Workshop 1
5 July, London
Laptops required

Automatic Penetration Tests
Full day workshop by Chris Dare, Senior Security Engineer at Abide Financial

Penetration testing is a healthy combination of manual and automated methods, and a necessary part of a secure SDLC. However, its manual nature means that it can slow down a delivery pipeline, perhaps to the point where it’s moved all the way to the right (post release).

Penetration Testing is a vital activity, discovering logic flaws that could lead to security vulnerabilities. It requires a degree of experience and intuition that cannot be fully replaced by automated tests, but automation is a method by which we can reduce the requirement for manual testing, and introduce regression tests for the issues it uncovers.

The application login flaws discovered through manual testing can often be explained by a failure to meet security requirements, or security requirements that are not sufficiently granular. If security requirements can be translated to specific acceptance criteria, and then tests driven by these acceptance criteria, perhaps we can reduce the potential for application logic flaws.

In this workshop, we will learn how some penetration testing can be automated and moved back to the left of a software delivery pipeline. We will:

  • Define security acceptance criteria in natural language (Gherkin)
  • Parse acceptance criteria to create automated security tests
  • Create functional (application logic) and non-functional (common security issues) tests
  • Automate our security tests as a Continuous Integration build.

To participate, you will need a laptop with the following installed:

Speaker’s CV

Chris Dare used to write code for a living but then realised it was more fun to try and break it. Currently the senior security engineer at Abide Financial he works on application security, cloud infrastructure, metrics and monitoring.

Workshop 2
5 July 2017
Laptops required

Test Automation Patterns
Full-day workshop by Seretta Gamba and Dorothy Graham

There are many problems in automating system level test execution. The surprising thing is that many people encounter the same problems, yet they are not aware of common solutions that have worked well for others – these are “patterns”. Seretta Gamba recognized the commonality of these test automation issues and their solutions and, together with Dorothy Graham, has organized them into Test Automation Patterns. Although unit test patterns are known elsewhere, our patterns address more general issues. We cover management, process, design and execution patterns to help you recognize common test automation issues and show you how to identify appropriate patterns to solve the problems. Bring your laptop to gain access to the wiki during the workshop.

Target audience:
This workshop is for Test Automators, testers, test managers, QA managers, developers assisting in test automation, and managers who want to ensure good quality system-level test automation.

Content of the workshop:
The workshop starts with a general introduction to system-level issues and patterns, and the wiki where they are described. Management Issues such as HIGH ROI EXPECTATIONS or UNREALISTIC EXPECTATIONS are addressed by patterns such as CLEAR GOALS, MANAGEMENT SUPPORT and MAINTAINABLE TESTWARE. Technical issues and patterns. Issues such as BRITTLE SCRIPTS, INADEQUATE DOCUMENTATION and RANDOM AUTOMATION are addressed by patterns such as TESTWARE ARCHITECTURE, DOCUMENT THE TESTWARE, AUTOMATE WHAT’S NEEDED and TOOL INDEPENDENCE. Other issues and patterns are discussed depending on the attendees most critical questions and problems.

Outline:

  • Introduction: identify most pressing automation problems in the room from a management perspective
  • What are issues and patterns in test automation
  • Using the wiki (with exercises using personas)
  • Patterns in depth
    • SET CLEAR GOALS
    • MANAGEMENT SUPPORT
    • WHOLE TEAM APPROACH
    • SET STANDARDS
    • MAINTAINABLE TESTWARE
  • General discussion of management topics as requested by attendees
    • re-visiting attendees’ most pressing problems and issues and pointing to possible resolving patterns
  • Identify most pressing automation problems in the room from a (generic) technical perspective
  • Patterns in depth
    • TESTWARE ARCHITECTURE
    • ABSTRACTION LEVELS
    • DOCUMENT THE TESTWARE
    • AUTOMATE WHAT’S NEEDED
    • TOOL INDEPENDENCE
    • COMPARISON DESIGN
    • EXPECTED FAIL STATUS
  • Other issues and patterns that attendees wish to address
    • using the wiki
    • re-visiting attendees’ most pressing problems and issues and pointing to possible resolving patterns
  • Summary and Conclusion

Speakers’ CVs

Dorothy Graham has been in software testing for over 40 years, and is co-author of 4 books: Software Inspection, Software Test Automation, Foundations of Software Testing and Experiences of Test Automation. She is currently working on a wiki on Test Automation Patterns with Seretta Gamba, and a book to accompany the wiki.

Dot is a popular speaker at international conferences world-wide. She has been on the boards of many conferences and publications in software testing, and was programme chair for EuroSTAR in 1993 (the first) and 2009. She was a founder member of the ISEB Software Testing Board and was a member of the working party that developed the ISTQB Foundation Syllabus. She founded Grove Consultants and provided training and consultancy in software testing for many years, returning to being an independent consultant in 2008. She has been presenting at Unicom seminars for over 30 years.

She was awarded the European Excellence Award in Software Testing in 1999 and the first ISTQB Excellence Award in 2012.

Seretta Gamba has forty years of experience in software development. As test manager at ISS Software GmbH, she was charged in 2001 with implementing test automation. After studying the then current strategies, she developed a kind of keyword-driven testing and a framework to support it. In 2009, the framework was extended to support manual testing. Speaking about this at EuroSTAR, Seretta got the attention of Dorothy Graham who subsequently invited her to contribute a chapter to the book Experiences of Test Automation. After reading the entire book, Seretta noticed recurring patterns in solving automation problems and began to write a book on test automation patterns. She was soon joined by Dorothy and together they developed the Test Automation Patterns wiki.