I attended the Tabara de Testare testing group on 3rd February 2015 to present "Lessons Learned When Automating. A live stream from UK to Romania.
http://compendiumdev.co.uk/page/tabaradetestare201602
I've been asked some very challenging questions about lessons learned, and how decisions are made during the process of automating and performing technical testing. In this webinar I'm going to answer them based on my experience. We'll discus how we know 'what to automate' which means we have to split our analysis into 'detection' and 'testing'. We'll cover lessons learned from solving problems, and making mistakes, and steps we can take during the problem solving process e.g. for intermittent failures, and possible tool bugs. We'll discuss abstraction levels and the different levels of the technology stack to automate: how to do it, and how we make the decisions. We'll discuss coding primarily the differences, and the overlap, between the needs for coding for testing and coding for production deployment. We'll also cover some WebDriver specific answers to some of these questions. I'm also going to describe books and techniques that have helped me over the years when trying to deal with these questions on production projects.
Open source tools - Test Management Summit - 2009Alan Richardson
This document discusses open source and free test tools. It begins by defining a test tool as software used to augment the testing process. It then asks participants which tools they use, both open source/free tools like Selenium and commercial tools like Jira. The document explores reasons for using open source tools like cost and customization versus commercial tools like support. Finally, it discusses trends in commercial vs open source tools and strategies for effective tool usage.
What does Technical Testing mean? For Alan, it means going beyond requirements and using Technical Information about the implementation and an understanding of the technologies used in the building of the system to add to the risk profile and use to help derive test approaches. Using Web Testing as an example we explain how approaching testing from a technical perspective changes how you view the system and how you test. Also explained, how a technical understanding leads to a different use of tooling an automation. This webinar presented 1st April 2015 to Tabara De Testare
This document outlines Alan Richardson's webinar on technical testing. It discusses why technical testing is important given increasing technical complexity. It describes what technical testing entails, such as understanding databases and code. The document provides examples of technical testing concepts like boundary value analysis. It also discusses how to identify technical testing and what barriers may exist, emphasizing personal motivation. Finally, it suggests that with the right approach, anyone can learn technical testing and offers resources for further reading.
How to Improve Your Technical Test Ability - AADays 2015 KeynoteAlan Richardson
We often work on improving the testability of an application to better support our testing. And what if, in addition to this, we actively improved our "Test Ability"? Because then we can take advantage of the new and existing application features during our testing. Alan will describe the steps he has taken to improve his Test Ability. The main examples will be drawn from his experience of testing web and HTTP based applications. Alan will explain how you can use the inbuilt browser features to help you, and describe add-ons you can use. Also, how you can chain external tools like sniffers and proxies, and why you would want to. Because, and this is more important than the individual tool examples, Alan will describe how he models an application to identify gaps in his knowledge and tooling, and then improves his Technical Test Ability by filling those gaps.
Slides for Automation Guild 2016 Conference
If you want to automate, you learn to code, and you learn to code well.
“Automate” doesn’t mean “Automate Testing” it means “Automate part of your test process”.
You need to learn to code to do that with the most options open to you.
We’ll look at some ‘we do this alot’ and ‘we want to automate’ activities which we can use tools for. But we’ll also see that we are limited by the tools.
When we code, we can do a lot with minimum code, and gain a lot more flexibility.
Then we’ll cover how to think about learning to code.
solve a problem quickly (automate tactically)
solve a problem for the long term (automate strategically)
To work strategically we need to learn:
to code well,
understand refactoring,
libraries vs frameworks,
abstractions,
etc.
This talk isn’t just for beginners, we’ll cover stuff that should make it useful for the experts in the audience.
We’ll cover a lot in 45 mins, with code examples and tool examples, and I’ll make it all pretty practical.
For more details visit:
https://www.compendiumdev.co.uk/page/tag2017
Slides for Agile Testers Conference 2018
Technology Based Testing by Alan Richardson
What do you learn if you want to test 'beyond the acceptance criteria'? Technical risk based testing can help. In this case I'm going to use the phrase Technical Testing to cover: "identify technology based risks to drive testing". This thought process can help us make informed decisions about the scope of exploratory testing we will carry out. It also helps focus your studies on the technical knowledge appropriate for the project you are testing.
## Blurb
This requires:
- understanding of the technology
- risk identification
- tools applicable to the technology
This presentation will use a simple example to demonstrate that:
- Even simple technology can pose risk
- Combining simple technology can increase risk
- Understanding technology allows us to evaluate risk
* http://www.eviltester.com
* http://www.compendiumdev.co.uk
* https://twitter.com/eviltester
Black Ops Testing Workshop from Agile Testing Days 2014Alan Richardson
The document summarizes notes from a testing workshop on the Redmine project management application. Participants tested various aspects of Redmine and identified 15 bugs, including issues with PDF exports not containing all data, character encoding problems in CSVs, ability to delete the only admin account, and other data validation and synchronization bugs. Workshop leaders provided hints and interrupts to prompt deeper investigation and testing of areas like HTTP traffic, DOM manipulation, and breaking file exports.
I attended the Tabara de Testare testing group on 3rd February 2015 to present "Lessons Learned When Automating. A live stream from UK to Romania.
http://compendiumdev.co.uk/page/tabaradetestare201602
I've been asked some very challenging questions about lessons learned, and how decisions are made during the process of automating and performing technical testing. In this webinar I'm going to answer them based on my experience. We'll discus how we know 'what to automate' which means we have to split our analysis into 'detection' and 'testing'. We'll cover lessons learned from solving problems, and making mistakes, and steps we can take during the problem solving process e.g. for intermittent failures, and possible tool bugs. We'll discuss abstraction levels and the different levels of the technology stack to automate: how to do it, and how we make the decisions. We'll discuss coding primarily the differences, and the overlap, between the needs for coding for testing and coding for production deployment. We'll also cover some WebDriver specific answers to some of these questions. I'm also going to describe books and techniques that have helped me over the years when trying to deal with these questions on production projects.
Open source tools - Test Management Summit - 2009Alan Richardson
This document discusses open source and free test tools. It begins by defining a test tool as software used to augment the testing process. It then asks participants which tools they use, both open source/free tools like Selenium and commercial tools like Jira. The document explores reasons for using open source tools like cost and customization versus commercial tools like support. Finally, it discusses trends in commercial vs open source tools and strategies for effective tool usage.
What does Technical Testing mean? For Alan, it means going beyond requirements and using Technical Information about the implementation and an understanding of the technologies used in the building of the system to add to the risk profile and use to help derive test approaches. Using Web Testing as an example we explain how approaching testing from a technical perspective changes how you view the system and how you test. Also explained, how a technical understanding leads to a different use of tooling an automation. This webinar presented 1st April 2015 to Tabara De Testare
This document outlines Alan Richardson's webinar on technical testing. It discusses why technical testing is important given increasing technical complexity. It describes what technical testing entails, such as understanding databases and code. The document provides examples of technical testing concepts like boundary value analysis. It also discusses how to identify technical testing and what barriers may exist, emphasizing personal motivation. Finally, it suggests that with the right approach, anyone can learn technical testing and offers resources for further reading.
How to Improve Your Technical Test Ability - AADays 2015 KeynoteAlan Richardson
We often work on improving the testability of an application to better support our testing. And what if, in addition to this, we actively improved our "Test Ability"? Because then we can take advantage of the new and existing application features during our testing. Alan will describe the steps he has taken to improve his Test Ability. The main examples will be drawn from his experience of testing web and HTTP based applications. Alan will explain how you can use the inbuilt browser features to help you, and describe add-ons you can use. Also, how you can chain external tools like sniffers and proxies, and why you would want to. Because, and this is more important than the individual tool examples, Alan will describe how he models an application to identify gaps in his knowledge and tooling, and then improves his Technical Test Ability by filling those gaps.
Slides for Automation Guild 2016 Conference
If you want to automate, you learn to code, and you learn to code well.
“Automate” doesn’t mean “Automate Testing” it means “Automate part of your test process”.
You need to learn to code to do that with the most options open to you.
We’ll look at some ‘we do this alot’ and ‘we want to automate’ activities which we can use tools for. But we’ll also see that we are limited by the tools.
When we code, we can do a lot with minimum code, and gain a lot more flexibility.
Then we’ll cover how to think about learning to code.
solve a problem quickly (automate tactically)
solve a problem for the long term (automate strategically)
To work strategically we need to learn:
to code well,
understand refactoring,
libraries vs frameworks,
abstractions,
etc.
This talk isn’t just for beginners, we’ll cover stuff that should make it useful for the experts in the audience.
We’ll cover a lot in 45 mins, with code examples and tool examples, and I’ll make it all pretty practical.
For more details visit:
https://www.compendiumdev.co.uk/page/tag2017
Slides for Agile Testers Conference 2018
Technology Based Testing by Alan Richardson
What do you learn if you want to test 'beyond the acceptance criteria'? Technical risk based testing can help. In this case I'm going to use the phrase Technical Testing to cover: "identify technology based risks to drive testing". This thought process can help us make informed decisions about the scope of exploratory testing we will carry out. It also helps focus your studies on the technical knowledge appropriate for the project you are testing.
## Blurb
This requires:
- understanding of the technology
- risk identification
- tools applicable to the technology
This presentation will use a simple example to demonstrate that:
- Even simple technology can pose risk
- Combining simple technology can increase risk
- Understanding technology allows us to evaluate risk
* http://www.eviltester.com
* http://www.compendiumdev.co.uk
* https://twitter.com/eviltester
Black Ops Testing Workshop from Agile Testing Days 2014Alan Richardson
The document summarizes notes from a testing workshop on the Redmine project management application. Participants tested various aspects of Redmine and identified 15 bugs, including issues with PDF exports not containing all data, character encoding problems in CSVs, ability to delete the only admin account, and other data validation and synchronization bugs. Workshop leaders provided hints and interrupts to prompt deeper investigation and testing of areas like HTTP traffic, DOM manipulation, and breaking file exports.
The document discusses pushing functional testing further by exploring the technology used to build systems. It presents models for technical testing that involve modeling, observing, interrogating, and manipulating systems at different levels. Examples are given of technical testing approaches for a Java application and web application. The document notes overlap between technical testing and security testing. It provides suggestions for testers to increase their technical abilities, such as learning about technologies through books, online courses, and hands-on experience.
Risk Mitigation Using Exploratory and Technical Testing - QASymphony Webinar ...Alan Richardson
A Webinar on Risk Analysis and Management, Exploratory Testing, and Technical Testing.
I want to get across the model that I have for risks, which is that risks are “beliefs” and a result of our beliefs. We believe some things will go wrong more than others. And because our beliefs are limited but the range of risks is not, we need to somehow go beyond our beliefs and look at tools and processes for doing that.
Also we know that risk is important for testing. What I want to do in this talk is present risk as the underpinning and driving force behind everything we do in testing.
You can use risk to justify the stuff that you do as a tester. And you can use risk to derive your test scope as well as your test process.
# Automating Pragmatically
Testival Meetup 20190604
## Alan Richardson
- EvilTester.com
- @EvilTester
- compendiumdev.co.uk
- digitalonlinetactics.com
---
~~~~~~~~
Title: Automating Pragmatically
The online discussions of automating can leave me confused.
- Should you automate through the GUI?
- Should GUI automating be banned?
- Do all testers need to code? Is automating part of testing
or not?
- Do we need to automate to get a job?
In this short session Alan will discuss automating
from a pragmatic and contextual position and
share how he thinks about automating.
~~~~~~~~
In this talk I'm going to focus on the technical aspects of 'test automation', using examples of approaches from a variety of Agile projects where we automated APIs, and GUIs. You'll learn about the use of abstractions and how to think about modeling the system in code to support automating it. Also how to use these abstractions to support stress testing, exploratory testing, ongoing CI assertions and the testing process in general. I'll also discuss the different styles of coding used to support automating tactically vs automating strategically.
Automating Strategically or Tactically when TestingAlan Richardson
"Test Automation" can be viewed as strategic or tactical.
This presentation describes reasons for making this distinction and how you know if you are working strategically or tactically when you automate as part of your test approach.
Add More Security To Your Testing and Automating - Saucecon 2021Alan Richardson
Presented at SauceCon 2021, April.
More details: https://www.eviltester.com/conference/saucecon2021_conference/
Security Testing is a highly technical set of skills, covering a wide domain of knowledge that can take a long time to learn and gain proficiency. We already have enough to learn with Software Testing and even more when we add in Automating. So are there any simple ways to increase the scope of what we already do, that provide more insight into the security of our application? Answer: Yes. And in this talk we will cover practical steps, dos and don’ts to add some Security focus fast, without spending years learning how to Hack applications.
Much of the automating we do to support testing involves detecting change. Once our tests pass, they fail when the system changes and the automated execution alerts us to the change. There are other ways that automating can help us.
Automating Tactically vs Strategically SauceCon 2020Alan Richardson
One of the biggest concepts that has made a difference to my programming and automating in recent years is the concept of “Tactical vs. Strategic.” Automating tactically might be for a specific purpose, possibly small, possibly a bit rough around the edges, not necessarily completely robust for everyone, etc. And Strategic automation is more critical to long-term aims, maintained and maintainable, etc.
In this talk, Alan Richardson will provide examples of automating both Strategically and Tactically for activities as diverse as supporting testing, marketing and general life. We will also consider how and when to move from automating tactically to strategically, and how the concept has helped me change my programming style and how to write better code.
Test Bash Netherlands Alan Richardson "How to misuse 'Automation' for testing...Alan Richardson
This document discusses how to misuse automation tools for testing, fun, and productivity. It begins by defining terms like "misuse" and "tool" and discusses that tools can be used in unintended ways. It argues that any software used to support testing could be considered a testing tool. Examples are given of tools like Cucumber and Selenium that are often said to not be testing tools but could be used as such. The document advocates exploring what tools actually do at a technical level rather than only focusing on social or predefined models of how they should be used. The overall message is that misusing tools by focusing on their technical capabilities rather than limitations imposed by others can increase testing in fun and productive ways.
DevFest 14th Dec 2019 Bishkek
- Alan Richardson
https://www.eviltester.com/conference/devfestbishkek2019_conference
- EvilTester.com
- @EvilTester
- CompendiumDev.co.uk
---
Have you ever wondered how other people test applications? Not in theory, but in practice? What thought processes are used? How did they model the application? What tools were used? How did they track the testing? That's what this talk is all about. This talk will be based on a short Case Study of testing an open source web application. Why open source? Because then there is no commercial confidentiality about the process, tools or thought processes.
---
Alan will explain his thought processes, coverage, approaches, tools used, risks identified and results found. And generalise from this into reusable models and principles that can be applied to your testing. This covers the What?, and the Why? of practical exploratory web testing.
Secrets and Mysteries of Automated Execution Keynote slidesAlan Richardson
Test Automation, Programming Automation, Automated Execution. This presentations contains some high level models, abstractions and approaches for effective, non-flakey and maintainable automation.
https://www.eviltester.com
Effective Software Testing for Modern Software DevelopmentAlan Richardson
The document discusses modern software development and testing. It argues that testing is not a separate phase but rather a process that is customized and integrated into the overall development system to mitigate risks. Modern development processes build in safety controls like automated testing, but there are still risks to address like integration testing and exploring edge cases. The document advocates adapting methods to people and focusing testing on risks and uncertainties rather than definitions or roles.
How many times have your Selenium test suites run beautifully on one browser, only to fail when run in any other browser? This is an extremely common problem faced when incorporating cross-browser tests into your test runs. Not all browser drivers are created equally, but that doesn’t mean you can’t create a robust suite of cross-browser tests.
This presentation shares strategies for making cross-browser tests invincible. It focuses on topics such as using as choosing the best locators for all browsers, explicit vs. implicit waits and how to leverage cloud-based testing tools.
This presentation was given at SeleniumConf London in November 2016.
Slides from the Selenium Clinic Tutorial from Eurostar 2012 hosted by Simon Stewart and Alan Richardson. The tutorial was awarded "Best Tutorial" at the conference.
The reference slides were excerpted from Alan Richardson's online WebDriver course hosted at Udemy.
http://www.udemy.com/selenium-2-webdriver-basics-with-java/
Joy of Coding Conference 2019 slides - Alan RichardsonAlan Richardson
Adventures in Testing, Programming, Teaching, Automating and Marketing
When you already know how to code, it's easy to forget how hard some of that learning was... until you have to teach people. And if all you've ever built are applications, you don't know really know the nuances of writing code to automate them. And if you've written the code but never had to market the applications then you've not really experienced the full joy of coding.
In this presentation Alan will revisit many of his past projects to identify lessons learned. Lessons from: writing commercial and open source tools, multi-user adventure games, REST APIs, test automation, automating applications to make them do things they are not supposed to do, and coding for technical marketing.
Some lessons we will learn:
* The 'install' is the hardest part
* Writing frameworks is too much fun and should be banned
* Applications are just "code calling other libraries"
* Writing a Text Adventure s the most fun and educational thing you'll ever code
* The Dangers of knowing how to code
We will also learn the dangers of knowing how to code and discover how our coding skills can give us an edge, in business and online live in general, if we choose to harness our skills to improve our daily experiences.
My aim here is to tell you that I learned to work with Agility rather than work with the Agile Rituals and Definitions. And I learned to trust that working with Agility trumps Rituals and Definitions the hard way. Because sticking to rituals and definitions led to rigidity, rather than agility.
And then "What does testing look like when you adopt that mindset?"
In this presentation you will short cut your learning on the topic of Agility, so you understand "What does testing look like when you adopt an Agility mindset?". Applying this mind set naturally leads to incorporating exploratory testing, technical testing, automated execution, end to end testing and risk. Adopting this mindset allows you to fit into any Agile Software Development project and create a customized testing approach that works.
Keynote at the internal Rabobank Testing Conference on Feb 15th 2018 in Utrecht.
https://www.compendiumdev.co.uk/page/rabobank201802
Technical and Testing Challenges: Using the "Protect The Square" GameAlan Richardson
How good are your Technical Testing in the Browser and JavaScript skills? Put them to the test with the "Protect The Square" game.
https://www.compendiumdev.co.uk/games/buggygames/protect_the_square/protect_the_square.html
Odinstar 2017 - Real World Automating to Support TestingAlan Richardson
This document discusses strategies for automating testing tasks. It explores the difference between automating tactically and strategically. Tactical automation focuses on short-term goals like getting work done quickly, while strategic automation has agreed upon long-term goals. The document recommends automating flows through the system, abstracting the execution, and using multiple layers of abstraction. This helps create automation that is robust, flexible to change, and easy to maintain over time.
Using Proxies To Secure Applications And MoreJosh Sokol
The last Austin OWASP presentation of the year is a must see for anyone responsible for the security of a web application. It is a demonstration of the various types of proxy software and their uses. We've all heard about WebScarab, BurpSuite, RatProxy, or Paros but how familiar are you with actually using them to inspect for web security issues? Did you know that you can use RatProxy for W3C compliance validation? By the time you leave this presentation, you will be able to go back to your office and wow your co-workers with the amazing new proxy skills that you've acquired.
A Keynote presented at the May TestNet 2013. Silver Bullets are an ideal, and we should continue to strive for them, but never believe that we have finally found one.
The document discusses pushing functional testing further by exploring the technology used to build systems. It presents models for technical testing that involve modeling, observing, interrogating, and manipulating systems at different levels. Examples are given of technical testing approaches for a Java application and web application. The document notes overlap between technical testing and security testing. It provides suggestions for testers to increase their technical abilities, such as learning about technologies through books, online courses, and hands-on experience.
Risk Mitigation Using Exploratory and Technical Testing - QASymphony Webinar ...Alan Richardson
A Webinar on Risk Analysis and Management, Exploratory Testing, and Technical Testing.
I want to get across the model that I have for risks, which is that risks are “beliefs” and a result of our beliefs. We believe some things will go wrong more than others. And because our beliefs are limited but the range of risks is not, we need to somehow go beyond our beliefs and look at tools and processes for doing that.
Also we know that risk is important for testing. What I want to do in this talk is present risk as the underpinning and driving force behind everything we do in testing.
You can use risk to justify the stuff that you do as a tester. And you can use risk to derive your test scope as well as your test process.
# Automating Pragmatically
Testival Meetup 20190604
## Alan Richardson
- EvilTester.com
- @EvilTester
- compendiumdev.co.uk
- digitalonlinetactics.com
---
~~~~~~~~
Title: Automating Pragmatically
The online discussions of automating can leave me confused.
- Should you automate through the GUI?
- Should GUI automating be banned?
- Do all testers need to code? Is automating part of testing
or not?
- Do we need to automate to get a job?
In this short session Alan will discuss automating
from a pragmatic and contextual position and
share how he thinks about automating.
~~~~~~~~
In this talk I'm going to focus on the technical aspects of 'test automation', using examples of approaches from a variety of Agile projects where we automated APIs, and GUIs. You'll learn about the use of abstractions and how to think about modeling the system in code to support automating it. Also how to use these abstractions to support stress testing, exploratory testing, ongoing CI assertions and the testing process in general. I'll also discuss the different styles of coding used to support automating tactically vs automating strategically.
Automating Strategically or Tactically when TestingAlan Richardson
"Test Automation" can be viewed as strategic or tactical.
This presentation describes reasons for making this distinction and how you know if you are working strategically or tactically when you automate as part of your test approach.
Add More Security To Your Testing and Automating - Saucecon 2021Alan Richardson
Presented at SauceCon 2021, April.
More details: https://www.eviltester.com/conference/saucecon2021_conference/
Security Testing is a highly technical set of skills, covering a wide domain of knowledge that can take a long time to learn and gain proficiency. We already have enough to learn with Software Testing and even more when we add in Automating. So are there any simple ways to increase the scope of what we already do, that provide more insight into the security of our application? Answer: Yes. And in this talk we will cover practical steps, dos and don’ts to add some Security focus fast, without spending years learning how to Hack applications.
Much of the automating we do to support testing involves detecting change. Once our tests pass, they fail when the system changes and the automated execution alerts us to the change. There are other ways that automating can help us.
Automating Tactically vs Strategically SauceCon 2020Alan Richardson
One of the biggest concepts that has made a difference to my programming and automating in recent years is the concept of “Tactical vs. Strategic.” Automating tactically might be for a specific purpose, possibly small, possibly a bit rough around the edges, not necessarily completely robust for everyone, etc. And Strategic automation is more critical to long-term aims, maintained and maintainable, etc.
In this talk, Alan Richardson will provide examples of automating both Strategically and Tactically for activities as diverse as supporting testing, marketing and general life. We will also consider how and when to move from automating tactically to strategically, and how the concept has helped me change my programming style and how to write better code.
Test Bash Netherlands Alan Richardson "How to misuse 'Automation' for testing...Alan Richardson
This document discusses how to misuse automation tools for testing, fun, and productivity. It begins by defining terms like "misuse" and "tool" and discusses that tools can be used in unintended ways. It argues that any software used to support testing could be considered a testing tool. Examples are given of tools like Cucumber and Selenium that are often said to not be testing tools but could be used as such. The document advocates exploring what tools actually do at a technical level rather than only focusing on social or predefined models of how they should be used. The overall message is that misusing tools by focusing on their technical capabilities rather than limitations imposed by others can increase testing in fun and productive ways.
DevFest 14th Dec 2019 Bishkek
- Alan Richardson
https://www.eviltester.com/conference/devfestbishkek2019_conference
- EvilTester.com
- @EvilTester
- CompendiumDev.co.uk
---
Have you ever wondered how other people test applications? Not in theory, but in practice? What thought processes are used? How did they model the application? What tools were used? How did they track the testing? That's what this talk is all about. This talk will be based on a short Case Study of testing an open source web application. Why open source? Because then there is no commercial confidentiality about the process, tools or thought processes.
---
Alan will explain his thought processes, coverage, approaches, tools used, risks identified and results found. And generalise from this into reusable models and principles that can be applied to your testing. This covers the What?, and the Why? of practical exploratory web testing.
Secrets and Mysteries of Automated Execution Keynote slidesAlan Richardson
Test Automation, Programming Automation, Automated Execution. This presentations contains some high level models, abstractions and approaches for effective, non-flakey and maintainable automation.
https://www.eviltester.com
Effective Software Testing for Modern Software DevelopmentAlan Richardson
The document discusses modern software development and testing. It argues that testing is not a separate phase but rather a process that is customized and integrated into the overall development system to mitigate risks. Modern development processes build in safety controls like automated testing, but there are still risks to address like integration testing and exploring edge cases. The document advocates adapting methods to people and focusing testing on risks and uncertainties rather than definitions or roles.
How many times have your Selenium test suites run beautifully on one browser, only to fail when run in any other browser? This is an extremely common problem faced when incorporating cross-browser tests into your test runs. Not all browser drivers are created equally, but that doesn’t mean you can’t create a robust suite of cross-browser tests.
This presentation shares strategies for making cross-browser tests invincible. It focuses on topics such as using as choosing the best locators for all browsers, explicit vs. implicit waits and how to leverage cloud-based testing tools.
This presentation was given at SeleniumConf London in November 2016.
Slides from the Selenium Clinic Tutorial from Eurostar 2012 hosted by Simon Stewart and Alan Richardson. The tutorial was awarded "Best Tutorial" at the conference.
The reference slides were excerpted from Alan Richardson's online WebDriver course hosted at Udemy.
http://www.udemy.com/selenium-2-webdriver-basics-with-java/
Joy of Coding Conference 2019 slides - Alan RichardsonAlan Richardson
Adventures in Testing, Programming, Teaching, Automating and Marketing
When you already know how to code, it's easy to forget how hard some of that learning was... until you have to teach people. And if all you've ever built are applications, you don't know really know the nuances of writing code to automate them. And if you've written the code but never had to market the applications then you've not really experienced the full joy of coding.
In this presentation Alan will revisit many of his past projects to identify lessons learned. Lessons from: writing commercial and open source tools, multi-user adventure games, REST APIs, test automation, automating applications to make them do things they are not supposed to do, and coding for technical marketing.
Some lessons we will learn:
* The 'install' is the hardest part
* Writing frameworks is too much fun and should be banned
* Applications are just "code calling other libraries"
* Writing a Text Adventure s the most fun and educational thing you'll ever code
* The Dangers of knowing how to code
We will also learn the dangers of knowing how to code and discover how our coding skills can give us an edge, in business and online live in general, if we choose to harness our skills to improve our daily experiences.
My aim here is to tell you that I learned to work with Agility rather than work with the Agile Rituals and Definitions. And I learned to trust that working with Agility trumps Rituals and Definitions the hard way. Because sticking to rituals and definitions led to rigidity, rather than agility.
And then "What does testing look like when you adopt that mindset?"
In this presentation you will short cut your learning on the topic of Agility, so you understand "What does testing look like when you adopt an Agility mindset?". Applying this mind set naturally leads to incorporating exploratory testing, technical testing, automated execution, end to end testing and risk. Adopting this mindset allows you to fit into any Agile Software Development project and create a customized testing approach that works.
Keynote at the internal Rabobank Testing Conference on Feb 15th 2018 in Utrecht.
https://www.compendiumdev.co.uk/page/rabobank201802
Technical and Testing Challenges: Using the "Protect The Square" GameAlan Richardson
How good are your Technical Testing in the Browser and JavaScript skills? Put them to the test with the "Protect The Square" game.
https://www.compendiumdev.co.uk/games/buggygames/protect_the_square/protect_the_square.html
Odinstar 2017 - Real World Automating to Support TestingAlan Richardson
This document discusses strategies for automating testing tasks. It explores the difference between automating tactically and strategically. Tactical automation focuses on short-term goals like getting work done quickly, while strategic automation has agreed upon long-term goals. The document recommends automating flows through the system, abstracting the execution, and using multiple layers of abstraction. This helps create automation that is robust, flexible to change, and easy to maintain over time.
Using Proxies To Secure Applications And MoreJosh Sokol
The last Austin OWASP presentation of the year is a must see for anyone responsible for the security of a web application. It is a demonstration of the various types of proxy software and their uses. We've all heard about WebScarab, BurpSuite, RatProxy, or Paros but how familiar are you with actually using them to inspect for web security issues? Did you know that you can use RatProxy for W3C compliance validation? By the time you leave this presentation, you will be able to go back to your office and wow your co-workers with the amazing new proxy skills that you've acquired.
A Keynote presented at the May TestNet 2013. Silver Bullets are an ideal, and we should continue to strive for them, but never believe that we have finally found one.
The slides for "Unconventional Influences" keynote given by Alan Richardson at Eurostar 2012, 6th November 2012 at the Amsterdam RAI
You can find more papers and conference talks by Alan Richardson at http://compendiumdev.co.uk
Daniel billing exploring the security testers toolboxRomania Testing
This document outlines the agenda for a security testing workshop. The objectives include introductions, threat modeling, exploring the OWASP Top 10 vulnerabilities, and using security tools like Fiddler, ZAP, and Burp Suite. The workshop will demonstrate how to use these tools to explore vulnerable web applications like Gruyere and AltoroMutual. Attendees will learn about vulnerabilities like SQL injection, XSS, and CSRF. They will practice threat modeling, passive scanning, active scanning, and fuzzing. Finally, the workshop discusses chaining tools together and extending one's security testing capabilities.
The slides for the Oredev 2014 talk "confessions of an accidental Security Tester" - describing the various approaches and bad habits that I use, which allow me to stumble on to security problems.
The document discusses test-driven development (TDD) in Swift. It explains that TDD involves writing tests before implementation to gain confidence and verify requirements are met. Automated tests allow for faster regression testing, easier refactoring, and continuous integration. The document recommends writing tests first to produce loosely coupled code aligned with requirements. It provides examples of TDD best practices and common pitfalls to avoid.
1. The document discusses test-driven development (TDD) in Swift, including why it is important to write tests before implementation. Automated tests provide confidence, verification of requirements, and help identify weak areas of code.
2. TDD involves writing tests first to define requirements before writing any code. This forces developers to think about design and creates loosely coupled, independent code modules.
3. Common pitfalls to avoid in TDD include not testing behaviors, having dependent tests, not refactoring code, and testing private methods or external libraries. Best practices include using a good architecture, protocols to isolate classes, and structured tests with arrange, act, assert format.
The document discusses the importance of server monitoring and provides an overview of common monitoring tools. It recommends starting with Nagios and Munin to monitor servers, services, applications and network traffic. The document also introduces Puppet as an easy way to automate the installation and configuration of monitoring tools. It provides a code example that uses Puppet to set up Nagios, Munin and an APC dashboard with minimal effort.
Tired of doing upfront test script creation in your testing efforts? Feeling bad for demotivating your testers? Want something to replace this sickening approach to software testing? This presentation outlines why test scripts are not useful, and how test ideas are the new way forward to better testing. Coverage, traceability, reporting, automation and skills are all covered. Take a quick look and see if you can see there is another way to do software testing that is actually pure common sense.
Jay Luker will be presenting an introduction to Ghost Inspector, a cloud-based web UI testing service that takes some (some!) of the pain away from creating browser-based, web application tests. Think Selenium, but for projects that are short on the resources, infrastructure and/or coding expertise to confidently develop and manage a suite of fully automated, “good-enough” UI tests.
Jay is a Senior Software Engineer at Harvard DCE where he works on back-end applications and software for analytics data collection, deployment automation, and integration testing for the Extension School’s video processing and delivery system. Previously he has been an IT Specialist at the Smithsonian Astrophysics Data System, and a Software Developer at Ex Libris.
WordCamp Milwaukee 2012 - Aaron Saray - Secure Wordpress CodingAaron Saray
Secure Wordpress Coding
The document provides an overview of secure coding practices for Wordpress websites. It discusses common security vulnerabilities like SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). It emphasizes the importance of filtering user input to prevent exploits. The document also covers secure theme development practices, such as using built-in Wordpress functions and filters. Maintaining and updating Wordpress core, plugins, and themes is key to keeping sites secure.
This document discusses using TurboGears web application frameworks on both Python 2 and Python 3. It describes setting up separate Python 2 and Python 3 environments to develop TurboGears apps, installing TurboGears on both, and creating a basic app that renders templates. It also covers TurboGears features like object dispatch routing, template engines, database access using SQLAlchemy/Ming, and authentication.
The document summarizes a presentation on MUnit testing in MuleSoft. It includes an agenda that covers an introduction to MUnit, the MUnit test recorder and parameterizations, and quizzes. The presentation discusses types of testing, how MUnit works, its sub-modules and scopes, how the test recorder captures test data and generates tests, and how to use parameterizations in tests through YAML and configuration XML. It concludes with a demo and final quiz questions.
Tools and libraries for common problems (Early Draft)rc2209
This is an early draft, actual slides: https://www.slideshare.net/rc2209/tools-and-libraries-for-common-android-problems
In this talk I cover a wide variety of tools to solve all types of well solved Android Problems. I discuss best practices, gotchas, problems and great solutions.
Introduction to Web Application Security - Blackhoodie US 2018Niranjanaa Ragupathy
This document provides an introduction to web application security. It outlines common web attacks like cross-site request forgery (CSRF), cross-site scripting (XSS), SQL injection, and others. The document discusses how attackers view web applications and objectives for understanding how to exploit vulnerabilities. It also covers important web concepts like HTTP methods and headers, cookies, DOM, CORS, and the same-origin policy. The document is presented by three security engineers and provides an agenda for two days of training on web application security testing.
How to establish ways of working that allows shifting-left of the automation ...Max Barrass
Why Automate?
Your application will grow, you will not have enough hands
You are blocked by development
Hidden factory costs of bug-fix cycle
Why Shift-Left?
More people to negate massive inspections
Define measurable success early, work on good parts.
Reduce occurrence of defects
What is this got to do with Ways of working?
Unlock capacity
Make people smile
Is not
a Department
extra cost
a final oversight or a massive inspection
someone else’s job
Is
Everyone’s responsibility
Build into the ways of working
Everyone’s job
Protractor End To End Testing For AngularJSKnoldus Inc.
Brief about protractor and why it is needed. Some pros and cons of Protractor. Basic architecture with set up and configurations.
A few locator strategies and Design pattern which can be used with Protractor control Flow. Basic coverage about Promises.
A demo that shows the difference between selenium run time and protractor run time.
The document discusses LinkedIn's "3x3" approach to software development, which aims to release code three times per day within three hours of a code commit. It outlines the challenges with their previous release process and describes how they implemented continuous integration, automated testing, and distribution methods to achieve much faster release cycles. Key aspects included static analysis, unit testing, automated UI testing across emulators in parallel, and distributing builds to alpha, beta, and production channels on Google Play. The approach enabled LinkedIn to release code over 130 times per year and get feedback from users much more quickly.
Android Platform Debugging and DevelopmentOpersys inc.
This document provides an overview of debugging and development tools for the Android platform. It discusses setting up the development environment in Android Studio and explores tools for observing system behavior like logcat and dumpsys. Symbolic debugging with gdb and ftrace for dynamic tracing are covered. The document also summarizes benchmarking tools and concludes by discussing challenges with systrace and perf on Android.
The document provides recommendations for various tools to analyze website usage including web analytics, feedback tools, session recording software, usability testing options, A/B testing platforms, and testing tools for browsers, email, mobile, and performance. It also lists numerous specific software and services for each category to help optimize websites through user research and experimentation. Resources for conversion rate optimization techniques and best practices are also referenced.
Similar to The Evil Tester's Guide to HTTP proxies Tutorial (20)
The recording in https://eviltester.com/talks has:
- longer practice session recording
- live recording - local recording better quality
- 8 bonus recordings with an extra hour of material
- will automation take over
- impact of buzzwords
- how to cope with trends
- contextual problem solving
- information about the references
- exercises
- behind the scenes look at how the talk was prepared and tools used
- transcripts
- subtitles
Programming katas for Software Testers - CounterStringsAlan Richardson
What would be suitable Code Katas for people wanting to learn how to code to support their testing?
CounterStrings
- `*3*5*7*9*12*15*`
A CounterString is a string like this `*3*5*7*9*12*15*` where the `*` represent the position in the string of the number immediately proceeding it. This is a 15 character CounterString.
These are useful because if you paste them into a field, and are truncated then it is easy to see what they were truncated to, it is as James Bach describes it, self documenting test data.
https://www.eviltester.com/blog/eviltester/2019-02-27-programming-katas-for-testers/
About Consultant Alan Richardson Compendium Developments Evil TesterAlan Richardson
Compendium Developments Ltd is a software consultancy company that provides hands-on assistance and expertise to help software development teams test and improve their software through pragmatic solutions. They offer plain speaking advice based on experience to quickly solve clients' unique problems and guide them to make the right decisions for their situation. The company website provides additional information and ways to connect through social media platforms.
What is Shift Left Testing? Do you need to use that term to improve your Software Testing and Development process? I don't think so.
- why I don't use the term Shift Left
- Explanation of what Shift Left means when people use it
- Explanation of what Shift Left might mean when people hear it
- How to Shift Left incorrectly
- How to improve your test process without using the phrase Shift Left.
Hire me for consultancy and buy my online books and training at:
- https://compendiumdev.co.uk
- http://eviltester.com
- http://seleniumsimplified.com
- http://javafortesters.com
Have you ever wished that you had a worked example of how to test a REST API?
Not just automate the API, but how to interact with it with command line tools, and GUI tools to support your manual interactive testing. And then take your testing forward into automating the API?
That's what this book provides.
Read the 74 page sample and find out more information on the book page.
https://www.compendiumdev.co.uk/page/tracksrestapibook
The full book has over 200 pages of actual hands on case study information that can improve your testing and automating of REST API based applications.
TDD - Test Driven Development - Java JUnit FizzBuzzAlan Richardson
A short example Test Driven Development session where I code FizzBuzz.
FizzBuzz is often used as a programming interview question and as a Kata for practicing your coding.
The GitHub code repository with the Java code for this exercise is available at:
https://github.com/eviltester/fizzbuzz
Read the blog post for the video:
http://blog.eviltester.com/2018/03/tdd-test-driven-development-java-junit.html
Your Automated Execution Does Not Have to be FlakyAlan Richardson
Alan Richardson will present on how to remove intermittent failures from automated test execution. Common causes of intermittency include lack of synchronization, parallel test interference, long running tests, difficulty automating the system under test, outdated tools, uncontrolled test preconditions, incorrect assumptions in assertions, and uncontrolled data. Richardson will provide examples of each cause and recommend solutions such as adding synchronization, isolating test environments, controlling data, and investigating failures rather than assuming tests are "flaky". The goal is to convince attendees that intermittent failures are a result of unresolved issues, not flaws in tests, and can be addressed through proper testing practices.
What is Testability vs Automatability? How to improve your Software Testing.Alan Richardson
Testability is different from Automatability.
- Testability - does the application have features that make it easier for a human to test?
- Automatizability (Automatability) - does the application have features that make it easier to control and interrogate by another application.
You will learn:
- What is Testability?
- What is automatability?
- What is automatizability?
- Adding testability features can introduce risk.
- Features that aid automated execution, can overlap with features that aid testing, but they are not the same.
This document discusses testing approaches on agile projects. It states that testing on agile projects focuses on finding and preventing problems through techniques like feedback and risk assessment. Testing is integrated into the development process and strips away extras like separate test documents, scripts, and tools. The key is for testing to adapt to changes in risk, skills, architecture and timescales as the process changes, and to involve everyone by making testing a part of development.
A Common Sense Guide to Agile Development and Testing that might just change your Agile approach forever.
Answering the 9 most common questions asked about Agile Testing:
- What is Agile Testing?
- Do we still need testers in Agile?
- What is an Agile Tester?
- What does a Software Tester Actually Do?
- Should we automate our testing?
- What tools should we use for our Agile Testing?
- How Much Should we Automate?
- How can we automate and still finish the sprint?
- How can we finish all our testing in the sprint?
A high quality download of the 9 points as a free "Print out and Keep" Poster is available at http://eviltester.com/agile
The Evil Tester Show - Episode 001 Halloween 2017Alan Richardson
The Evil Tester Show - Episode 001 Halloween 2017
## Halloween Special 2017
## Alan Richardson
- Houdini
- Charles Fort
- Ghost Hunting
- Unconventional Influences
http://eviltester.com/show/001-halloween-2017/
---
# _TLDR; The world needs a new Testing Podcast, so I created one_
---
# We are in the Uncertainty Business.
We find and investigate anomalous Phenomena
## Anomalous - "deviating from what is standard, normal, or expected."
We are part of a long tradition of Anomalous Phenomena seekers.
---
# The Podcast
- [Audio]
https://eviltester.podbean.com/e/the-evil-tester-show-episode-001-halloween-special-2017/
- [Video]
https://youtu.be/TLMtOM0FXRA
- [Show Notes]
http://eviltester.com/show/001-halloween-2017/
Software Testing Terms Defined. Answering the FAQ "What is Regression Testing?"
- What is Regression Testing?
- How to do Regression Testing?
- Why do we do Regression Testing?
- How to re-think Regression Testing in terms of Risk?
Simple ways to add and work with a `.jar` file in your local maven setupAlan Richardson
TL;DR Hack - add as a library in IntelliJ project. Tactic - add as system scope in maven. Tactic/Strategic - install locally to .m2. Strategic - use a repository management tool, publish to maven central
Sometimes you want to work with a jar file that isn't hosted in maven central.
It might be a 3rd party jar, it might be one that you have written.
Regardless.
You have a lot of options for this. The approaches that I have used:
- add .jar files as an IntelliJ project dependency
- install it locally to your .m2 repository
- add it to your project as a system scoped file
- use a repository management tool like Nexus or Archiva
- publish the dependency to maven central
Re-thinking Test Automation and Test Process Modelling (in pictures)Alan Richardson
- Why do we talk about Test Automation the way we do?
- Why do we talk about 100% Test Automation?
- How do we model automation as part of our Test Process?
- How does Testing provide information?
- Why was a Waterfall Test Process Different from an Agile Process?
- Why, in reality, both processes are fundamentally the same.
- How we modelled "Test Automation" incorrectly, and an alternative way to model it.
Read the associated blog post at http://blog.eviltester.com/2017/09/rethinking-test-process-automation-modelling.html
Learning in Public - A How to Speak in Public WorkshopAlan Richardson
Glossophobia, the fear of public speaking, usually ranks pretty high on surveys of 'what people fear'. And for good reason. We've all attended conferences where the keynote speakers were seriously injured after being hit by a torrent of rolled up feedback forms, or speakers were left bleeding from a rain of plastic name badges thrown Shuriken-like by the Ninja trained attendees.
You can learn to avoid these outcomes, and when you do, you gain a skill that will win you recognition, improve your job prospects and allow you to travel the world talking to fellow testers.
In this workshop Alan will provide hints and tips for improving your public speaking. Sharing, from experience, what works for him, and discuss some conventional wisdom on public speaking. Alan will also share a few secrets, and unconventional exercises that he uses to prepare.
Public speaking is a skill we have to learn in public, but it is a skill, it is learn-able, and it is a skill that you can learn.
Read more in the supporting blog post:
http://blog.eviltester.com/2017/09/overcome-imposter-syndrome-public-speaking.html
How to Practise to Remove Fear of Public SpeakingAlan Richardson
Tips on how to overcome fear of public speaking:
- the 'fear' is a learned response, it is not innate
- recognise that it is not fear, it is excitement
- channel the excitement into energy to boost your talk
- practice with different styles of presentation
- record yourself practicing
- practice out loud, as well as in your head.
Speaking in public is a skill, that you can develop if you care enough about the message that you want to deliver. It is simply practice, and you can do that.
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
The Evil Tester's Guide to HTTP proxies Tutorial
1. The Evil Tester's Guide to
HTTP Proxies
A Tutorial for TestNet May 2013
Alan Richardson
@eviltester
www.eviltester.com
www.compendiumdev.co.uk
www.seleniumsimplified.com
@eviltester
slides: http://unow.be/at/gtn_tute
2. Logistics
● 09:30
● xx:xx half hour break
● 13:00
Only 3 hours!
1st Hour: Theory & Modern Browsers
● 20 mins Intro, basic theory
● 5 Mins 'Modern Browsers
● 5 Mins Demo
● 15 minutes browser exercise
● 15 minutes debrief
2nd Hour: BurpSuite
● 10 mins Introduction to proxies
● 20 mins BurpSuite overview
● 15 minutes BurpSuite Exercise
● 15 minutes BurpSuite debrief and
questions
3rd Hour: Fiddler & End Notes
● 15 mins fiddler overview
● 15 minute Exercise
● 15 minute debrief and questions
● 10 minute end notes
● 5 minutes Q&A
@eviltester
slides: http://unow.be/at/gtn_tute
3. Blurb: Evil Tester guide - HTTP proxies
I test a lot of web applications. I use proxy servers to interrogate
and manipulate web traffic. So in this tutorial I want to introduce
you to the basics of proxy servers, using BurpSuite and Fiddler.
We will cover and go beyond the obvious interrogation and manipulation
traffic and also look at how to use autoresponders, custom rules and
traffic generators. The different capabilities of the tools and how to
use them in combination.
And as a bonus we will look at the new features in modern browsers
that help you achieve some of the proxy benefits out of the box, for
those moments when you have to test unarmed.
As well as the tools I want to cover the thought processes and models
that help you get the best from the tools because "Form can follow
features" and "Terrain can inform technique".
@eviltester
slides: http://unow.be/at/gtn_tute
6. The MORIM Loop - Model
● Model
○
●
●
●
●
Build a layered model of the
application functionality, flows,
technology usage, etc.
Observe
Reflect
Interrogate
Manipulate
@eviltester
slides: http://unow.be/at/gtn_tute
7. The MORIM Loop - Observe
● Model
● Observe
○
○
○
○
At every layer, what can you see?
Can you increase the depth of
observation.
Do you understand what you see?
What else could you observe?
● Reflect
● Interrogate
@eviltester
slides: http://unow.be/at/gtn_tute
8. The MORIM Loop - Reflect
● Model
● Observe
● Reflect
○
○
○
○
○
Expand the model,
Intent - for deliberate action
Analyse the observations
What does that imply?
How? Risks? What else?
When?
● Interrogate
@eviltester
● Manipulate
slides: http://unow.be/at/gtn_tute
9. The MORIM Loop - Interrogate
●
●
●
●
Model
Observe
Reflect
Interrogate
○
○
○
○
Deep dive into observed data
Breakpoint
Correlate data changes with state
etc.
● Manipulate
@eviltester
slides: http://unow.be/at/gtn_tute
10. The MORIM Loop - Manipulate
●
●
●
●
●
Model
Observe
Reflect
Interrogate
Manipulate
○
○
○
○
@eviltester
Edit the data
Change the state
Edit the communication
Change the environment context
e.g. speed, memory, etc.
slides: http://unow.be/at/gtn_tute
11. The MORIM Loop - Utilisation
●
●
●
●
●
Repeat
Transpose - do the events in any order
Learn
Deliberately decide what to try next
Do it - take advantage of what happens
@eviltester
slides: http://unow.be/at/gtn_tute
12. During all the exercises; Consider:
Observation
● What are you observing. What are you not
observing. What do you want to observe?
Why?
Interrogation
● What do you want to see in more detail?
How can you do that? Why?
Manipulation
● What do you want to amend? How could
you? Why?
@eviltester
slides: http://unow.be/at/gtn_tute
14. High Level Generic Architecture
Browser
Server
Traffic
<-HTTP->
●
●
●
●
●
●
●
●
●
●
@eviltester
client side state
Cookie Management
Local Storage
HTML rendering
JavaScript Execution
etc.
●
●
●
forms
XML
JSON
etc.
●
Web Server
App Server
Database
server side state
slides: http://unow.be/at/gtn_tute
16. Modern Browsers
● Dev Tools
● Observe Network Traffic
● Interrogate & Manipulate
○ DOM
○ Data - cookies, local storage
● Differing capabilities between browsers
"Don't get hung up on 'I need to test on
BrowserX' - use them all, even while you
focus on BrowserX"
@eviltester
slides: http://unow.be/at/gtn_tute
18. Augment Browsers
● Out of the box experience continually
improves
● Use browser plugins to increase the
functionality of the browser even further
@eviltester
slides: http://unow.be/at/gtn_tute
19. Gruyere - Cloud app to test against
A Google App Engine hosted application to
learn security testing for common
vulnerabilities.
Read the Instructions
● http://google-gruyere.appspot.com/
Create a new instance
● http://google-gruyere.appspot.com/start
@eviltester
slides: http://unow.be/at/gtn_tute
20. For local App Testing
●
WebGoat
○
http://code.google.com/p/webgoat/
Or anything from BitNami
bitnami.org
21. Modern Browser Exercise
1. Decide on a browser: IE, Firefox, Opera,
Chrome
2. Find the Dev Tools in the browser
3. Visit http://google-gruyere.appspot.com/start
4. Explore and investigate the Browser
capabilities using this app
5. Debrief in 15 mins
● What "Observe, Interrogate, Manipulate" capabilities
did the browser have?
● What did you want them to have?
● Other thoughts?
@eviltester
slides: http://unow.be/at/gtn_tute
24. What is an HTTP Proxy?
● Sits between browser and server
● route all requests through the proxy
Browser -> Request -> Proxy -> Server
Browser <- Proxy <- Response <- Server
Https handled by 'man in the middle' certificate
use.
@eviltester
slides: http://unow.be/at/gtn_tute
25. Why should a tester care?
● Learn
○ HTTP
○ JSON
○ App Architecture
●
●
●
●
Observe & Manipulate Traffic
Simulate Network Speeds
Simulate different browsers
Test new css and js without a release to
main site
● Test extreme '4xx', '5xx' conditions
@eviltester
slides: http://unow.be/at/gtn_tute
26. When should you use it?
● Almost all the time
@eviltester
slides: http://unow.be/at/gtn_tute
27. When should you not use it?
● confirm a defect happens without the proxy
● streaming?
● long polling?
A proxy is invasive, and can impact your
results. So you need to double check your
results without the proxy.
But the value trumps the risk.
@eviltester
slides: http://unow.be/at/gtn_tute
33. Configure Browser to use a Proxy
● Chrome, IE all use the System Internet
Settings
● Firefox and Opera can maintain proxy
settings independently of system settings
34. Configure Chrome to use a Proxy
● ChromeSettings search for proxy
● Use the normal system proxy settings
● Chrome Incognito and normal mode share
proxy settings
35. Configure Firefox to use a Proxy
● FirefoxOptions
○ AdvancedNetwork
■ Connection [Settings...]
■ Manual proxy configuration:
■ use value listed in ProxyOptions Listeners
■ ignore the "No Proxy For"
● If you already configured IE or Chrome then
you could use System Proxy Settings
36. Configure Opera to use a Proxy
● SettingsPreferences
○ AdvancedNetwork
○ [Proxy Servers...]
○ use config from ProxyOptions
● F12 can quickly toggle proxy on off once
configured
37. Configure IE to use a Proxy
● Config options
○ Connections
■ Lan settings
●
Use Proxy Server
○ use details from ProxyOptions
38. You may be asked about proxy
certificate (BurpSuite portswigger)
● Adhoc - Add it as an exception
● To remove exception
○ Firefox
■ OptionsAdvancedEncryption
■ view certificates
●
servers (PortSwigger)
○ Chrome
■ Settings search for manage certificates
○ Opera
■ Preferences
●
●
AdvancedSecurity
Manage Certificates...
○ IE
■ Config Internet Options Content [Certificates]
40. What is BurpSuite?
● Java based Proxy
● Professional and Free License
○ Pro designed for security professionals
○ Free version usually good enough for testing
● Book: "The Web Application Hacker's
Handbook"
● http://portswigger.net/burp/download.html
@eviltester
slides: http://unow.be/at/gtn_tute
41. Basic Features For Testing
●
●
●
●
●
●
Proxy
Spider
Repeater
Sequencer
Decoder
Comparer
@eviltester
slides: http://unow.be/at/gtn_tute
42. How to Install & Run
● Download the .jar file
○ http://portswigger.net/burp/download.html
● Double click or "java -jar burpsuite_free_vx.
x.jar"
○ where x.x is the version you downloaded
@eviltester
slides: http://unow.be/at/gtn_tute
44. Exercise - explore tool and proxy
capabilities
● 20 mins explore, 10 mins debrief
● Use BurpSuite on guyere
○
○
○
○
○
Setup the proxy
Config browser to point to browser
Choose a site and browse
View the Traffic
View sitemap
■ visit pages you haven't been that sitemap found
○ Repeat requests
○ Tamper Traffic
○ do any of the pages lend themselves to sequencing?
@eviltester
slides: http://unow.be/at/gtn_tute
47. What is Fiddler?
● .net based (v2 & v4)
● http://www.fiddler2.com/
● now owned by Teleric
@eviltester
slides: http://unow.be/at/gtn_tute
48. Obvious Differences
● Automatically hooks into Windows System
Proxy
○ IE & Chrome use by default without configuration
○ This makes it good for beginners
● HTTPS decryption off by default
○ Tools Fiddler Options
■ HTTPS tab
●
@eviltester
Decrypt HTTPS traffic
slides: http://unow.be/at/gtn_tute
51. Exercise - explore proxy
functionality and compare with
BurpSuite
●
●
●
●
Any new functionality I didn't mention?
Which is easier?
Any missing functionality?
Can you chain proxies?
@eviltester
slides: http://unow.be/at/gtn_tute
53. Isn't this just Security Testing?
Yes, No?
Opinions?
@eviltester
slides: http://unow.be/at/gtn_tute
54. Observation & Manipulation
Comments on what you observed?
● What didn't you observe?
● What did you want to observe?
● What could you not observe?
Comments on Manipulation?
● What did you manipulate?
● What did you want to manipulate?
● What could you not manipulate?
@eviltester
slides: http://unow.be/at/gtn_tute
55. What makes a difference?
You can manipulate a whole bunch of things,
why would you want to manipulate the:
●
●
●
●
●
Header?
Body?
Request URI?
Params?
Payload?
@eviltester
slides: http://unow.be/at/gtn_tute
56. Inspiration from Form
What can this tool do? == New test ideas!
e.g.
● what does the autoresponder feature let me
do?
● What could I use the save as HAR file for?
● etc.
@eviltester
slides: http://unow.be/at/gtn_tute
59. Books
● The Web Application Hacker's Handbook
○ www.amazon.com/exec/obidos/ASIN/1118026470
○ www.amazon.co.uk/exec/obidos/ASIN/1118026470
● Debugging with Fiddler by Eric Lawrence
○ www.amazon.com/exec/obidos/ASIN/1475024487
○ www.amazon.co.uk/exec/obidos/ASIN/1475024487
@eviltester
slides: http://unow.be/at/gtn_tute
61. Apps to test against
● http://google-gruyere.appspot.com/part1
○ http://google-gruyere.appspot.com/start
● https://hack.me/
● http://demo.testfire.net/
● WebGoat
○ http://code.google.com/p/webgoat/
● Lists of Apps to Test Against
○ http://blog.taddong.com/2011/10/hacking-vulnerableweb-applications.html
@eviltester
slides: http://unow.be/at/gtn_tute
63. Alan Richardson is an Independent Test
Consultant based in the UK. He offers training
and consultancy in Selenium WebDriver,
exploratory and technical web testing.
●
uk.linkedin.com/in/eviltester
Contact Alan for training and
consultancy tailored to your needs:
alan@compendiumdev.co.uk
Blogs and Websites
●
●
●
SeleniumSimplified.com
EvilTester.com
Testing Papers and Tools
○ CompendiumDev.co.uk
Twitter: @eviltester
Online Training Courses
●
●
●
Technical Web Testing 101
○ Unow.be/at/udemy101
Intro to Selenium
○ Unow.be/at/udemystart
Selenium 2 WebDriver API
○ Unow.be/at/udemyapi
Videos
youtube.com/user/EviltesterVideos
Books
Selenium Simplified
Unow.be/rc/selsimp