the scope of information from a check, but we can rely on checks if they are: Targeted Reliable Informative Maintainable Or have Speed Speed is not just how fast it runs, but how quickly we can process information and act upon it Lots of small checks that follow those valuable attributes will help us build a picture differently to how we test as humans but hopefully bring us to the same conclusion
So it’s fair to say that that check isn’t up to muster. One of the main issues is that it’s trying to check multiple impacts
What is task analysis? AiT is influenced by Rob Sabourin’s work on Task Analysis Breaking down a task into it’s component parts for analysis Cup of tea example
Let’s see an example Show task analysis model and highlight Left hand side requires some knowledge of the system, but it can vary based on your knowledge Your first iteration could literally be frontend – backend We use task analysis to break down the different events that make up feature that our original risk is focused on So we have points on our model that represent each activity the system does Each action is an opportunity for a targeted check on that section And each action has it’s own inherent risks that may matter to us Finally the lines that cross boundaries between systems are integration risks to check for
So it’s fair to say that that check isn’t up to muster. One of the main issues is that it’s trying to check multiple impacts
This flow successfully captures the areas that could impact our application and realise the risk that a user can’t login. We can use that knowledge to identify targeted checks
This flow successfully captures the areas that could impact our application and realise the risk that a user can’t login. We can use that knowledge to identify targeted checks
This flow successfully captures the areas that could impact our application and realise the risk that a user can’t login. We can use that knowledge to identify targeted checks
This flow successfully captures the areas that could impact our application and realise the risk that a user can’t login. We can use that knowledge to identify targeted checks
So it’s fair to say that that check isn’t up to muster. One of the main issues is that it’s trying to check multiple impacts
In summary Review checks and ask yourself are they TRIMS Break down unwieldy checks by applying task analysis to the system flow that is being covered Use the results of task analysis to determine checks that are more TRIMS Once you have checks in many different points build a ‘chain of trust’ by running them in a pipeline Task analysis can help identify dependencies for mocking

The automation break up: saying goodbye to full stack tests with task analysis

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to The automation break up: saying goodbye to full stack tests with task analysis

Similar to The automation break up: saying goodbye to full stack tests with task analysis (20)

Recently uploaded

Recently uploaded (20)

The automation break up: saying goodbye to full stack tests with task analysis

Editor's Notes