Page History
...
“The definition of insanity is doing the same thing over and over again and expecting different outcomes.” – Einstein
Worked out the agile testing quadrants
Testing type | Possible Assignees | Targeting | Reasoning | Tool which can be used |
|
Model testing (Q1) | Business engineers and testers | All The new models | Ensuring that the Model is correctly developed. According to standards | •Blueriq Model Insight •Blueriq Model Analyzer •Studio Unit tests | |
API/ Logic/ Page models (Q2) | Business engineers and testers | Functionalities implemented in new stories/ past issues or bugs with high recurrence chances. Testing on the page modelling and exposed services | Checking to see if the Runtime is working correctly on the developed models | •SoapUI NG •Cucumber •Jmeter •Telerik •Selenium •Ranorex •Etc | |
GUI testing (Q2) | Testers | The graphic interface and it’s logic, For example the view controller | Making sure no GUI related bugs are introduced when committing new code | •Selenium web driver •Testcafé •Nightwatch •Capure and playback tool | |
Performance (Q4) | Development team/ External expertise (Testters) | All the Blueriq components (Studio, Runtime, Publisher) | Verifying how Blueriq behaves when it comes to processing time and reliability | •Jmeter •Load UI | |
Security (Q4) | Development team/ External expertise (Testers) | The Runtime and its relation to other third parties’ components. | Keeping and improving security standards for our application | •OWASP ZAP •Burp suite |
- How?
- Unit tests
- BMA (/ BMI)
- ReadyAPI
- Front-End full stack (?)
- Performance
- Link to performance test page
Performance |
Performance
“Just as athletes can’t win without a sophisticated mixture of strategy, form, attitude, tactics, and speed, performance engineering requires a good collection of metrics and tools to deliver the desired business results.”— Todd DeCapua
With the introduction of Blueriq 9.9 performance test are introduced with Blueriq, for more information on this topic, see: i. https://my.blueriq.com/display/DOC/Performance+Reports
- Explanation that it is possible to test the landscape with our test project.
Blueriq's flexibillity gives us the option to run the performance test on your enviroment, to use as an insight of your own enviroment. i. By using the complete test project that Blueriq supplies, it is possible to test the landscape that your application will run in. If there are significant differences in the results from Blueriq and on location, then there is a big chance there are some hardware issues involved (server / network / client etc.). After doing this initial check it is always wise to create a performance test yourself with, for example, jmeter. This way you will know that the performance of your application is not decreasing a lot by publishing the new code.
- Security
- OWASP Dependency Checker
decreasingwith the introduction of new code. For more information about this service please contact our service desk.Security
Security
“Testing is an infinite process of comparing the invisible to the ambiguous in order to avoid the unthinkable happening to the anonymous.”— James Bach
Developing secure software is critical to a company’s reputation and bottom line. Blueriq customers feel the legal and financial pressure to assure the security of their (mission-critical) applications and have strong regulatory and privacy requirements to protect private data. Therefore security at Everest is treated at highest priority in the development of Blueriq. For are customers we have the following advice to introduce in your agile development proces.
Keep in mind that it's advisable that pentration test should always be executed before going live on your own enviroment.
OWASP Dependency Checker
Dependency-Check i. The dependency checker by OWASP is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities in 3rd party components. The dependency checker should run every night to be sure that no libraries with known vulnerabilities are being used by your (web-)application.
- OWASP ZAP
This dependency checker is integrated in our Jenkins CI server. Currently Java and .NET are supported. The OWASP Dependency-check is used to scan our dependent libraries to identify any known vulnerable components. The core engine contains a series of analysers that inspect the dependencies, collect pieces of information about the dependencies (referred to as evidence within the tool). The evidence is then used to identify the Common Platform Enumeration (CPE) for the given dependency. If a CPE is identified, a listing of associated Common Vulnerability and Exposure (CVE) entries are listed in a report.
Dependency-check updates using the NVD Data Feeds. For more information about the dependency checker see: https://wiki.jenkins.io/display/JENKINS/OWASP+Dependency-Check+Plugin
OWASP ZAP
i. The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It is used as a proxy to run selenium tests through and then ZAP can spider further throughout the complete application. ZAP will attack the application with the most popular (OWASP top10) attacks like injections, clickjacking, xss, csrf etc. ZAP should also run every night so you are sure that no important vulnerabilities are being introduced by new code.
...
- Automated Regression
- Automated ZAP runs
- Automated Dependency Checker
For more information
...