Skip to content

Feed aggregator

Sauce Labs Makes Testing Awesome (VIDEO)

Sauce Labs - Thu, 04/17/2014 - 18:00

Sick of maintaining test infrastructure? Can’t keep up with supporting the latest Firefox or Chrome? Let Sauce help! We’re on a mission to make testing mobile and web applications fast, easy and affordable for developers. 

With support for 300+ browser / OS platforms, Sauce Labs make running and scaling Selenium, JavaScript Unit testing, and mobile testing a breeze. Watch the video below to learn more, or just visit It’s free to get started.

Categories: Companies

Are “Ready For” Columns on Kanban Boards The Enemy of God?

James Betteley's Release Management Blog - Thu, 04/17/2014 - 17:57

This is going to be a quick rant post, hopefully. Today I saw another Kanban board which had a “Read for test” column on it, here’s the screenshot:

Not 1 but 2 "Ready for" columns!

Not 1 but 2 “Ready for” columns!


I Think “Ready For” Columns Are Baaaaad

With most Kanban boards you mark a card as done when it’s ready to be pulled into another column. If that means it has to be deployed before a card is ready for test then so be it. The last thing we want is cards just sitting around waiting – this is baaaaaad. “Ready for Test” usually means it’s either deployed (and yet to be tested) or waiting to be deployed. Either way, not much is happening to the work sitting in this column. Basically it’s waste (or “muda” as the Lean Kanban aficionados might call it), and remember, waste is baaaaad.


Seriously, I Think They’re Baaaaad

A result of using these “Ready For x” columns is that they tend to slightly move us away from the “stop the line” practice that good Lean/Kanban systems employ. Basically whenever there’s a problem, or a bottleneck is appearing, we want to stop the production line and address the issue. So, if we keep all these “Ready for QA” cards in our In Dev or Code Review Column (basically whatever column comes before your Ready for QA column) then we’ll very quickly reach our WIP (Work In Progress) limit and the line will be stopped. That’s a good thing! We want to catch that bottleneck as soon as we can, we don’t want to hide it by pushing our cards into another “buffer” column.


Did I Mention That I Think “Ready For” Columns in Kanban Are Baaaaaad?

Yet another problem with “Ready for x” columns is that they quite often tend to be push rather than pull columns. You can’t really pull into a Ready for QA column as it isn’t an actual “workflow” state, it’s a “wasteflow” state (see what I did there?). I mean, who’s going to pull stuff into that column anyway? I’ve yet to meet a “ready for test” team who just sit around pulling cards into their column before marking them as “ready” (presumably once they’ve verified that they are indeed ready for test). Ok, you might have a deployment team who are responsible for deploying stuff to your test environments and so forth. In this case, your workflow state still isn’t “Ready for test” it’s “In Deployment”.



“Ready for x” columns make baby Jesus cry.

Categories: Blogs

Improved File Search: What You Need to Know

Assembla - Thu, 04/17/2014 - 16:11

With the recent file search improvements, it is now easier to find the files you are looking for when you need them. With every file upload, we now index all the following elements: file name, tags, mime-type (media type), and author.

  • File Name: We now apply a word delimiter filter that splits words into subwords based on intra-word delimiters such as case transitions ("PowerShot" → "Power", "Shot"), letter to number transitions ("SD500" → "SD", "500"), and characters ("Wi-Fi" → "Wi", "Fi").
  • Tags: If you add the optional tags to a file, you can easily include a tag in the search parameters to locate the file.
  • Mime Type (Media Type): When a file is uploaded, it will be indexed with a media type such as hello.png will include “image/png” so it can be found with a search for “hello” or “image” or “png” or any combination like “hello image.” Almost all files have a mime type such as word, excel, zip, pdf, etc., and we now index them so you can locate your files easier.
  • Author: The author field consists of the user’s first name and last name as displayed in their profile as well as username. Usernames are also use the same word delimiter to split usernames into subwords. So if John Smith with username JohnRocks uploads a file, you can search for that file with “john” or “smith” or “johnrocks” or even just “rocks.”

Most importantly, the default logical search operation has changed to search for words using AND instead of OR when using a combination of words. For example, when you search “john image” it will return back anything that is an image AND that was uploaded by John.

We hope these improvements make file searching more efficient. If you have any other suggested improvements, please let us know on our feedback site.

Check out some other Assembla tips and tricks!

Categories: Companies

Appvance Adds JMeter Testing To PerformanceCloud

SQA Zone - Thu, 04/17/2014 - 11:30
Appvance has announced the addition of JMeter compatibility in Appvance PerformanceCloud, its next generation cloud testing platform that combines functional, performance, stress, load tests and APM. JMeter is widely used by individual software p ...
Categories: Communities

JMeter Testing Added To Appvance PerformanceCloud

Software Testing Magazine - Thu, 04/17/2014 - 11:27
Appvance has announced the addition of JMeter compatibility in Appvance PerformanceCloud, its cloud testing platform that combines functional, performance, stress, load tests and APM. JMeter is widely used by individual software performance engineers and testers. PerformanceCloud provides large organizations with a standard way to roll-out and maintain JMeter tests through standard grid and cloud test server infrastructure, test management services, and Agile processes. Appvance PerformanceCloud (APC) is the first beginning-to-end test system which accurately drives 100% of the actual user interactions, even with complex HTML5 and AJAX client-side code. Apache JMeter ...
Categories: Communities

Testing Ember.js JavaScript Applications

Software Testing Magazine - Thu, 04/17/2014 - 11:22
Ember.js is an open-source client-side JavaScript web application framework based on the model-view-controller (MVC) software architectural pattern. It allows developers to create scalable single-page applications by incorporating common idioms and best practices into a framework that provides a rich object model, declarative two-way data binding, computed properties, automatically-updating templates powered by Handlebars.js, and a router for managing application state. The Ember.js documentation contains a full section that explains how to perform integration and unit testing of applications developed with this framework. The Ember testing guide provides best practices and examples on ...
Categories: Communities

Upcoming European Training Courses

Ranorex - Thu, 04/17/2014 - 10:00
We are very pleased to remind you about our upcoming European Ranorex training courses, scheduled for June.

During the 2-day training workshops participants learn about the fundamentals of test automation and get to practice how to use Ranorex tools hands-on. 

Jun 2-3

09:00AM - 04:30PM GMT

Ranorex Studio Introduction Training Course

London, UK

Jun 3-4

09:30AM - 05:00PM CET

Basisschulung – Test-Automatisierung mit Ranorex

Frankfurt, Germany

Please have a look at the upcoming training events schedule for the complete schedule.

We look forward to seeing you there!

Categories: Companies

Very Short Blog Posts (16): Usability Problems Are Probably Testability Problems Too

DevelopSense Blog - Wed, 04/16/2014 - 21:04
Want to add ooomph to your reports of usability problems in your product? Consider that usability problems also tend to be testability problems. The design of the product may make it frustrating, inconsistent, slow, or difficult to learn. Poor affordances may conceal useful features and shortcuts. Missing help files could fail to address confusion; self-contradictory […]
Categories: Blogs

Saving you from Heartbleed

Kloctalk - Klocwork - Wed, 04/16/2014 - 18:39

Last week we talked about the flaw in OpenSSL known as “Heartbleed” and it’s massive impact on websites and users around the world. We also mentioned how open-source scanning and support tools, such as OpenLogic, report this flaw. Today, we look at how Klocwork handles the issue.

Out of the box

The root cause of the Heartbleed issue is that a request to retrieve server memory for OpenSSL’s heartbeat function isn’t validated, resulting in an array access through memcpy() potentially accessing data beyond the length of the array (and into memory that could contain sensitive information). Due to the use of a macro in the OpenSSL code that performs this function, this “tainted data” breach requires a few simple overrides that are fairly common practice when ensuring the analysis understands your project’s unique code.

Here is the relevant OpenSSL code with some interesting lines highlighted (click to enlarge):

Heartbleed code

The main culprit is the memcpy() on line 1487 where payload bytes is copied from pl to bp. Since payload isn’t validated anywhere, it’s possible that more bytes than pl contains are copied into bp, resulting in unknown memory copied into bp. This memory is eventually transmitted to the outside world (see lines 1492 and 1495).

Looking at line 1464, you’ll see why some analysis overrides are needed. The difficulty here is the n2s() macro used to extract payload from p, where p is defined on line 1457 as &s->s3->[0]. This macro effectively “hides” the propagation of data through the function and, of course, the analysis needs to know about it to be effective.

Start tuning

Using an override file and a custom knowledge base record, it’s pretty simple to tune Klocwork’s analysis to find this flaw. You don’t need any special version or upgrade to do this and, in fact, this is fairly common practice. First, create an override file that contains this macro override (the file must have a .h extension, so you can call it n2s.h):

#kw_override n2s(p, num) n2s_func((p), &(num))

This tells the Klocwork compiler to expand all instances of the n2s() function in the source code to the analysis-specific definition specified here, n2s_func(). Then, create your own knowledge base record to help Klocwork understand this particular macro (you can name the file n2s.kb):

n2s_func - TaintedIntData *$2

This record says that the function here returns potentially tainted integer data if the second argument points to a buffer that may contain tainted data (you can learn more about this syntax here). Once this tuning is done and an analysis performed, Klocwork reports the flaw as SV.TAINTED.CALL.INDEX_ACCESS or, an unvalidated integer is being used to access an array (click to enlarge):

This tuning of Klocwork’s analysis isn’t specific to the Heartbleed problem but it does provide a real (and unfortunately, popular) example of how static code analysis can prevent some fairly serious issues.

And, in case you’re wondering, here’s how a comprehensive open source scanning and support tool like OpenLogic flags the issue (click to enlarge):

Categories: Companies

Improving Software Quality with SonarQube

Testing TV - Wed, 04/16/2014 - 18:22
Software quality is about a lot more than slinging good code. As a developer you use numerous tools, techniques, processes and frameworks as you write, organize, build, test, refactor, and continuously improve your applications. SonarQube (formerly Sonar) is an open source quality management platform, dedicated to continuously analyze and measure source code quality. It makes […]
Categories: Blogs

Ask a Selenium Expert: Selenium Test Report Example

Sauce Labs - Wed, 04/16/2014 - 18:00

selenium testing & sauce

This is part 2 of 8 in a mini series of follow-up Q&A’s from Selenium expert Dave Haeffner. Read the first Q&A here.

Dave joined us and led our recent webinar, “Selenium Bootcamp“, wherein he discussed  how to build out a well factored, maintainable, resilient, and parallelized suite of tests that will run locally, on a Continuous Integration system, and in the cloud.

He’s also agreed to respond to 8 of the many follow-up questions we received post-webinar. Below you’ll find the second Q&A. Stay tuned next Wednesday for the next question.

2. ­Can you please show some examples of a Selenium test report?

Here are two examples:

-Dave Haeffner, April 9, 2014

Can’t wait to see the rest of the Q&A? Read the whole post here.  Get more info on Selenium with Dave’s book, The Selenium Guidebook, or follow him on Twitter orGithub.

Have an idea for a blog post, webinar, or more? We want to hear from you! Submit topic ideas (or questions!)  here.

Categories: Companies

Active Directory plugin improvements

One of the few plugins that I still personally maintain is Active Directory plugin. In the past few months, I've been making steady improvements in this plugin, thanks to various inputs and bug reports given to me from the ClodBees customers.

One of the recent fixes was to get the "remember me" feature finally working for Active Directory. This requires a relatively new Jenkins 1.556, but it eliminates the need to having to constantly type the password in.

Then I've rebumped the version of COM4J, which was causing a thread leak when Jenkins runs on Windows. If you are running a Windows deployment with lots of active users, this probably would have contributed to the instability of Jenkins.

And then lastly, a small but crucial improvement was made to the way we search group membership, so that we can avoid recursively searching AD. This should result in a significant speed improvement when you are logging into Jenkins through AD.

The latest version of the plugin as of writing is 1.37. I hope you'll have a chance to update the plugin soon.

Categories: Open Source

Collective Noun for Testers?

The Social Tester - Wed, 04/16/2014 - 17:57
The other day I tweeted a picture of our test team testing together as a group (for the first time) in our new test lab. I asked “What do you call a collection of...
Categories: Blogs

Klaros-Testmanagement is now also available in the cloud

SQA Zone - Wed, 04/16/2014 - 16:43
The professional tool for the organization, maintenance and evaluation of test cases and test data in quality management is now also available as Software as a Service. This means that the software can be used as a service on the internet in the ...
Categories: Communities

Health care devices introduce cybersecurity complications

Kloctalk - Klocwork - Wed, 04/16/2014 - 14:30

The world is becoming more digital, and the health care landscape is no exception. While the proliferation of mobile devices in hospitals and other caregiving facilities can improve the productivity of workers and make it easier for physicians to access critical information on patients, the unfiltered presence of those platforms and the applications they utilize can introduce substantial cybersecurity concerns.

InformationWeek recently highlighted a new SANS Institute survey that looked into millions of endpoints throughout the health care environment, revealing numerous patching problems and fundamental vulnerabilities in the mobile device realm that could compromise personal and financial data integrity, as well as the reputations of the organizations in question. Specifically, experts told InformationWeek that approximately 375 health care networks were compromised by attackers during the 13-month research period.

"We were shocked at [the number of] devices that were wide open to the Internet that would provide adversaries with considerable power and access not only for a breach, but – for those who are skilled – even to conduct malicious acts," cybersecurity expert Sam Glines told InformationWeek.

While there seem to be a number of factors contributing to the growing risk facing the health care IT security environment, poorly configured and generally unsafe devices are largely to blame.

The problem with careless devices
While the term "device" is widely associated with smartphones and tablets, the concept also includes routers and other technologies used to connect to the Internet. Routers in particular are a common link in the poor cybersecurity chain. Citing experts from security firm Tripwire, InformationWeek noted that many platforms are unsafe straight out of the box, which suggests that if organizations do not take any proactive measures to mitigate risk, they may encounter severe vulnerabilities down the line.

"All of these compromised devices, not only are they available to be used for a breach of data, but they're also used as attack points against other adversaries," Glines told InformationWeek.

In other words, unsafe devices provide cybercriminals with more launch​ pads for attacks on confidential networks and IT environments that house highly confidential information. One of the best ways to combat these challenges and other vulnerabilities being introduced to the health care industry is to ensure the embedded software within those devices is secure and robust enough to mitigate risk on multiple levels.

Developers who are charged with the responsibility of creating and launching applications in the health care realm must be sure the end products they create are not vulnerable in any way. This means utilizing code review platforms that provide developers, quality assurance and other professionals insight from multiple perspectives throughout the development process. When these technologies are used correctly, applications are generally produced with fewer weaknesses than if developers streamlined the process without any input from others.

As the Internet of Things grows more pervasive, health care executives must be prepared to combat an increasingly sophisticated digital threat landscape. Taking a robust and comprehensive approach to cybersecurity will be among the only ways to mitigate risk.

Categories: Companies

Top 3 PHP Performance Tips for Continuous Delivery

Are you developing or hosting PHP applications? Are you doing performance sanity checks along your delivery pipeline? No? Not Yet? Then start with a quick check. It only takes 15 minutes and it really pays off. As developer you can improve your code, and as somebody responsible for your build pipeline you can automate these […]
Categories: Companies

Conducting a Root Cause Analysis in TestTrack

The Seapine View - Wed, 04/16/2014 - 12:30

Is your team currently conducting root cause analysis (RCA) investigations? If not, they’re a great way to identify deep-rooted issues that have the potential to create multiple and/or recurring defects in a product line. Of course, you can do RCA sessions with documents or spreadsheets. But using TestTrack makes the analysis process less time-consuming and, therefore, more likely to actually be done.

This short video provides a high-level overview of how to conduct an RCA investigation with TestTrack. 

Share on Technorati . . Digg . Reddit . Slashdot . Facebook . StumbleUpon

Categories: Companies

As Retailers Boost IT Spending, Be Mindful of the Minefields

By George Wilson Research out this week has earmarked the retail sector for soaring IT investment in 2014, with websites, mobile and IT system replacement being top of their wish lists. Law firm TLT has found that two thirds of the UK’s top 60 retailers expect their firms to grow this year and 80 per […]
Categories: Companies

Knowledge Sharing

Telerik Test Studio is all-in-one testing solution that makes software testing easy. SpiraTest is the most powerful and affordable test management solution on the market today