Learn about the benefits of writing unit tests. You will spend less time fixing bugs and you will get a better design for your software. Some of the questions answered are:
Why should I, as a developer, write tests?
How can I improve the software design by writing tests?
How can I save time, by spending time writing tests?
When should I write unit tests and when should I write system tests?
Learn about the benefits of writing unit tests. You will spend less time fixing bugs and you will get a better design for your software. Some of the questions answered are:
Why should I, as a developer, write tests?
How can I improve the software design by writing tests?
How can I save time, by spending time writing tests?
When should I write unit tests and when should I write system tests?
Why your company loves to welcome change but sucks at accommodating itFarooq Ali
The need for sound engineering practices in Agile. A look at a very common Agile anti-pattern (Flaccid Scrum) found in large organizations, and how to fix it.
Talk about Specification by Example. What's the problems it tries to tackle and how to solve them.
I gave this talk at wiggle.com like a brown-bag sessions after attending to a workshop from Gojko Adzic at agiliaconference.com.
How to Add Test Automation to your Quality Assurance ToolbeltBrett Tramposh
SQA job postings are still in abundance, but it is rare to find one that does not include some form of test automation pedigree. Brett will present the topic and then lead the discussion as we explore the various paths to building your test automation acumen, and learn how to add this valuable skill-set to your resume. If you are already an SQA with test automation experience we encourage you to participate and bring your learning forward and into the discussion where we will compare and contrast Computer Science degrees, Code Camps, licensed automation tools such as HP UFT (QTP), test frameworks and scripting tools such as jMeter and SOAPUI. There is much to explore on this topic and we want everyone to leave with a few key areas they can start building on today.
A brief introduction to test automation covering different automation approaches, when to automate and by whom, commercial vs. open source tools, testability, and so on.
The four generations of test automationrenard_vardy
A quick presentation comparing the main five test automation frameworks:
Record and Playback
- Data Driven
- Keyword Driven
- Function Driven
- Behaviour Driven
Then presentation separates the frameworks into generation 1 to 3 and rates them against the goal of test automation.
1. Improve Software quality
2. Early detection of bugs (Defects)
3. Reduce (not introduce) project risk
4. Easy to write and maintain by BA, Testing and technical resources
5. Reduced cost and time of development
DevQAOps - Surviving in a DevOps WorldWinston Laoh
Talk given by Winston Laoh at the QA/LA meetup hosted at Q Los Angeles. The goal of the presentation was to inform and persuade test related engineers on how to integrate into DevOps organizations.
AgileDC15 I'm Using Chef So I'm DevOps Right?Rob Brown
Introduce DevOps to the uninitiated
Demystify the terminology and techno-centric jargon
Provide an assessment model that you can take back to your organization to help establish a baseline of behaviors and practices, and guidance on moving towards more of a DevOps culture
Hear Dan Munz, David Kennedy and Greg Boone discuss how CFPB was born, what challenges they faced and how WordPress became their CMS backbone throughout it all.
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austinMatt Tesauro
An overview of how to change security from a reactive part of the org to a collaborative part of the agile development process. Using concepts from agile and DevOps, how can applicaton security get as nimble as product development has become.
Why your company loves to welcome change but sucks at accommodating itFarooq Ali
The need for sound engineering practices in Agile. A look at a very common Agile anti-pattern (Flaccid Scrum) found in large organizations, and how to fix it.
Talk about Specification by Example. What's the problems it tries to tackle and how to solve them.
I gave this talk at wiggle.com like a brown-bag sessions after attending to a workshop from Gojko Adzic at agiliaconference.com.
How to Add Test Automation to your Quality Assurance ToolbeltBrett Tramposh
SQA job postings are still in abundance, but it is rare to find one that does not include some form of test automation pedigree. Brett will present the topic and then lead the discussion as we explore the various paths to building your test automation acumen, and learn how to add this valuable skill-set to your resume. If you are already an SQA with test automation experience we encourage you to participate and bring your learning forward and into the discussion where we will compare and contrast Computer Science degrees, Code Camps, licensed automation tools such as HP UFT (QTP), test frameworks and scripting tools such as jMeter and SOAPUI. There is much to explore on this topic and we want everyone to leave with a few key areas they can start building on today.
A brief introduction to test automation covering different automation approaches, when to automate and by whom, commercial vs. open source tools, testability, and so on.
The four generations of test automationrenard_vardy
A quick presentation comparing the main five test automation frameworks:
Record and Playback
- Data Driven
- Keyword Driven
- Function Driven
- Behaviour Driven
Then presentation separates the frameworks into generation 1 to 3 and rates them against the goal of test automation.
1. Improve Software quality
2. Early detection of bugs (Defects)
3. Reduce (not introduce) project risk
4. Easy to write and maintain by BA, Testing and technical resources
5. Reduced cost and time of development
DevQAOps - Surviving in a DevOps WorldWinston Laoh
Talk given by Winston Laoh at the QA/LA meetup hosted at Q Los Angeles. The goal of the presentation was to inform and persuade test related engineers on how to integrate into DevOps organizations.
AgileDC15 I'm Using Chef So I'm DevOps Right?Rob Brown
Introduce DevOps to the uninitiated
Demystify the terminology and techno-centric jargon
Provide an assessment model that you can take back to your organization to help establish a baseline of behaviors and practices, and guidance on moving towards more of a DevOps culture
Hear Dan Munz, David Kennedy and Greg Boone discuss how CFPB was born, what challenges they faced and how WordPress became their CMS backbone throughout it all.
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austinMatt Tesauro
An overview of how to change security from a reactive part of the org to a collaborative part of the agile development process. Using concepts from agile and DevOps, how can applicaton security get as nimble as product development has become.
Basic overview of software test types, methodologies.
Explaining and reasons to test and common pitfalls with various testing methodologies.
Example scenarios for the viewer to think about test strategies.
Tips to avoid having to write tests in the first place.
Content created and presented by Nico Heidtke at the "Die Programmierer" meetup organized by Binary-Gears in Darmstadt, Germany at 02.07.2019.
Mobile media module part 6 - app development rev-mfMichelle Ferrier
The Mobile Media Module is designed as a two-week, broad-based study on the mobile landscape that can be applied in many courses.
The program was implemented at Ohio University’s Scripps College of Communication to support our Scripps Innovation Challenge and to build knowledge of the mobile landscape across our communication curricula.
For implementation, we brought in an expert in mobile development to teach in four existing classes over two weeks in Spring 2013. Faculty teaching those classes became the students and built their capacity to teach the material in subsequent semesters.
By “hacking the curriculum” using the “module method,” we were able to reach more than 500 students in one semester with new material.
For more information, contact Dr. Michelle Ferrier, associate dean for innovation, Scripps College of Communication, ferrierm@ohio.edu.
A presentation on PHP's position in the enterprise, its past & present, how to get ready for developing for enterprise.
Inspired by Ivo Jansch's "PHP in the real wolrd" presentation.
Presented at SoftExpo 2010, Dhaka, Bangladesh.
Lean-Agile Development with SharePoint - Bill AyersSPC Adriatics
SharePoint gives us a great platform for developing sophisticated intranet portals and collaboration sites and many other workloads. But it can also be a challenge to use modern software development frameworks like Scrum and XP. Wouldn’t it be great if we could get all the benefits of Agile practices – faster development, predictable deliveries, better quality, less stress and happy stakeholders? In this session we will cover the definitions of Lean, Agile, Scrum, Kanban, XP, and TDD. Then we will look at the specific challenges around Agile SharePoint development and some development techniques to overcome these obstacles. This talk covers both project delivery and engineering. We’ll look at unit tests, integration tests, UI tests, continuous integration and, of course, test-driven development (TDD) with practical experiences from real-life Agile SharePoint projects.
We’re all doing Agile nowadays, aren’t we? We’ll all delivering software in an Agile way. But what does that mean? Does it mean sprints and stand-ups? Kanban even? But what about Extreme Programming? If as a development team we’re not using pair programming, test driven development, continuous integration, and other XP practices, then we’re not really doing Agile software development and we may be on a march to frustration, or even failure.
I’m going to look at why the current trend of companies and projects adopting Scrum, calling themselves Agile, but not transitioning their development to XP, is a recipe for disaster. I’d like to cover the main practices of XP as well as other good practices that can really help a team deliver quality software, whether they’re doing two-week sprints, Kanban, or even Waterfall.
https://www.youtube.com/watch?v=aZgnY9fAHOA
In his recent book, Clean Agile, Robert C "Uncle Bob" Martin chooses Extreme Programming (XP) for the basis of his explanation of Agile because "of all the Agile processes, XP is the best defined, the most complete, and the least muddled."
So why is it that in my professional life I only hear us speaking about Agile in terms of Scrum, Sprints, and possibly Kanban? Often I mention XP and people are not sure what I mean. Am I sure myself?
Coined in 1999 by Kent Beck and Ward Cunningham, XP has been with us for twenty years, but may of its practices have been with us for much longer. Many of them will be familar to you, but did you know they came from XP?
This talk aims to take us back to what XP is, how it fits in the Agile world, how it sits alongside other methodologies, and why, like Uncle Bob, I believe it is the best defined methodology, and what we should all be talking about.
The talk is based on a heavily refactored talk that Mike gave previously at Agile on the Beach conference, updated for 2020.
Given at Ox:Agile Meetup on February 11th 2020: https://www.meetup.com/OXAGILE/events/nxrdmrybcdbpb/
Capability Building for Cyber Defense: Software Walk through and Screening Maven Logix
Dr. Fahim Arif who is the Director R&D at MCS, principal investigator and GHQ authorized consultant for Nexsource Pak (Pvt) Ltd) discussed the capability of building cyber defense in the Data Protection and Cyber Security event that was hosted recently by Maven Logix. In his session he gave the audience valuable information about the life cycle of a cyber-threat discussing what and how to take measures by performing formal code reviews, code inspections. He discussed essential elements of code review, paired programming and alternatives to treat and tackle cyber-threat
Similar to Random thoughts and dev practices / advices to build a great product (20)
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
3. Choose your language
3
Chose and use the language you are the most comfortable with.
• All languages out there have their own
advantages and drawbacks
• They are fairly equivalent and all gives you the
sufficient tools to build your app
• Maybe just try to choose an open source
language
4. Choose your framework
4
You might choose one
• Not choosing an existing framework leads to create
and maintain your own custom one
• There are a lot of good frameworks out there:
Backend: Symfony2, RoR, Django, Express..
Frontend: Ember.js, Angular.js, React, Backbone..
• Choosing a framework will make you code less non-business
centric code and rely on an existing
community for quality, efficiency and velocity for
that.
5. Choose your libraries
5
Don’t reinvent the wheel
• Before coding anything, search if someone did not
already faced your problem and came with an open
source library doing the job
• Look for contributors, recent activity, known
limitations and bugs
• Look for a test suite
• Contribute!
6. Use the right tools
They will ease your life and increase both your productivity
and quality
7. Use the right tools
7
Use a versioning tool (for example, GIT)
• Even alone in a project, more importantly if you
are many, use a versioning tool.
• Git, SVN, Mercurial… but cool kids use Git!
• Couple it with collaborative apps (Github)
• Fork, branch, merge, rebase, push, amend.. use
and abuse git features!
8. Use the right tools
8
Use testing tools & platforms
• Test all your projects
• Use effective and quick command-line unit test
suites (PHPUnit, Qunit,..)
• Use BDD tools (Behat, Cucumber,..)
• Use continuous integration solutions (Travis,
Shippable, CodeShip…)
• Use code coverage tools (but don’t abuse)
9. Use the right tools
9
Use tools to monitor and log
• Log everything (Logstash, Kibana, Loggly,..)
• Monitor your app (Nagios, New Relic, Munin..)
• Log your product features (Mixpanel)
• Log your users (Intercom)
• Log your uptime (Pingdom)
11. Test your application
11
Tests are great
• Tests fix a behavior / function api and ensure
nobody breaks it without noticing in the future
• Tests allows you to break things without fear
when you refactor
• Test might allow you to code faster!
12. Test your application
12
Use unit testing (UT)
• UT are very simple to write, very fast to
execute
• Your more complex and critical parts must be
unit tested
• Run occasionally some coverage to see what
your tests are really testing. 100% coverage is a
lure and the best way to loose time!
13. Test your application
13
Use behavioral and acceptance tests
• Acceptance tests are hard to write but great to
ensure your app is working and your unit tested
modules are doing great together
• End-to-end acceptance tests are longer to be
run, so don’t overdo them and focus on the
most important ones (test only critical paths
and end user success responses)
14. Be agile, have some processes
Scrum, Kanban, and other agile
methodologies..
15. Be agile, have some processes
15
A well coded application needs some development rigor
• Try to forecast the most accurately possible your
upcoming development week (or upcoming two weeks)
• Try to create minimal code tasks with only one
concern, and estimate delays
• A task is not completed until unit tested and human
tested / accepted
• Talk. Every day. With other developers in your team.
Even with your partners or non tech people. Explaining
your problems helps you to order things in your mind!
16. Be agile, have some processes
16
• You might use Scrum from the books, scrum adapted to
your own need, Kanban, other development agile
frameworks…
.. the most important thing is to be able to estimate delays and
plan accordingly to be able to make good code while shipping
fast!
17. Startup 101 business oriented dev™
You’re building your startup app. Ship fast. Iterate fast
18. Startup 101 business oriented dev™
18
Write modular decoupled code
• Wrap almost everything in classes, methods,
providers, factories, adapters.. All your
codebase must be micro-services working all
together
• That means that if you pivot quite often, you’ll
“just” have to refactor some services and
assemble them differently
19. Startup 101 business oriented dev™
19
Do not overcomplicate things
• Do not implement early caching
• Do not implement early complex stack
• Do not over factorize
• Write fast easy to understand and easy to
modify code to ship new features and new
improvements
20. Startup 101 business oriented dev™
20
Monitor & test your code
• Write efficient UT & functional tests
• No more than 60% coverage, only critical parts
and critical user paths
• Watch your logs
• Watch your application performances
• Refacto only if business needed