How to Measure to Improve Quality, Hacking Fun, and More!

Are you measure quality correctly?

Learn a shocking new way to measure your user journeys on your site and see the whole experience.

What Pen Testing tool aims to keep the fun in hacking??

Find the answers to these and all other end-to-end full pipeline #devops , #softwaretesting , #automationtesting , #performancetesting , and #cybersecurity testing in this TestGuild News show episode for the week of August 14th.

So grab your favorite cup of coffee or tea, and let's do this.

First up, automation and testing news.

Testing PDFs

Are you using Cypress.io , and do you need to test a PDF file? If so, read on.

This first article is by Filip Hric , one of the Cypress ambassadors (whom you must know and follow). And he goes over exactly ?? how to accomplish testing a PDF file with Cypress .?

He has a code example, shows how to verify the download and check the file's contents, and more.?

How to Improve Quality -- What to measure??

Suppose you're on an agile testing team. In that case, you probably struggle a lot with finding how you measure to improve quality without using meaningless KPIs like the number of automated tests or things that don't add value to the entire quality of what you're releasing.?

So this next article by agile experts and well-known authors Lisa Crispin and Janet Gregory goes over ?? how to measure to improve quality .?

This post goes over why quality is hard to define and some trends they saw in a recent survey by the State of DevOps.?

Lisa and Janet then went over some metrics mostly related to process quality, which you can also use to influence product quality.?

Some of the useful KPIs are:

• Lead time to change
• Deployment frequency
• Time to restore service

This is a must-read if you have anything to do with quality, software testing, or software development.?

Must-Attend Event

I don't know how many of you are in the Australian time zone, but I'll be hosting an event at that time. I'm actually in the Eastern time zone, so I have to stay up wicked late, which I never do.?

I usually don't stay up past 9 p.m. :)

So if you want to join me and cheer me on to get through this event, you definitely want to check out this one by Applitools, which is ?? the future of testing APAC .?

And as always, it's a free virtual event that will go over some sessions to help you gain a fresh perspective and insights on long-term challenges with software testing. And you can see some of these excellent speakers lined up for this.?

So definitely register for that now.

Automate Brower Checks

Want to find out a cool way that allows you to synchronize your browser checks from GitHub automatically?

This next find is by the folks at Checkly with their new ?? GitHub browser check synchronization that just went into public beta.?

So using Checkly GitHub sync, you can now develop your #playwright or #puppeteer scripts locally and link them with Checkly to keep them updated via Git.?

And it has some highlights of this new feature helps you with:

• Defining Your Code Sync Strategies
• And how to reuse your code and load local file dependencies

So if you have never heard of Checkly or this feature, it sounds like something your team could benefit from using; check it out and let me know what you think.

New Selenium Release

Selenium just announced that ?? Selenium 4.40 is now available. So what new features does it have? Let's check it out.

So this new release added:

• Adding support for CDP released in Chrome v104, while v101 was removed
• A virtual authenticator feature was completed across languages.
• All language bindings will throw an error when w3c: false is set in ChromeOptions
• Improved health checks and requests with non-W3C locators for Relay Nodes in Grid

Read the full document to learn more about everything included in this new release.

And you can also see all the folks who helped contribute to this release, so give them a big applause. And thank them for all they do for the automation community!

How to use and automate in a modern tech stack

If you're like me, you learn from examples.?

So here's a great resource by Burak Kantarci that shows you a boilerplate code or way to demonstrate the usage of modern stacks, how they work, and how you can ?? get started with NodeJS, Playwright, GitHub Actions, and Foresight. Check it out.?

Burak talks about why he wrote this article. The tech stack market is expanding increasingly, and he believes that seeing everything in action is the easiest way to see the benefits.?

So he decided to create this article with the combination of NextJS, Playwright, GitHub actions, and Foresight to create an end-to-end stack for a web application.?

All the external tooling is free; therefore, you don't need to pay anything.?

It goes over:

• How to set up a to-do app.?
• It goes over how to set up PlayrightHhow to write an end-to-end test
• How to create a Junit report.?
• How to configure your GitHub actions
• How to configure Foresight.?

Check it out.

Next up, performance and site reliability news.

We reviewed WebPageTest by Catchpoint and some cool features in a previous news show. Well, they just introduced a new recorder Chrome extension that will help you do more.?

So let's see what that can do for you.?

Once again, this is from Tim Kadlec and goes over what the Chrome recorded Multi-step tests do. So what's valuable about this is that it allows you to measure user journeys in a site that lets you see the whole experience of a critical flow in your site.?

But it also allows you to record and test interactions, making it simpler to test your site's performance after the initial load. And this article goes over how to use the extension to get the most out of it.?

It's a cool new feature that I think everyone should know about, so definitely ?? check it out and let me know what you think.

Want a Performance Engineering Masterclass??

Well, this following resource might be just for you, and it is on Performance Engineering Masterclass for optimizing distributed systems and what to expect.

?This is by Peter Corless and what I think is neat is that it's going to be kind of a joint event between k6 , one of the go-to coding-type performance solutions out there. Dynatrace one of the premier monitoring solutions, and ScyllaDB

The training is vital because performance optimization for large distributed systems is usually a multivariate problem. The complexity makes it challenging to get a handle on all the different moving pieces, combine aspects of underlining hardware and network tuning operations systems, and find which layers of a virtualization application architecture are causing you issues.?

This master class will go over how you can:

• Optimize your team's pipelines to process for continuous performance
• How to define, validate, and visualize SLOs across your distributed systems,?
• How to diagnose and fix subpar distributed database performance using observability methods.?

?I'm going to ?? register for this and hope to see you there too.

Test Kubernetes

Do you use #kubernetes , or do you develop microservices? If so, I think you'll dig this new API-type open source project I just stumbled across.

This comes your way via Leonid about an open source tool he recently discovered called Mizu, which allows you to ?? tap into live API communications between deployed services .?

And I like this tagline, "Think Wireshark but built for Kubernetes with multi-protocol and TLS support," and even better, it is free.?

Mizu will help you troubleshoot and debug your APIs in Kubernetes.?

If you like open source and have used Kubernetes and if you use microservices, this is a must-try free resource.

Next up, security news.

And once again, I missed a black hat conference in Las Vegas last week, but I found a few interesting articles that touched upon some things that were announced at that event.?

The first one is a Pen Testing tool that aims to keep the fun in hacking.

On announcement was about the latest version of AttackForge ReportGen DevSecOps.

If you don't know, AttackForge? is a pen test management and collaboration platform created to facilitate security testing across large and small organizations.

So this year's offering ?? ReportGen includes new features designed to remove, according to this article, the most loathed part of Pen Testing,--which is reporting.?

And one of the main reasons is that reporting is highly time-consuming and can take out all the fun of being a hacker.?

So this was designed to help alleviate that problem with new features that help you and your whole team with reporting like:

• New pen test reporting templates
• The ability to use AttackForge ReportGen with any arbitrary JSON file. This allows you to generate reports on any data set in JSON format
• ReportGen Functions that give you the ability to program custom logic into templates to create sophisticated and powerful reports
• Filters that provide you with greater flexibility on filtering data in your reports.

New Security Standard?

And another cool development at Blackhat USA 2022 was that CREST shared a ?? quality assurance verification standard to help you improve application security testing .?

OWASP verification standard measures an organization's ability to execute and deliver assessments related to levels one and two of the OWASP Application Security Verification Standard.?

They aim to provide a consistent methodology for accrediting companies that offer application security testing services.?

So the standard is based on the open-source framework defined by OWASP.

The article point out that:

It may be a while before application testing using OVS becomes routine. Still, as more organizations embrace DevSecOps best practices to secure their software supply chain, there is a greater need for application security testing standards.

Wrap-up

That's it for this episode of the Test Guild News Show.?

I'm Joe, and my mission is to help you succeed in creating end-to-end full-stack pipeline automation awesomeness.?

As always, test everything and keep the good. Cheers.

Let the Guild Help YOU

Did you know that the Test Guild community comprises a highly engaged, growth-oriented, and ambitious audience of 26k+ software testing professionals?

We can help with our done for your webinar, online events, podcasts, courses, lead generation, and more!?

If you're in the DevOps automation/software testing space and want to offer real-world value that can improve the skills or solve a problem for the Guild community

???????See how we can help you !