Page History
...
The testing pyramid is often used in agile environments to setup set up a testing strategy. In this video (click to view) the quality pyramid is explained on a basic level, but also the advantages of using the tesing testing pyramid. At Blueriq we use this pyramid to setup up our automated test. This to benifit benefit the most of the automated tests.
http://www.agilenutshell.com/episodes/41-testing-pyramid
...
In most organization, the testing pyramid is used inverted inverted (see picture below). This is because most projects create a lot of tests on their user interface by using *Selenium for example (or any other automated framework). To make the feedback loop as short as possible it is advisable to change this inverted way of working so that the most tests are created as described in the testin testing pyramid in the previous paragraph. This will result in:
...
The graph of Boehm visually describes that costs will exponential increase when bugs are found in the development procesprocess. This supports the integration of early testing in the agile sprint teams and getting the most tests within the development (In in the scrum team).
Using the test pyramid, you can draft a teststrategy test strategy against a standard setup of Blueriq. Which is made visible in the picture below.
...
Mapping a standard Blueriq enviroment environment on the testing pyramid , gives the following insight:
...
In this combined model of Blueriq and the testing pyramid, most of the tests are on the lowest level of the pyramid. This will result in the following benefits:
...
In the previous chapter is a visual image of the testing strategy. In this chapter we want to give an example on how the Agile testing quadrant can be implemented (Who, Why and How ?).
For the Q3 quadrant (business facing) we don't have a proposal , because this is always customer specific.
The links in the colums column 'Tools which can be used' and 'Used at Blueriq' are clickable for more information on the given testing test tools.
Testing type | Possible Assignees | Targeting | Reasoning | Tool which can be used | Used at Blueriq |
|---|---|---|---|---|---|
Unit testing Model testing (Q1) | Business engineers and testers | All the new models | Ensuring that the model is correctly developed. According to standards | ||
API/ Logic/ Page models (Q2) | Business engineers and testers | Functionalities implemented in new stories/ past issues or bugs with high recurrence. Testing on the page modelling modeling and exposed services | Checking to see if the Runtime is working correctly on the developed models, both functional and remaining logic which isn't tested in the unit/model layer. | • Cucumber • Selenium • Ranorex • Etc | •Ready API / Soap UI |
GUI testing (Q2) | Testers | The graphic interface and it’s logic, For example, the view controller | Making sure no GUI related bugs are introduced when committing new code | • Testcafe • Other capure capture and playback tool | •Backstop JS |
| User testing (Q3) | Customer specific | The actual future user is testing the software. This to check the interaction between the users and the software. | Ensuring that the user has the correct interaction with the software and that the user can interact with the software | Manual interaction of the customer is needed. | Manual interaction with the users |
Performance (Q4) | Development team/ External expertise (Testers) | All the Blueriq components (Studio, Runtime, Publisher) | Verifying how Blueriq behaves when it comes to processing time and reliability | •Apache JMeter | |
Security (Q4) | Development team/ External expertise (Testers) | The Runtime and its relation to other third parties’ components. | Keeping and improving security standards for our application | • OWASP ZAP |
...
The at Blueriq designed performance test gives the option to run the performance test on an environment where Blueriq is implemented. This can be used as an insight for the environment setup. By using the complete performance test project that Blueriq has developed, it is possible to test the IT enviroment environment of the deployed Blueriq application. If there are significant differences in the results between Blueriq and the specific installation, then there could be hardware hardware issues involved (server/network / client etc.). After doing this initial check it is advised to create a performance test with, for example, JMeter in youw your own enviromentenvironment. As an advice to our customers, we strongly advise to include perfromance performance test from the beginning of the project, this way the performance can be monitored from the start and you can make lower the risks of not having an acceptable performancewhen performance when introducing apllications applications with Blueriq.
Performance information:
...
For more information on these performance services please contact our support desk.
Security
“Testing is an infinite process of comparing the invisible to the ambiguous in order to avoid the unthinkable happening to the anonymous.”— James Bach
...
Keep in mind that it's advisable that a penetration test will always be advised on a production enviroment, environment before your Blueriq application goes live
...
Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities in 3rd party components. This dependency checker is integrated in into our Jenkins CI server. Currently Java and .NET are supported. The OWASP Dependency-check is used to scan our dependent libraries to identify any known vulnerable components. The core engine contains a series of analysers analyzers that inspect the dependencies, collect pieces of information about the dependencies (referred to as evidence within the tool). The evidence is then used to identify the Common Platform Enumeration (CPE) for the given dependency. If a CPE is identified, a listing of associated Common Vulnerability and Exposure (CVE) entries are listed in a report.
Dependency-Check updates using the NVD Data Feeds. For more information about the dependency, checker see: OWASP dependency plugin (Jenkins). The standard libraries with Blueriq are checked this way. When using extra libraries, it would be advisable to run tool also over the extra libraries.
...
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It is used as a proxy to run selenium tests through and then ZAP can spider further throughout the complete application. ZAP will attack the application with the most popular (OWASP top10) attacks like injections, clickjacking, xssXSS, csrf etc. ZAP should also run every night so you are sure that no important vulnerabilities are being introduced by the new code.
...
Overview
Content Tools