Tesena Fest 2020, 5. 3. 2020, Vienna

By Christoph Börner

About the presentation

DevSecOps can be defined as a cultural approach to improve and accelerate the delivery of business value by making dev/sec/ops teams’ collaboration effective. Since it is a relatively new trend, it is important to make an overview of the practices and experiences accumulated on the subject.

The question of Involving security in DevOps has presented a challenge because traditional security methods have been unable to keep up with DevOps’ agility and speed. DevSecOps is the movement that works on developing and integrating modernized security methods that can keep up with DevOps.

Basically, DevSecOps is DevOps with security built-in, right from the start. It means building security into requirements, into design, into code, and into deployment, logging, and monitoring — in short, into your entire DevOps supply chain. How do you translate those goals into practice? Which specific security processes can you automate and integrate into the rest of your CI/CD pipeline, and how can you do it?

This talk will give you an introduction to this topic and show you a blueprint of an app sec continuous delivery pipeline.

Takeaways:

• Continuous Compliance and Security Testing in an agile transforming enterprise.
• See how everything starts with Static Application Security Testing.
• Move on identifying vulnerabilities with Dynamic Application Security Testing.
• The fuss with Compliance as Code. Open Source Testing Tools.

By Derk-Jan de Grood

About the presentation

Organizations have adopted Agile, Scrum, DevOps, CI/CD practices widely in order to increase their adaptivity. While doing so, they learn that it is impossible to speed up the IT deliverance without a trust in quality. Lean Agile and SAFe have the built-in quality as one of the core principles, but what does that mean for teams and organizations? In this presentation Derk -Jan will share the challenges he encounters in various organizations. 

How do teams work and collaborate in order to release valuable increments and what are approaches helping to increase the quality awareness? We will discuss the role of a tester on the team level,  but also investigate how quality control is organized in scaled Agile settings where teams need to collaborate on a single increment.

How can you organize quality control on the release level? What types of releases can we distinguish and who is responsible? What do we see in practice and how should it work? In order to have the built-in quality, we need more than just good test. We need a good strategy. Implementing this principle on  various levels is challenging and has immense impact on the SDLC.

Take-aways: 

• Understanding the built-in quality principle is a multi-level challenge that is gaining importance with the spread of Agile. 
• Identification of the roles that are needed in order to organize testing in scaled Agile organizations is crucial.
• It is important to define the quality feedback loops and the impact for the development and business. 

By Oleksandr Trutniev

About the presentation

Backlogs are exciting. I often sit staring at the backlog trying to envision how the product will look like in 1-2 years. You do this as well, don’t you? But where should we start? Is it better to opt for that fancy feature, or rather build this technical foundation first, or maybe we should change the font in the prototype? Backlog prioritization is not an easy exercise. It might be (and most probably will be) very frustrating. Moreover, the moment a backlog item reaches the team you will get tons of questions (such as, why this first? Don’t we need to start somewhere else?) and you will need to be ready to support your point of view.

It’s hard to maintain the same level of context for all the team members with only a one-dimensional backlog. “So, is there a better way?”, you will probably ask. Of course, there is! And I will gladly show it to you. Have you heard about the concept of Story Mapping? User story mapping is a simple, collaborative exercise that helps to define the user’s journey for your product. In other words, it’s a way to avoid the painstaking feature prioritization and focus on the user needs instead keeping use cases always in sight.

Using the suggested approach, you will get a multi-dimensional transparent and intuitive story map instead of a traditional, boring, complex and one-dimensional backlog. Rather than prioritizing small user stories, story map creates a meaningful context which helps you focus on your goals! And, guess what!? Story mapping can be used not only for user-centric features and user journeys. It is also applicable in case of very technical stuff.

In this presentation you will see how even such technical matter as Test Automation can be approached using the concept of story mapping. How to prioritize Test Automation activities? Automate all? In what order? What has the highest priority and what brings the most value? Story mapping will give you answers to most of the questions. Or, at least, give you some fresh ideas on how to tackle your backlog.

Take-aways:

• Understanding the way how to use Story Mapping, defining its importance in the matter of complex backlog prioritization.
• Getting a clear idea on when and how this tool can be used for different backlog items and flows.

By Mesut Durukal

About the presentation

In this talk, I provide solutions that we developed to handle test smells and have a more robust test automation environment. These are the lessons learnt from our experiences which are applicable to any type of test automation project or may give the audience an idea of how to develop their own solutions.

I start by emphasizing the importance of test automation and the costs incurred due to the knowledge gaps in QA. I discuss possible drawbacks and difficulties which are caused by test automation such as inconsistent test results, creation of huge load of test data and test dependency problems. Then, I describe the reasons behind those difficulties that lead us to define the test smells and analyze different test smell types.

As our solutions are based on the real-life experiences, I provide insights about the real system under test which is a cloud-based open IoT operating system built on a microservice architecture. It is a big project developed by 600 people in 10 globally distributed sites which brings additional challenges to manage test processes. Finally, I provide our solutions that we developed to overcome different types of test smells.

I will talk about the solutions against test smells one by one:

• Polling mechanisms that we implement for handling asynchronous microservice calls.
• Helper classes that we create for implementing reusable test codes to decrease the maintenance effort needed after the updates in the system requirements which is highly possible in agile environments
• Clean up codes we developed to execute after tests which clean the test data to decrease the unnecessary load in the system and eliminate test dependency problems
• Usage of test annotations to control the order of test executions and group related tests
• Usage of test execution tools that enables us to schedule test executions and provides options for automated reporting of test results
• Keeping test history for detection of the flaky tests requiring maintenance, Diversifying test data in different executions to have a more reliable test code which tests the system in detail including corner cases
• Static test code analysis to increase the quality of the test code as code quality problems may create possible test smells.

While I deep dive into each solution, I use real life examples and “before after” comparisons to provide concrete results to the audience showing the advantages of our solutions. The main objectives are: To provide background information to the audience about the definition of a test smell and common test smells types. To present a set of mitigating actions for test smells within the scope of automated testing of software systems built on micro-services architectures. To provide real life examples and empirical evidence supporting the advantages of our solutions.

Take-aways:

• Effects of test smells in automation projects,
• Ways to achieve robustness of a test suite,
• Optimization of manual effort on testing,
• Cost of bugs coming from production environment,
• Improvement of rapid automation and adaptation,
• How to find bugs at early stages?