Tag Archives: company

How to create a realistic enterprise strategy for cloud computing

Cloud computing has commoditized IT infrastructure and allows companies of all sizes to be more agile and cost efficient, but heed this caution — it isn’t for everything.

In developing their strategy for cloud computing, enterprises need to keep in mind that there are applications that are terrible candidates for cloud, just as there are systems that lend themselves to the cloud. In any case, it’s worthwhile to take a look at what has value that public cloud services can bring to the enterprise, said David Linthicum, senior vice president at Cloud Technology Partners, during his Rethinking Enterprise Computing presentation at the Modern Infrastructure Decisions conference here this week.

"If you understand that this is just a platform change, it’s not so scary," he said. "We have all moved to new technology … with cloud; we are just using things we don’t own that sit on the open Internet."

In some cases, that is certainly a nerve-wracking proposition. But it makes sense in others. For example, retailers that need to scale up or down quickly or expand storage at low cost find the cloud to be a good option and should develop a strategy for cloud computing.

Many businesses use public cloud to extend their data center in that way; they add capacity or use the cloud as a backup data center, said Kris Bliesner, CEO of 2ndWatch, a Seattle-based Amazon Web Services integrator. "It can be a lot cheaper to store your archives in a cloud," he said. "[Cost] can get down to a penny a gig, which is much cheaper than tape."

Cloud has also become a good place for DevOps around the use of Platform as a Service. Also, large and highly expandable data systems work in the cloud, and cloud services make sense for new or small businesses, Linthicum said. "Most of Amazon’s business comes from small businesses," he said. "The $2 billion they made is all mom-and-pop shops that can’t afford their own IT."

Also, many companies use Software as a Service (SaaS) versions of enterprise apps, or their strategy for cloud computing is to use the cloud for high-performance computing on demand or Office automation apps, such as Office 365. Part of the appeal of SaaS is access to the latest software versions. "Being on O365 or a SaaS solution like that frees you up from the upgrade challenges," Bliesner said.

What not to put into the cloud
On the flip side, most legacy systems are poor cloud candidates, in part because they are tough to migrate to a public cloud. Systems that require a high degree of security or require a lot of regulatory control don’t belong in the cloud, either. "We use the cloud only for apps that we don’t have to worry about, security wise," said Ashish Patel, head of storage infrastructure for a financial asset management firm on the East Coast. "Things that are already public knowledge, we put in the cloud."

However, the fears around using cloud based systems typically are inaccurate, according to Linthicum. "If you think correctly about security in the cloud, it will probably be as secure as your on-premises systems," he said. "Just don’t do stupid things."

Enterprises with substandard network infrastructure shouldn’t move to the cloud either. In fact, in many cases, a move to the cloud would require a network infrastructure upgrade, Linthicum said. Very few people at the session, which had more than 100 attendees, indicated by a show of hands that they believe their network is ready for the cloud.

Also, companies shouldn’t put things into the public cloud that need to be tightly integrated with local systems and data.

And since the public cloud is a good way to circumvent infrastructure upgrade costs, enterprises that have recently made significant investments in hardware and software shouldn’t move to the cloud, Linthicum said. "If you have just made big investments, you have just eliminated the economic viability of the cloud," he said.

Building a strategy for cloud computing
Companies that want to begin their move to the cloud should put together an actionable, funded plan that includes realistic benefits and a five-year roadmap. "It is a long-term systemic change that requires support from the top," Linthicum said.

Everyone has their own approach, but there are some general guidelines. A cloud migration plan starts with understanding your business, your users and your technology. Then define your objectives while keeping security, governance and performance in mind, Linthicum said.

While many companies look to cloud as a way to reduce costs, the operational return on investment isn’t important; most of the money with cloud is made around the business agility it affords. "Business agility is the reason to leverage this technology," Linthicum said.

Source: http://searchcloudcomputing.techtarget.com/news/2240181341/How-to-create-a-realistic-enterprise-strategy-for-cloud-computing

Did you like this? Share it:

Software testing lifecycle: Dealing with security

Addressing security is an essential step in the software testing lifecycle. Yet many QA professionals remain reluctant to assume some responsibility for it. Although security testing can be complex, it is important for software testers to understand the security risks of the applications they test and acquire skills to develop test cases that will expose security vulnerabilities. In this tip, we will look at ways the software test professional can get started with risk-based security testing.

Risk-based thinking
As technology has evolved, security has become an increasingly large concern in the software testing lifecycle. With increased connectivity using the Internet, smartphones, refrigerators, cars and devices of every sort, the risk of security breaches increases, too. At the same time, the growing complexity and extensibility of systems adds to security testing challenges.

As SearchSoftwareQuality site editor Jennifer Lent writes in "Security testing basics: QA professionals take the lead," test professionals are being asked to assume some responsibility for security testing basics. Testers need to use risk-based thinking to assess areas of the code that are at highest risk for security breaches. Start by understanding the probability that a breach might occur, as well as the potential impact of a breach. Areas at highest risk are those with the greatest impact and greatest probability of occurring.

In order to address security concerns most effectively, testers need to work closely with developers, and that involves some exposure to the code. The entire team should be thinking about security early in the development cycle. Requirements and design need to take security into account, and unit testing must be expanded to include security tests.

The first step is to understand the business risks that might be exposed by the application. Is there a possibility of a financial loss? Is there a security exposure that might result in a liability? Tie technical risks to the business. What business losses could potentially result from a technical failure?

Understanding common attacks
Software developers often use patterns to group areas of commonality. There are design patterns, code patterns and also attack patterns. CAPE (Common Attack Pattern Enumeration and Classification) International provides a community-developed taxonomy of common methods that exploit software. As technologies evolve, so do the attack patterns, so the list is constantly changing. However, it is useful for software testers to become familiar with the top attack patterns and understand the circumstances in which they occur.

Understanding attack patterns will help you see where your code is most vulnerable and who is most likely to attack. Once you understand this, you will be able to put the proper defense mechanisms in place.

Web-based applications are easy targets for security breaches, so those who test Web-based applications should understand some of the most common types of attacks, such as SQL injections or cross-site scripting errors.

Checklists, tools and other resources
Another technique used to uncover security risks is using a checklist to help evaluate the security of your application. For example, this Security At a Glance checklist checks things such as financial loss, number of users, security policies, use of logins, security training and so on. This list is included in the book Secure Coding: Principles and Practices.

Of course, there are a variety of tools that will help with detecting security vulnerabilities as well. Static code analysis tools scan an application and highlight possible vulnerabilities in the code. Other resources include OWASP, the Open Web Application Security Project, which provides the global community with insights into security risks. The OWASP website offers a wealth of information for the security tester and includes many educational resources to help software professionals stay informed, including a Getting Started page, which will help those who are new to the field.

Source: http://searchsoftwarequality.techtarget.com/tip/Software-testing-lifecycle-Dealing-with-security

Did you like this? Share it:

Automated applications deployment: DevOps, no matter what you call it

When it comes to automated applications deployment, is DevOps is a reality for most teams — or just a concept that gets a lot of attention?

There is a new understanding that one size does not fit all when it comes to the business of automated applications deployment. The historic context that puts the responsibility for change and release management in development or operations was in part a response to the needs of the business long ago and to the personalities of the players of the day.

Today many different forces are placing new demands on change and release management, which are stretching traditionally organized teams in a myriad of ways. There is pressure from the development team to reduce controls around code moving from development to unit testing, to user testing, to system testing, to staging. And there is pressure from the business side of the organization to reduce cycle times to keep pace with competitors. In addition, business is making demands around governance and auditing, asking for greater visibility, accountability and traceability.

Whether we call this DevOps or not, all of these things fall under the DevOps umbrella. Software change and release management all over the world has become increasingly important to how organizations conduct business.

Let’s look at the continuous delivery movement. This developer-driven trend automates the movement of code from stage-to-stage of the lifecycle. It automatically provisions the target platforms and requires little human intervention. We trade control and oversight for automation and standardization. The result is that code travels much further down the path to production before anyone intervenes with human checks and balances. This process is much more efficient than keeping developers and testers waiting for changes to move along the process.

How about the mythical "emergency" process? All organizations are experiencing our unplanned code changes — or patches — that are slipped in the at last minute as business demands. What was once about the rare need to remediate a broken technology is now the daily norm for business-critical changes. Unmanaged and unplanned, these kinds of changes will lead to chaos. That’s not something we associate with change and release management.

So, in today’s high velocity world, where revenue generating apps might undergo several "turns" of changes every month, there is a renewed focus on release management.

Source: http://searchsoftwarequality.techtarget.com/answer/Automated-applications-deployment-DevOps-no-matter-what-you-call-it

Did you like this? Share it:

MobileFirst: IBM asking companies to design mobile applications first, rest later

ING Vysya Bank BSE 0.83 %, with around 500 branches and an additional 500 ATMs, is too small to compete with the banking titans directly. So it does what small companies do in such situations: use tact and finesse to lure and retain customers.

The bank was evaluating technology options to use mobility as a strategic edge, when it was attracted to an Israeli company, Worklight. This startup, set up in 2006, had a useful piece of technology.

It enabled companies to create, in one seamless process, an application that could work in any device: a laptop, iPad,iPhone, Android phone… Its capabilities were impressive, but there was one problem.

Worklight did not operate in India. This was in early 2012. Soon after, ING VysyaBSE 0.83 % heard an interesting piece of news: IBM was acquiring Worklight.

IBM, which had worked hard to build formidable products and services in cloud and analytics, had suddenly found itself inadequate in mobility, a rapidly-emerging area that was becoming a conduit to these two businesses.

With IBM having a substantial presence in India, ING signed up with Worklight quickly. IBM went on to acquire more companies, totaling 10 in the mobility space in four years, and launched a brand called MobileFirst on Thursday last week.

"We are planning to double investments in mobility this year," says Ed Brill, director of IBM Mobile Enterprise Marketing. MobileFirst, as the name implies, asks companies to turn their current development philosophy on its head.

MobileFirst: IBM asking companies to design mobile applications first, rest later

Instead of making mobile applications an extension of their desktop software, IBM is asking companies to design mobile applications first and then think about the rest later.

For them to do this well, IBM has spread a splendid set of tools: a mobile development platform, a security platform, a mobile device management product, mobile analytics, an ecosystem which includes service-provider A&T (only in the US) and universities, and a plethora of services around of them.

Although not mentioned explicitly, it would include a cloud service also, often serving as a critical part of mobile services. Mobility is now considered as one of the mega trends affecting the IT industry, on par with three trends that defined and directed it earlier: Mainframe, client-server and Internet.

Many chief information officers and analysts now bundle mobility with other recent developments like social, cloud and analytics. These four trends are together called SMAC, a term that describes the close association between social, mobile, analytics and cloud.

All four areas are bustling with startup innovation. Big IT companies are watching them closely. Mobile applications have been growing slowly over the last decade, but mobile commerce had not, till recently.

Phones were not good enough then. The networks were slow. Enterprises had legacy applications that were not easy to extend to a mobile. So you could, in theory, buy stuff on the mobile or do other financial transactions, but customers were often put away by the poor experience.

Source: http://economictimes.indiatimes.com/tech/software/mobilefirst-ibm-asking-companies-to-design-mobile-applications-first-rest-later/articleshow/18666952.cms

Did you like this? Share it:

W3C designates Chinese uni as ‘host’ center

W3C china

The World Wide Web Consortium (W3C) announced today it has designated China’s Beihang University as a "host" institution, as it hopes to increase opportunities for collaboration with local developers, Internet companies, and research institutes to shape the Web’s future.

In a statement issued Monday, the W3C said Beihang University will join the US’ Massachusetts Institute of Technology (MIT), the European Research Consortium for Informatics and Mathematics (ERCIM), and Japan’s Keio University as the organization’s four official host centers. Beihang University’s School of Computer Science & Engineering department had been a W3C office since April 27, 2006.

It is also the first time in 15 years that the W3C has appointed a new host institution, noted Ian Jacobs, head of communications for W3C.

In a phone interview with ZDNet, Jacobs explained the difference in status between "host" and "office," saying that while Beihang University had previously been a "friend of W3C" in that it hosted events and brought together collaborators, it did not set the direction for the Consortium and house staff member. In other words, the latest announcement means the Chinese institution is "now W3C," he said.

"A host is the heart of our organization, and it is a different level of engagement," the executive said, adding the W3C has set a goal of having seven to 10 employees in China by the end of 2013.

Tapping local innovations

Jacobs also pointed out the Consortium will have a stronger base to engage the Chinese Internet companies, developers, and research institutes to have them contribute to shaping how the Internet will develop in the future. 

He said Beihang University has organized many Web developer events since 2006, such as training, meetings, and conferences, and it will continue to be a facilitator for such platforms. Already in place this year is a conference on HTML 5 and mobile development to be held in Beijing in July for approximately 1,000 people, and a "Test the Web Forward" event in Shanghai in the middle of this year, he stated.

Asked if the Chinese developer community has particular strengths the W3C can tap on, the executive said recent participation from members "hint at particular interests." The community has proved adept at creating new browsers and innovating on them, which has led to more distinct browser products in the market than a decade ago, he said.

Mobile and software testing are two other "hot" areas among Chinese developers and are focus areas for Beihang University’s events, he added.

Jeff Jaffe, CEO of W3C, also pointed out in the statement that Chinese companies have excelled in instant messaging, online games, smartphones, search, and creating a flourishing browser ecosystem.  

"In the past two years, W3C has benefited from greater Chinese participation, and we look forward to that trend accelerating through the efforts of local industry and Beihang University. Global participation in W3C enables our community to identify global needs for the Web and drive solutions," Jaffe stated.

In terms of attracting more Chinese companies to become W3C members, Jacobs said there are no concrete goals set by the Consortium for the year.

He did note, though, that participation among local companies is "modest but growing." Companies such as Huawei Technologies, Baidu, Tencent, and China Unicom have employees contributing to W3C’s various community groups, and, with a local host institution in place, the contributions should rise accordingly, he added.

Source: http://www.zdnet.com/cn/w3c-designates-chinese-uni-as-host-center-7000010056/

Did you like this? Share it:

8 Common Excuses in Software Testing

Excuses are common in the workplace. They seem to be more common in tech companies. If they weren’t, Dilbert would have been out of print a long time ago. But excuses inside tech companies who don’t test their software? In that case, they can be something of an epidemic.

And what are some of those excuses? Here are a few we’ve heard over the years:

1. “It’s working fine on staging.” – Applications always seem to work differently on staging than they do in production, don’t they? This leads many companies to only test before a major launch. What changes can happen in the time an app goes from staging to the real-world? Anything and everything! Users can access the app on different browsers and operating systems, or in the case of mobile apps, they are likely to use an app on a variety of devices, carriers and in disperse locations. In other words, a lot can change from staging to production, so there’s no excuse for not testing “in the wild.”

2. “We didn’t have enough time to test.” – This excuse is common within companies that tend to view software development as an assembly-line process, with testing being the final stage or “last line of defense.” The problem here is that when projects fall behind – which they almost always do – testing is done hastily at best, or worse, not at all. Ideally, the testing team is involved throughout the entire SDLC, but that’s a topic for another day. By the way, if you’re a tester, and you find yourself in this situation, this is actually a very valid excuse, but I digress…

3. “It’s okay, we’re a startup.” – Being lean and agile (and likely resource constrained) doesn’t give you the excuse to skip testing. If anything, startups should be more concerned about testing and quality, as they are making first impressions and/or trying to disrupt an entire industry. Poor quality will help them achieve neither. In our view, startup status should never be used as an excuse for not testing properly.

4. “It’s in beta, users will find the bugs.” – If that’s your excuse, rest easy knowing that users will indeed find the bugs. But will they report them to you in an easy to understand bug report? Will they effectively communicate the severity, frequency and steps to re-produce? The answer to that question is probably “no.” We see many companies use beta as an excuse for poor quality and as a substitute for professional testing – don’t be one of them.

5. “We don’t have enough money.” – Lack of budget is certainly an excuse for not doing lots of things in the tech world. But if your company has made it all the way from ideation to development to launch, then chances are there are enough funds kicking around for at least some formal testing.

6. “We haven’t made any major changes.” – Many companies do a fine job of testing for a major launch, but fail to regression test new versions. Truth is, any code change – no matter how insignificant it might appear to be – can have a major impact on an application.

7. “I didn’t think hackers would target us.” – Just because you’re not a major banking institution or a government agency doesn’t mean you shouldn’t be testing the security of your software. The motives of hackers are changing every day, and it’s only a matter of time before they find a reason to target YOU.

8. “They’re using it wrong.” – When in doubt, blame the users  As the saying goes, if a user can’t use it, then it doesn’t work. You might understand the application, but that’s not an excuse to forgo usability testing.

Source: http://blog.utest.com/8-common-excuses-in-software-testing/2013/01/

Did you like this? Share it:

Demand for software testers a boon to economy

The rising demand for software testing engineers can help position Malaysia as one of the leading niche players in the growing software testing business running into billions of dollars annually, says the President of the Malaysia Software Testing Board (MSTB), Mastura Abu Samah.

A software testing engineer is normally responsible for testing new computer software or programs before the product is delivered to ensure that they work properly, perform the desired functions, and are free from defects.

Mastura said the current trend in "our highly automated world is for software testing engineers to become the ‘third eye’ to identify ‘bugs’ or problems in computer systems before the procurer or purchaser takes possession of the system from the vendor for use or deployment."

"Against such a scenario, the potential of software testing engineering is tremendous with the business able to soar to a RM20 billion industry by 2020," she told Bernama in an interview.

Mastura said as European and other Western countries increasingly outsource their software testing business to the Asia Pacific, Malaysia could take advantage of the opportunities being offered to specialise in this sector and in the process enhance the national income.

Starting with only 20 software testing engineers in Malaysia more than 15 years ago, MSTB has helped to increase the number to 1,600 engineers and the board is targeting 10,000 software testing engineers in the country by 2015, she said.

MSTB is the national body representing industry interests in promoting Software Quality Assurance (SQA) and software testing as core competencies in the development of IT-dependent quality products and services.

As a member of the International Software Testing Qualifications Board (ISTQB), MSTB regulates the accreditation and certification processes for Malaysia.

"The board has set up a platform to promote the industry and we need to ensure that the applications being tested are tested well and at the same time ensure that there are multi-skilled people undertaking the tasks," said Mastura, who is regarded as a pioneer in this specialised field.

She said companies usually clamour for multi-tasking engineers who can design, test and deploy software rather than being confined to "doing just one thing."

Mastura said MSTB initiated the Malaysia Software Testing Hub (MSTH) programme, a strategic public-private partnership with the government to "pilot" an eco-system that would also identify new opportunities in the global economy against the backdrop of an innovative economic model for high-income growth.

"In other words, MSTB is undertaking one of the niche areas which our former Prime Minister Tun Dr Mahathir Mohamad had envisioned in the Multimedia Super Corridor (MSC) initiative in 1996 towards creating a multimedia hub of knowledge workers," said Mastura.

MTSB, she said, is now working with several local universities to ensure that software engineers performing such tasks would be able to "skill-up" and adapt to the different domains in the market such as banking, telecommunications or human resource management.

Mastura said MSTB hopes to help produce software testing engineers who can prove their worth anywhere in the world with their skills, adding studies have shown that these highly-skilled specialists can easily earn between RM15,000 and RM18,000 a month.

To help Malaysian software testing engineers keep abreast of the latest developments, MTSB has invited 14 renowned international experts in the field to speak at Softec, a three-day conference and workshop beginning here on Tuesday.

This year’s event, themed "The Art of Testing", focuses on the finer points of software testing, particularly on testing techniques and their effective application.

Source:
http://www.thesundaily.my/news/427696

Did you like this? Share it:

How to test Flex application using Selenium RC?

Testing Flex applications was difficult because the logic or behavior is encapsulated from the browser. Selenium RC uses JavaScript to communicate with the browser. Flex External Interface provides a mechanism for which you can use JavaScript to call an ActionScript function in a SWF file embedded in an HTML page. Therefore, we use FlexSelenium, a Selenium RC client extension that uses JavaScript as the medium between Selenium RC and the Flex application.

You can also test flex application by having a flex monkium plugin in selenium IDE. You need to compile your client application with sfapi.swc and automation_monkey.swc and the flex libs. This becomes your application to test. You can record your test and convert that into any format which you are comfortable in.

Recently I just got the chance to test one Flex application using selenium. To provide flex support to selenium, you just have to add few JAR files. But for this you need to rebuild your application with provided library file (SeleniumFlexAPI.swc) by selenium flex.

Below are the steps to test flex application using Selenium RC.

Rebuild your flex application with SeleniumFlexAPI.swc

Download the “Selenium-Flex API” zip file and extract the zip file. In FlexBuilder, add this SeleniumFlexAPI.swc in the /src folder, then build your application with -include-libraries SeleniumFlexAPI.swc as the additional compiler argument.

Click Here to Download SeleniumFlexAPI

Add JAR files in the project

Download “Flash Selenium Java client extension” and “Flex UI Selenium” jar files. Now Right click on Project name in Eclipse and Select “Build Path >> Configure Build Path >> Library Tab”. Add these jar files by selecting “Add External Jar files” button.

Click Here to Download Flash Selenium Java client extension

Click Here to Download Flash UI Selenium

Write Selenium Script

Before we write the script in Selenium RC we need to identify the elements of the flex application. So for this use FlashFirebug (extension of the firebug add-on) Firefox add-on to identify the elements.

Source:
http://www.softwaretestingdiary.com/2012/07/how-to-test-flex-application-using.html

Did you like this? Share it:

10 Free Website Speed Test Tools

Website Speed Test Tools

Page Speed Insights

PageSpeed Insights analyzes the content of a web page, then generates suggestions to make that page faster. Reducing page load times can reduce bounce rates and increase conversion rates.

website-speed-testing-1

Website Speed Check

The website speedtester shows the duration of a given website. This value can be used for showing how long a website take to load and if it is better to optimize the website.

website-speed-testing-2

Neustar Web Performance

Test your website performance with this free cutting edge tool. This tool accesses your website from different location and generates a website performance analysis report.

website-speed-testing-3

PingDom

The Full Page Test tool to help you analyze the load speed of your websites and learn how to make them faster. It examines all parts of a web page, shows performance overview and you can also share the results with your friends.

website-speed-testing-4

Load Impact

Load test your website online. We offer load testing and reporting as an online service to e-commerce & B2B sites all over the world.

website-speed-testing-5

Which Loads Faster

Pages compete head-to-head in your browser to see who’s fastest!

website-speed-testing-6

Octagate Site Timer

Web Monitor allows you to monitor how long it takes for a user to download one or more of your web site pages.

website-speed-testing-7

Show Slow

Show Slow is an open source tool that helps monitor various website performance metrics over time. It captures the results of YSlow, Page Speed, WebPageTest and dynaTrace AJAX Edition rankings and graphs them, to help you understand how various changes to your site affect its performance.

website-speed-testing-8

Web Pagetest

Run a free website speed test from multiple locations around the globe using real browsers (IE and Chrome) and at real consumer connection speeds.

website-speed-testing-9

GTmetrix

GTmetrix uses Google Page Speed and Yahoo! YSlow to grade your site’s performance and provides actionable recommendations to fix these issues.

website-speed-testing-10

Source:

http://www.flashuser.net/resources/website-speed-test-tools.html

Did you like this? Share it:

Pen Game: A Mean to Fathom Software Testing

A handful of testers find the Pen Test an easier way to explain software testing. In a Pen Test, the presenter will hold up a pen in his hand and repeat some questions. With only two possible answers, he would like to know what makes the answer Yes and what makes the answer No.

Michael Larsen, in his blog brought out the relationship between the Pen Game and Software Testing. While testing, the testers are being presented with the program (the pen). The behavior of the testing is displayed (words and actions to display the pen) and based on the behavior, the testers can determine the state of the program.

The next step for a tester is to create a hypothesis and test it. If the result accepts the hypothesis, then we can still continue testing, however, if the results disregard the hypothesis, then we have to abandon the model or the assumptions.

The answer can be determined based on the behavior of the application. We can bring out different clues for the answer. The clues are being tried and if it doesn’t work we can replace it with another clue. Thus, coming closer to the answer.

Sometimes when we have no valid answers at our disposal, we tend to make guesses. However, if we make too many right guesses, there can be a possibility that we might create an inaccurate mental model. For example, if we are able to make four correct answers, we might think that the next answer is a yes because we have created a mental model that all answers are Yes.

However, if a game becomes too popular, it loses its potency as we tend to focus more on the answer. Therefore, a tester would need to look out for other games that can be applied for software testing.

Source:

http://qa.siliconindia.com/news/Pen-Game-A-Mean-to-Fathom-Software-Testing-nid-115076.html

Did you like this? Share it: