Integrated Functional and Non -Functional Testing for Agile
|
|
- Anissa Campbell
- 5 years ago
- Views:
Transcription
1 Integrated Functional and Non-Functional Testing for Agile P a g e 1 Integrated Functional and Non -Functional Testing for Agile STC 2013 Arush Gupta Umesh Kanade Harbinger Systems Pvt. Ltd 139, "Siddhant", Survey No. 97/6, Off. Paud Road, Kothrud, Pune , India
2 Integrated Functional and Non-Functional Testing for Agile P a g e 2 Abstract Agile model is based on iterative and incremental development, where requirements and solutions evolve throughout the development life cycle. The success lies in implementing user stories in time boxed sprints with optimal quality. Test Strategy implemented in such practices conforms to functional flows of the application. However, the non-functional requirements are often left for the later iterations. This is in contrast to the principle of early testing. Performance Engineering, Security Analysis and Test Automation are considered as separate areas and are traditionally carried out in an unsynchronized way. Due to lack of an integrated process common challenges and solutions are often not shared between test teams. This paper describes a Test Process Framework to integrate functional and non-functional requirements much earlier in scrum based agile projects. The framework utilizes the benefits of their co-relation and validates design decisions in iterative builds. The paper also presents a case study on implementing this framework, using open source tools primarily Jmeter, Selenium Web Driver and OWASP utilities. The data presented here, is from an ongoing project. Introduction Enterprise applications being developed today implement multiple technologies to achieve user requirements such as real time responses, secure handling of large data sets and rich user experience. There is a constant scope to target greater audience and multiple devices. With such trends, the importance of non-functional testing has greatly amplified along the functional objectives. Early Sprints miss Non-Functional Requirements The traditional agile context does not include stories to describe performance or security goals at module level. These requirements are often defined when major building blocks of the product are already designed and implemented. At this stage, the bug cost is very high and might create significant impact on product design and delivery schedules. Test automation, often starts from the scratch at this point to prepare build verification or regression tests. At this stage, the team has already performed frequent workflows, tedious tasks during the previous sprints.
3 Integrated Functional and Non-Functional Testing for Agile P a g e 3 The major reason behind this delay is the complexity in defining non-functional requirements at granular level. In the early iterations, application UI is also prone to frequent changes due to modifications in user requirements. Coordination Gap across Test Flavors Due to lack of an integrated process, these test activities are often performed in an unsynchronized way and in isolation with each other. Performance team is certainly not benefited by the automation scripts. Also, there is no platform for the performance team to share valuable inputs with the security or functional team. It is very important to consider the fact that security analysis and performance engineering should go hand in hand. Any additional security checks would affect system performance and vice versa. Further, the functional flows from the previous sprints should be validated in an optimal way such that there is minimal rework, and the functional team can focus on the new stories from the existing sprint. Thus, there is a definite need for a systematic approach, which can define functional and non-functional requirements much early in the development cycle. This approach should certainly utilize the benefits of their co-relation, and validate design decisions in iterative builds. Integrated Test Process Framework for Agile Model This Framework is designed to create a collaborative test environment in the existing Agile Model. It is based on agile principles and offers close coordination, parallel execution and high traceability for functional and non-functional requirements in agile projects. The design drives the test activities in parallel, such that one activity compliments the other. Functional tests provide valuable inputs for performance engineering and performance tests can result into valuable inputs for security testing or usability analysis. It closely monitors the scope of sharing solutions for common challenges across the test flavors. It also helps the designers to understand necessary actions for ensuring proper quality of the product throughout the iterative builds. Figure 1 below, depicts basic building blocks in this framework :
4 Integrated Functional and Non-Functional Testing for Agile P a g e 4 Figure 1: Integrated Test Process Framework for Agile Model The framework demands automation expert, performance engineer and security analyst to be on board in scrums right from the design level. The team constantly focuses on the below items: Proposed design, or Implementations for user stories Technologies and protocols being implemented Interaction between various application modules Understanding database and architectural design With the above information in place, test activities are planned with a defined scope and are integrated with the current sprints. Test Automation Strategy At this stage, the purpose of test automation is not to prepare highly configurable end to end automation framework but to develop an automation base. The primary focus is to
5 Integrated Functional and Non-Functional Testing for Agile P a g e 5 avoid any tedious or repetitive work flows being performed by the QA team. Various activities performed in this process are shown in Figure 2. Selecting the Right Tool Tool selection is based on factors such as support for various UI components, ease of implementation, report format and cost. We should also consider the possibilities to consume utility libraries which are already developed for common tasks, across the projects. It is certainly an added advantage, if we can integrate the scripts with other test management tools. Designing Module based Test Repository Test repository has a modular design. It is based on different states or state transitions of the application. The various classes in this repository are developed in parallel with user stories. Figure 2: Test Automation Strategy Designing Utility classes and Low Level Functions The utility classes are prepared to accommodate common actions in the application. This helps in code reusability across various functional flows. Implementing Object Repository An XML based object repository is prepared to store properties of UI elements present in the application. This is important to accommodate frequent UI changes. Any change in the properties is updated at one place and there is no need to recompile the code. Prioritize Work Flows Here is the catch. The functional flows identified for performance analysis are considered as good candidate for test automation. These are rated as high priority test cases and are implemented first. The scripts are prepared based on predefined set of test data and are
6 Integrated Functional and Non-Functional Testing for Agile P a g e 6 shared with the performance team. These tests can be easily executed to avoid repetitive work flows and verify application health at various user loads. Evolving the Test Base Automation base is constantly evolved along the user stories, to accommodate build verification and regression tests. This is achieved with minimal design level modifications. This helps the test team to verify functional flows in iterative builds, with minimal rework and further concentrate on the new stories. Integrating Performance Engineering The framework defines the following activities to be performed for effective integration of performance engineering during the application development: Activity 0 : Test Environment Setup Activity 1 : Identify User Activities Activity 2 : Selecting the Right Tool Activity 3 : Work Load Modeling Activity 4 : Knowledge Management Activity 5 : Test Execution and gathering Results Activity 6 : Result Analysis Activity 7 : Baseline the Readings Test Environment Setup Explore the possibilities to use existing set ups, resources for performance activities. Identify the physical architecture of the system and configure Web, Application and Database servers used by the application. Identify User Activities The activities are identified based on critical transactions and frequent navigation paths in the application. In early sprints, the user activities can be in the form of web service calls or Ajax requests. Since the complete business flow is under development, these requests are considered for initial analysis and can be targeted with an appropriate load pattern. Selecting the Right Tool The choice of performance tool is based on factors such as support for protocols, load scalability cost and other features to simulate network traffic. We should also consider the
7 Integrated Functional and Non-Functional Testing for Agile P a g e 7 possibilities to write our custom logic or execute external code within the performance tool. For example: Open source tools such as Jmeter offers an interface, to run java scripts based on Selenium Web driver. This helps us in reducing manual efforts, as the automation scripts can be easily integrated to verify health of the application during load test executions. Workload Modeling Workload modeling demands deep understanding of the application modules with respect to complete design of the system. In early sprints, the user activity may not match the complete business flow. Thus it is very important to precisely calculate user load patterns. Any hard calculations would raise false alarms and generate invalid results. To get started with our analysis, the work load model should focus on the below items: Identify frequent actions, navigation paths in the application based on the user requirements Model user actions (add think times, avoid redundant requests) Start with a small user load Monitor Response Patterns Increase the user load in next test cycles and observe the below parameters: Response time Throughput (requests served per second) CPU and Memory utilizations on the given servers Database Resources (memory, connection pool numbers, deadlocks) Page Errors Knowledge Management This is an interesting phase in the framework, which offers close coordination across the test flavors. The objective is to share relevant information and executables based on the user stories. The below items are critical to ensure valid results of the tests: Physical Architecture Details (server configurations, logs) Observations (server errors, exceptions, usability issues, functional inconsistencies) Database scripts to create and remove test data. Performance scripts for quick analysis on application traffic Common challenges and solutions
8 Integrated Functional and Non-Functional Testing for Agile P a g e 8 Test Execution and Gathering Results The performance tests are carried out with a specific objective in mind. Multiple test cycles are performed to uncover the bottlenecks. These tests can be broadly divided as: 1. Load Tests: The objective is to identify system response under the given user load. These tests are designed to target peak usage of the application. 2. Endurance Test : The tests are designed to validate the stability of system. The user load is maintained on the servers for prolonged period of time. During test executions, relevant server resources are monitored and recorded. The generated data is used for further analysis. Result Analysis The analysis activities should be goal oriented and should always proceed in an appropriate direction. Based on the nature of the project, important counters are identified that require close monitoring in each test cycle. For ex: In case of Node Js and web socket based web applications, we might want to monitor total socket count on the application server. However this counter may not be critical for a Dot Net based application that requires close monitoring of IIS worker process. With this knowledge, the weak areas that must be uncovered as a part of performance engineering activities during application development are listed below: Long user response time Long server response Memory leaks High CPU usage Request queue length Database deadlocks Http errors, erroneous data returned
9 Integrated Functional and Non-Functional Testing for Agile P a g e 9 Null pointers and Illegal state exceptions Baseline the Readings Critical findings, observations made during the performance activities are shared with design team and stakeholders. In the current iteration, the application is evaluated on the below parameters: Response times for the given actions Bottlenecks uncovered (functions, static classes, DB queries) CPU and Memory Utilizations Error logs and Exception details Usability concerns if any, at the given user load Capacity planning for Production environment Based on the above findings, appropriate fixes are provided by the Design team. This is a continuous process that offers close monitoring of existing implementations, fixes and new stories being developed. It also provides important pointers for capacity planning on Production Environment. Integrating Security Analysis In the traditional agile model, security testing is often left for the later stages and is typically carried out once the performance activities are completed. This is majorly due to strict time bound sprints and limited visibility on mitigating these threats. The analysis typically uses a proxy tool to record, and scan complete application traffic to highlight various vulnerabilities. The application UI is often crawled with these tools to expose various URL s and hidden parameters. The automated tools certainly help in exploring possible vulnerabilities. However, they might not be impressive in exploring business logic defects or identify unnecessary logs created in the database during user interactions. Based on the analysis performed by the security experts, these tools can be used to exploit vulnerabilities in an optimized way. Figure 3, shows various activities to integrate security testing during application development:
10 Integrated Functional and Non-Functional Testing for Agile P a g e 10 Gathering Information Figure 3: Integrating Security Analysis Gather all the possible information about the application and the infrastructure it resides on. Have a separate application instance created for security testing. Monitor the traffic and analyze various protocols being implemented. Analyze session management, passwords, cookie handling in the current build. Understand the business logic for each parameter in various requests and how various modules interact. At this point, the inputs from performance team would be handy as the performance scripts would give an immediate heads up on the application traffic and significance of each parameter. The automation scripts can also be shared to create the required data in the application and avoid frequent reworks. Identify Entry Points Entry points are defined as client side interfaces that are required to send user data to the server. The entry points can be in form of input fields, hidden parameters and cookie data. Designing Penetration Tests Security tests are prepared with a specific objective in mind. The aim is not to create high volume DOS attacks in the current iteration but to identify bugs in Logical Architecture, which covers presentation layer, business layer and the database layer. With the help of intercepting tools or plug-ins, the vulnerable requests are targeted for possible attacks. It is a good practice to validate the application against OWASP (Open Web Application Security Project) top 10 threats. Analyze Results and Share the Possible Exploits The results are closely analyzed to avoid any false positives from the penetration tests. The possible exploits are shared with the design team and typically includes the below items: Request details (Absolute path, parameters, payload method) Response Data (Http code, exceptions, db logs) Impact (Priority, loss to system)
11 Integrated Functional and Non-Functional Testing for Agile P a g e 11 Resolution (Mitigation strategy) Reproduction Steps (Complete scenario details) It is very important to share the above findings with the Performance team as the mitigation strategy might affect system performance. The changes can impact the performance base lines and are required to be evaluated appropriately. Case Study on Implementing Test Process Framework in Agile, using Open Source Tools The assignment is to develop an Online Trading System. With this system, the users can view various active sports events and further place Bids and Asks at real time. The terms Bid and Ask are used to buy and sell contracts during the event. To define the scope for the current iteration, there can be five parallel events and 1000 users are expected to trade at real time. Design team was formed to implement the above stories and followed the agile development model. QA team was also introduced to monitor the designs being proposed and implemented. Following observations were made at initial stages: Technologies Implemented: Grails, Node Js, Ajax, Mongo and Redis DB. Protocols :Https, ws(web socket) Physical Architecture Required: Grails server(apache/tomcat), Node server, Mongo DB and Redis DB Based on the above observations, following objectives were defined for functional and nonfunctional requirements: Validate Create Event and Create Order user stories. Observe system behavior and server resources when an order is created, with load up to 1000 simultaneous users. Observe how modules interact and explore possible security vulnerabilities while creating an Order. We selected Selenium Web driver with Junit to automate the user stories. On performance front, Jmeter with web socket plug-in was implemented. To perform load tests for Create Orders scenario, it was required to create a new event in the application before every test execution. Hence we selected Create Event scenario to be
12 Integrated Functional and Non-Functional Testing for Agile P a g e 12 automated first, and further call this script from the performance tool. Figure 4 below, shows the test automation design which was developed in parallel to the user stories, in the current iteration. Figure 5 below, depicts the integration of selenium scripts in Jmeter. Figure 4:Test Automation Design Figure 5: Integrate Automation Scripts with performance tools This reduced constant reworks by the performance team as the selenium script created new events in the application for placing the orders, and then the load tests were triggered. Also with this script in place, the scenario was easily validated in iterative builds and the functional team was able to focus on the new stories. The automation test repository was further evolved to accommodate Delete Event, Edit Event and Create Order stories such that the complete flow could be validated. Performance tests were designed to target peak usage for placing the orders in the application. The user load was to be scaled from 100 to 1000 users across the test cycles. For 100 users, the results were good. However, for 250 users test we observed high error count. To analyze the root cause, we monitored critical resources on the servers using Sysstat utility available on Linux OS. Looking at the Node server results, we observed a sudden drop in total socket count. To fix the issue, u-limit (user process resource limits) was tuned to 40k on the Node Server. With this change, we were able to scale to 1000 users and the other resources were also monitored. This configuration was further replicated on Production Environment. Figure 6 below, shows the peak socket count on node server before optimization and Figure 7, depicts the peak socket count after the tuning was performed. The graph presented here are for two consecutive test executions:
13 Integrated Functional and Non-Functional Testing for Agile P a g e 13 Figure 6: Total Socket Count Before Server Tuning Figure 7: Total Socket Count After Server Tuning Security Testing was also performed in parallel with the above test activities, for the targeted user stories. The application traffic was closely monitored using OWASP tools such ZAP and Paros proxy to point out the probable requests for exploiting the threats. The performance scripts were also considered to get a quick understanding of various parameters along with the routine analysis. It was observed that the web socket request to create an order did not have any unique parameter, and was vulnerable to Parameter Manipulation attack. With this threat, User A was able to create an order in the system pretending as User B. The finding was shared along with the mitigation strategy. Conclusions Here are some of the conclusions we arrived at, while following this process framework: With functional and non-functional requirements defined and included in the early sprints; performance bottlenecks, security vulnerabilities are uncovered at granular level. This helps in creating a healthy system throughout the sprints. With test automation being implemented at an early stage, functional flows from the previous iterations are validated with minimal efforts, and the team can constantly focus on new stories. By correlating the test activities; common challenges, solutions and valuable inputs are shared throughout the test process. Thus, creating a collaborative test environment. The process also helps the design team on mitigating various threats and optimizing performance breaches. The continuous evaluation process brings in a positive change in attitude of the team, towards meeting the quality standards. With this framework, the team achieved satisfactory results on the production environment as the application was constantly evaluated across the critical parameters.
14 Integrated Functional and Non-Functional Testing for Agile P a g e 14 References Performance Testing Guidance for Web Applications, Microsoft Patterns and Practices. OWASP Project Performance testing with Jmeter Selenium Web Driver Author s Biography Arush Gupta Arush Gupta is a Bachelor of Engineering in Electronics and telecommunication from MIT Academy of Engineering, Pune (Maharashtra).He has got over 4 years of experience in Software Testing. He specializes in designing Test Automation Frameworks for Web-based and Mobile applications. He has also been providing solutions for work load modeling and capacity planning for web applications. Arush is also an EC Council certified Ethical Hacker. Currently Arush works at Harbinger Systems as Senior Software Test Engineer and senior member of Advanced Testing Services group. Umesh Kanade Umesh Kanade is the general manager of technology solutions at Harbinger Systems. With more than 14 years experience, Umesh has been actively involved in designing technology solutions with innovation and passion for a variety of businesses. Umesh heads the proposal engineering and Advanced Testing Services Group. He has been instrumental in driving the research and development portfolios at Harbinger, and is part of designing and delivering enterprise systems with expertise on the latest mobile, cloud, and big-data technologies. Umesh holds a bachelor s degree in computer engineering.
Test Automation Practice STC 2012
Test Automation Practice in Agile Projects STC 2012 www.harbinger-systems.com Abstract Principles of agile Challenges in Test Automation What we should and shouldn t automate Test Automation Frameworks
More informationHP APPs v.12 Solutions for Dev-Ops
HP APPs v.12 Solutions for Dev-Ops Kimberly Fort HP Software July 2014 Kimberly Fort Software Solutions Architect *5 Months with HP *17 Years experience using HP Tools & products *20 Years experience in
More informationWeb Service Testing for the New Digital Age
Web Service Testing for the New Digital Age Harish Auradkar Sr Quality Engineer Deepti Hippargi Sr Software Engineer Allscripts Abstract Most of the companies in the new digital age are adopting the web
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationSOLUTION BRIEF CA TEST DATA MANAGER FOR HPE ALM. CA Test Data Manager for HPE ALM
SOLUTION BRIEF CA TEST DATA MANAGER FOR HPE ALM CA Test Data Manager for HPE ALM Generate all the data needed to deliver fully tested software, and export it directly into Hewlett Packard Enterprise Application
More informationCAPABILITY. Managed testing services. Strong test managers experienced in working with business and technology stakeholders
TESTING SERVICES 1 CAPABILITY Innovative use of open source tools helping early and frequent and reducing license costs Test strategy Managed services Test management Functional Strong test managers experienced
More informationThe New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments
The New Normal Unique Challenges When Monitoring Hybrid Cloud Environments The Evolving Cybersecurity Landscape Every day, the cybersecurity landscape is expanding around us. Each new device connected
More informationMeeting PCI DSS 3.2 Compliance with RiskSense Solutions
Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business
More informationApplication and Data Security with F5 BIG-IP ASM and Oracle Database Firewall
F5 White Paper Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall Organizations need an end-to-end web application and database security solution to protect data, customers,
More informationManual Testing. Software Development Life Cycle. Verification. Mobile Testing
10 Weeks (Weekday Batches) or 12 Weekends (Weekend batches) To become a Professional Software Tester To enable the students to become Employable Manual Testing Fundamental of Testing What is software testing?
More informationCA Test Data Manager Key Scenarios
WHITE PAPER APRIL 2016 CA Test Data Manager Key Scenarios Generate and secure all the data needed for rigorous testing, and provision it to highly distributed teams on demand. Muhammad Arif Application
More informationN different strategies to automate OWASP ZAP
OWASP BUCHAREST APPSEC CONFERENCE 13 OCTOBER 2017 The OWASP Foundation http://www.owasp.org N different strategies to automate OWASP ZAP The OWASP Zed Attack Proxy Marudhamaran Gunasekaran Zap Contributor
More informationWHITE PAPER ENHANCING MANUAL TESTING Xoriant Inc. All Rights Reserved
WHITE PAPER ENHANCING MANUAL TESTING ABSTRACT Manual testing is an important part in the software testing lifecycle of any product. However, effective manual testing cannot be obtained by functional verification
More informationShiftLeft. Real-World Runtime Protection Benchmarking
ShiftLeft Real-World Runtime Protection Benchmarking Table of Contents Executive Summary... 02 Testing Approach... 02 ShiftLeft Technology... 04 Test Application... 06 Results... 07 SQL injection exploits
More informationTechnology. Business Objectives & Challenges. Overview. Technical Solution
Case Study: Apeiro Technologies testing services team helped client successfully implement test automation and significantly reduced test cycle time for their innovative approach to avail healthcare services.
More informationTesting Tools to Support Agile Software Delivery. The Critical Role of Automated Functional Testing in Enterprise Environments
Testing Tools to Support Agile Software Delivery The Critical Role of Automated Functional Testing in Enterprise Environments White Paper September 2008 Contents Executive summary......................................................3
More informationSecurity In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.
Modular Security Services Offering - BFSI Security In A Box A new concept to Security Services Delivery. 2017 Skillmine Technology Consulting Pvt. Ltd. The information in this document is the property
More informationToward an Automated Future
2017 State of the Network Engineer: Toward an Automated Future netbraintech.com Executive Summary Today s enterprises have reached a tipping point when it comes to network management. Networks are growing
More informationsqamethods Approach to Building Testing Automation Systems
sqamethods Approach to Building Testing Automation Systems By Leopoldo A. Gonzalez leopoldo@sqamethods.com BUILDING A TESTING AUTOMATION SYSTEM...3 OVERVIEW...3 GOALS FOR AN AUTOMATION SYSTEM...3 BEGIN
More informationSecure coding practices
Secure coding practices www.infosys.com/finacle Universal Banking Solution Systems Integration Consulting Business Process Outsourcing Secure coding practices Writing good code is an art but equally important
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationMove Performance Testing to the Next Level with HP Performance Center September 11, Copyright 2013 Vivit Worldwide
Move Performance Testing to the Next Level with HP Performance Center September 11, 2013 Copyright 2013 Vivit Worldwide Brought to you by Copyright 2013 Vivit Worldwide Hosted by Megan Shelton Vivit Performance
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More informationMicrosoft SharePoint Server 2013 Plan, Configure & Manage
Microsoft SharePoint Server 2013 Plan, Configure & Manage Course 20331-20332B 5 Days Instructor-led, Hands on Course Information This five day instructor-led course omits the overlap and redundancy that
More informationIntegrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises
Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises AI-driven website & network protection service that secures online businesses from today's
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationChecklist for Testing of Web Application
Checklist for Testing of Web Application Web Testing in simple terms is checking your web application for potential bugs before its made live or before code is moved into the production environment. During
More informationMaster Every Stage of Your Mobile App Lifecycle: Micro Focus Mobile Center. Brochure. Application Development, Test & Delivery
Master Every Stage of Your Mobile App Lifecycle: Micro Focus Mobile Center Brochure Application Development, Test & Delivery Brochure Master Every Stage of Your Mobile App Lifecycle: Center Master the
More informationEnabling Performance & Stress Test throughout the Application Lifecycle
Enabling Performance & Stress Test throughout the Application Lifecycle March 2010 Poor application performance costs companies millions of dollars and their reputation every year. The simple challenge
More informationFinal Paper/Best Practice/Tutorial Advantages OF BDD Testing
Final Paper/Best Practice/Tutorial Advantages OF BDD Testing Preeti Khandokar Test Manager Datamatics Global Solutions Ltd Table of Contents Table of Contents... 2 Abstract... 3 Introduction... 3 Solution:...
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationSecure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO
Secure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO tom.stiehm@coveros.com 1 About Coveros Coveros helps organizations accelerate the delivery of business value through
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationAgile Test Automation Framework - Overhauling the Challenges
Agile Test Automation Framework - Overhauling the Challenges By Merral Crasto Test Lead, IBM India Pvt Ltd. Email: mecrasto@in.ibm.com - 1 - Table of Contents Abstract...3 About IBM India Pvt Ltd...3 The
More informationAgile Manifesto & XP. Topics. Rapid software development. Agile methods. Chapter ) What is Agile trying to do?
Topics 1) What is trying to do? Manifesto & XP Chapter 3.1-3.3 2) How to choose plan-driven vs? 3) What practices go into (XP) development? 4) How to write tests while writing new code? CMPT 276 Dr. B.
More informationAgile Accessibility. Presenters: Ensuring accessibility throughout the Agile development process
Agile Accessibility Ensuring accessibility throughout the Agile development process Presenters: Andrew Nielson, CSM, PMP, MPA Ann Marie Davis, CSM, PMP, M. Ed. Cammie Truesdell, M. Ed. Overview What is
More informationBEHAVIOR DRIVEN DEVELOPMENT BDD GUIDE TO AGILE PRACTICES. Director, Strategic Solutions
BEHAVIOR DRIVEN DEVELOPMENT BDD GUIDE TO AGILE PRACTICES Presenter: Joshua Eastman Director, Strategic Solutions ABOUT THE SPEAKER Josh has over seven years of experience as an accomplished software testing
More informationCIS 700/002 : Special Topics : OWASP ZED (ZAP)
CIS 700/002 : Special Topics : OWASP ZED (ZAP) Hitali Sheth CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering and Applied Science University of
More information01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
More informationAzure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region
Azure DevOps Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region What is DevOps? People. Process. Products. Build & Test Deploy DevOps is the union of people, process, and products to
More informationTrustwave Managed Security Testing
Trustwave Managed Security Testing SOLUTION OVERVIEW Trustwave Managed Security Testing (MST) gives you visibility and insight into vulnerabilities and security weaknesses that need to be addressed to
More informationImplementing ITIL v3 Service Lifecycle
Implementing ITIL v3 Lifecycle WHITE PAPER introduction GSS INFOTECH IT services have become an integral means for conducting business for all sizes of businesses, private and public organizations, educational
More informationUp and Running Software The Development Process
Up and Running Software The Development Process Success Determination, Adaptative Processes, and a Baseline Approach About This Document: Thank you for requesting more information about Up and Running
More informationIntegrated Test Automation Solution for successful Digital Transformation
a t t e n t i o n. a l w a y s. Integrated Test Automation Solution for In Banks and Financial Institutions Practice Head: Janaki Jayachandran Vice President Author: Srinivasan G Sankar Project Manager
More informationNick Coblentz, CISSP Senior Consultant, AT&T Consulting
Nick Coblentz, CISSP Senior Consultant, AT&T Consulting Nick.Coblentz@gmail.com http://nickcoblentz.blogspot.com http://www.twitter.com/sekhmetn This work is licensed under a Creative Commons Attribution-Noncommercial-Share
More informationA NEW GENERATION SOFTWARE TEST AUTOMATION FRAMEWORK CIVIM
1 A NEW GENERATION SOFTWARE TEST AUTOMATION FRAMEWORK CIVIM Balamurali L (Senior SQA Manger), Pradeep P P (Senior Lead Engineer- Testing), Rathish M M (Lead Engineer- Testing) and Sreepooja Anilkumar (Engineer
More informationWHITE PAPER. Moving Fragmented Test Data Management Towards a Centralized Approach. Abstract
WHITE PAPER Moving Fragmented Test Data Management Towards a Centralized Approach Abstract Test Data Management (TDM) ensures managing test data requests in an automated way to ensure a high degree of
More informationBuild a system health check for Db2 using IBM Machine Learning for z/os
Build a system health check for Db2 using IBM Machine Learning for z/os Jonathan Sloan Senior Analytics Architect, IBM Analytics Agenda A brief machine learning overview The Db2 ITOA model solutions template
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationSecurity Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:
Position: Reports to: Location: Security Monitoring Engineer / (NY or NC) Director, Information Security New York, NY or Winston-Salem, NC Position Summary: The Clearing House (TCH) Information Security
More informationEnd-to-End Agile Testing using Incremental Approach for a Leading EIM Solution Provider ATTENTION. ALWAYS.
End-to-End Agile Testing using Incremental Approach for a Leading EIM Solution Provider ATTENTION. ALWAYS. ABOUT THE CUSTOMER Our Customer is one of the global leaders in Enterprise Information Management
More informationContinuous Security. Improve Web Application Security by using Continuous Security Scans
Continuous Security Improve Web Application Security by using Continuous Security Scans 1 The world of software development has changed. Nowadays around 65% of software projects use agile development 1.
More informationBREACH DETECTION SYSTEMS COMPARATIVE ANALYSIS
BREACH DETECTION SYSTEMS COMPARATIVE ANALYSIS Security Thomas Skybakmoen, Jason Pappalexis Tested Products AhnLab MDS Fidelis XPS Direct 1000 FireEye Web MPS 4310 and Email MPS 5300 Fortinet FortiSandbox
More informationApplication. Security. on line training. Academy. by Appsec Labs
Application Security on line training Academy by Appsec Labs APPSEC LABS ACADEMY APPLICATION SECURITY & SECURE CODING ON LINE TRAINING PROGRAM AppSec Labs is an expert application security company serving
More informationTesting is the process of evaluating a system or its component(s) with the intent to find whether it satisfies the specified requirements or not.
i About the Tutorial Testing is the process of evaluating a system or its component(s) with the intent to find whether it satisfies the specified requirements or not. Testing is executing a system in order
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationFROM VSTS TO AZURE DEVOPS
#DOH18 FROM VSTS TO AZURE DEVOPS People. Process. Products. Gaetano Paternò @tanopaterno info@gaetanopaterno.it 2 VSTS #DOH18 3 Azure DevOps Azure Boards (ex Work) Deliver value to your users faster using
More informationBIG-IP V11.3: PRODUCT UPDATE. David Perodin Field Systems Engineer III
BIG-IP V11.3: PRODUCT UPDATE David Perodin Field Systems Engineer III Contents V11.3 Product Update 1. BIG-IP v.11.3.0 (Local Traffic Manager & Access Policy Manager) 2. Advanced Firewall Module (AFM)
More informationAutomated, Real-Time Risk Analysis & Remediation
Automated, Real-Time Risk Analysis & Remediation TABLE OF CONTENTS 03 EXECUTIVE SUMMARY 04 VULNERABILITY SCANNERS ARE NOT ENOUGH 06 REAL-TIME CHANGE CONFIGURATION NOTIFICATIONS ARE KEY 07 FIREMON RISK
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationConnect with Remedy: SmartIT: Social Event Manager Webinar Q&A
Connect with Remedy: SmartIT: Social Event Manager Webinar Q&A Q: Will Desktop/browser alerts be added to notification capabilities on SmartIT? A: In general we don't provide guidance on future capabilities.
More informationProduct Quality Engineering. RIT Software Engineering
Product Quality Engineering Q vs q Quality includes many more attributes than just absence of defects Features Performance Availability Safety Security Reusability Extensibility Modifiability Portability
More informationSECURITY TRAINING SECURITY TRAINING
SECURITY TRAINING SECURITY TRAINING Addressing software security effectively means applying a framework of focused activities throughout the software lifecycle in addition to implementing sundry security
More informationA Strategic Approach to Web Application Security
A STRATEGIC APPROACH TO WEB APP SECURITY WHITE PAPER A Strategic Approach to Web Application Security Extending security across the entire software development lifecycle The problem: websites are the new
More informationSECURITY TESTING PROCESS IN SDLC
Khaja Shariff Page 1 7/20/2009 SECURITY TESTING PROCESS IN SDLC Khaja Shariff Page 2 7/20/2009 Table of Contents 1. Introduction... 3 1.1 Description... 3 1.2. Purpose... 3 2. Security Testing process...
More information90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
More informationA Practical Guide to Efficient Security Response
A Practical Guide to Efficient Security Response The Essential Checklist Start The Critical Challenges to Information Security Data breaches constantly threaten the modern enterprise. And the risk continues
More informationInstructor-led Training Course Catalog
Instructor-led Training Course Catalog January 2018 800.873.8193 sig-info@synopsys.com synopsys.com/software GENERAL DISCLAIMER This document presents details about the training offerings from Synopsys
More informationEARLY AUTOMATION APPROACH
EARLY AUTOMATION APPROACH - By Senthilkumar Gopalakrishnan Senthilkumar.Gopalakrishnan@cognizant.com Abstract: Early Automation approach involves automation team in the early phase of testing lifecycle.
More information"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary
Course Summary Description Securing.Net Web Applications - Lifecycle is a lab-intensive, hands-on.net security training course, essential for experienced enterprise developers who need to produce secure.net-based
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More informationAdopting Agile Practices
Adopting Agile Practices Ian Charlton Managing Consultant ReleasePoint Software Testing Solutions ANZTB SIGIST (Perth) 30 November 2010 Tonight s Agenda What is Agile? Why is Agile Important to Testers?
More informationBuilding a Customized Test Automation Framework Using Open Source Tools
Building a Customized Test Automation Framework Using Open Source Tools August, 2016 Contents Executive Summary...03 Need for Test Automation...04 Overcoming Limitations of Open Source Tools...04 Test
More informationDevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY
DevOps Anti-Patterns Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! 31 Anti-Pattern: Throw it Over the Wall Development Operations 32 Anti-Pattern: DevOps Team Silo
More informationSample Exam Syllabus
ISTQB Foundation Level 2011 Syllabus Version 2.9 Release Date: December 16th, 2017. Version.2.9 Page 1 of 46 Dec 16th, 2017 Copyright 2017 (hereinafter called ISTQB ). All rights reserved. The authors
More informationDe-risk Your Applications. SUBSCRIBE TO EVRY S SECURITY TESTING AS A SERVICE (STaaS) TODAY!
De-risk Your Applications SUBSCRIBE TO EVRY S SECURITY TESTING AS A SERVICE (STaaS) TODAY! With the exponential increase in Web, Mobile, Cloud and IoT applications, the security risks and challenges in
More informationRemedy Application Data Security Risks & Mitigations
Remedy Application Data Security Risks & Mitigations Web-Access related Dinesh Singh Panwar 8/8/2012 This Document describes risks related to web access for Remedy. It also shows how those risks and the
More informationTest Automation Strategies in Continuous Delivery. Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions
Test Automation Strategies in Continuous Delivery Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions The world of application is going through a monumental shift.. Evolving
More informationSIEMLESS THREAT MANAGEMENT
SOLUTION BRIEF: SIEMLESS THREAT MANAGEMENT SECURITY AND COMPLIANCE COVERAGE FOR APPLICATIONS IN ANY ENVIRONMENT Evolving threats, expanding compliance risks, and resource constraints require a new approach.
More informationWhat every IT professional needs to know about penetration tests
What every IT professional needs to know about penetration tests 24 th April, 2014 Geraint Williams IT Governance Ltd www.itgovernance.co.uk Overview So what do IT Professionals need to know about penetration
More informationInternet Scanner 7.0 Service Pack 2 Frequently Asked Questions
Frequently Asked Questions Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions April 2005 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Internet Security Systems (ISS)
More informationForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More informationTesting in the Agile World
Testing in the Agile World John Fodeh Solution Architect, Global Testing Practice 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Outline
More informationReal-time Monitoring, Inventory and Change Tracking for. Track. Report. RESOLVE!
Real-time Monitoring, Inventory and Change Tracking for Track. Report. RESOLVE! Powerful Monitoring Tool for Full Visibility over Your Hyper-V Environment VirtualMetric provides the most comprehensive
More informationAbout Us. Services CONSULTING OUTSOURCING TRAINING MENTORING STAFF AUGMENTATION 9/9/2016
About Us Incorporated in January, 2003 QA and QC in expertise focused on functional, performance and application security validation HPE Software Gold Partner, HPE Authorized Software Support Partner &
More informationDescriptions for CIS Classes (Fall 2017)
Descriptions for CIS Classes (Fall 2017) Major Core Courses 1. CIS 1015. INTRODUCTION TO COMPUTER INFORMATION SYSTEMS. (3-3-0). This course provides students an introductory overview to basic computer
More informationWelcome to this IBM Rational podcast, enhanced. development and delivery efficiency by improving initial
IBM Podcast [ MUSIC ] GIST: Welcome to this IBM Rational podcast, enhanced development and delivery efficiency by improving initial core quality. I'm Kimberly Gist with IBM. Catching defects earlier in
More informationDATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI
DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationWeb Applications (Part 2) The Hackers New Target
Web Applications (Part 2) The Hackers New Target AppScan Source Edition Terence Chow Advisory Technical Consultant An IBM Rational IBM Software Proof of Technology Hacking 102: Integrating Web Application
More informationPracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam
PracticeDump http://www.practicedump.com Free Practice Dumps - Unlimited Free Access of practice exam Exam : AWS-Developer Title : AWS Certified Developer - Associate Vendor : Amazon Version : DEMO Get
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationHow the Cloud is Enabling the Disruption of the Construction Industry. AWS Case Study Construction Industry. Abstract
Case Study Construction Industry How the Cloud is Enabling the Disruption of the Construction Industry Abstract A Minfy-architected cloud solution is helping iquippo, a digital marketplace for the construction
More informationAn Oracle White Paper February Comprehensive Testing for Siebel With Oracle Application Testing Suite
An Oracle White Paper February 2010 Comprehensive Testing for Siebel With Oracle Application Testing Suite Introduction Siebel provides a wide range of business-critical applications for Sales, Marketing,
More informationIntroduction to Data Science
UNIT I INTRODUCTION TO DATA SCIENCE Syllabus Introduction of Data Science Basic Data Analytics using R R Graphical User Interfaces Data Import and Export Attribute and Data Types Descriptive Statistics
More informationVulnerability Assessment with Application Security
Vulnerability Assessment with Application Security Targeted attacks are growing and companies are scrambling to protect critical web applications. Both a vulnerability scanner and a web application firewall
More informationJ2EE DIAGNOSING J2EE PERFORMANCE PROBLEMS THROUGHOUT THE APPLICATION LIFECYCLE
DIAGNOSING J2EE PERFORMANCE PROBLEMS THROUGHOUT THE APPLICATION LIFECYCLE ABSTRACT Many large-scale, complex enterprise applications are now built and deployed using the J2EE architecture. However, many
More information