Log4j Security Alert, Angie Jones Leaving Test TGNS25

Published on:
TestGuild News Show Feature Image

About This Episode:

Hey, did you hear that Angie Jones is leaving the testing space? Want to know why AWS went down last week and do you use log4j. If so, your software might be at risk? Find out the answers to these and all other end and full pipeline DevOps automation, performance and security testing in this episode of the Test Guild new show for the week of December 12th. So grab your favorite cup of coffee or tea, and let's do this.

Exclusive Sponsor

This episode of the TestGuild News Show is sponsored by the folks at Applitools. Applitools is a next-generation test automation platform powered by Visual AI. Increase quality, accelerate delivery, and reduce cost with the world’s most intelligent test automation platform. Seeing is believing, so create your free account now!

Links to News Mentioned in this Episode

Time News Title News Link
0:25 Applitools https://rcl.ink/xroZw

0:57 Angie Jones leaving Applitools https://links.testguild.com/EheA4

1:47 Karate Labs https://links.testguild.com/6qZKq

2:30 Software Testing Book https://links.testguild.com/t9yTp

3:14 Ansible Azure Cloud https://links.testguild.com/3TxVX

3:53 MockLab https://links.testguild.com/GAZ2Z

4:48 Automation Guild 2022 Reg https://links.testguild.com/2GiHM

5:41 Tips performance testing https://links.testguild.com/TR0W7

6:15 AWS outage https://links.testguild.com/Rj44K

7:35 Log4j exploploit https://links.testguild.com/NC9CE

8:35  GitGuardian https://links.testguild.com/owGIF

News

[00:00:55] First up automation news? [00:00:55][0.0]

[00:00:57] I'm not going to lie. I'm still a little bit in shock when I saw this on Twitter, with Angie Jones announcing that she is not only leaving Applitools, but it sounds like she's also doing something outside of the testing space. So I've always thought Angie Jones must get hit up all the time for all kinds of opportunities. So I'm shocked but not shocked that this is happening. So because she probably gets hit up all the time for all kinds of opportunities, this must be an awesome, awesome change for her. So I can't wait to hear what a new opportunity is. I'm sure, it's going to be epic. And so, Angie, thank you for all you've done for the community, and I'm sure you will stick around because I know you're still going to be on the Applitools board, helping them with Test Automation University, so. So thank you again, Angie, for your automation awesomeness all these years. [00:01:46][49.0]

[00:01:47] Another announcement that caught my attention is that Peter Thomas announced that he's starting Karate Labs, a startup that's going to help you accelerate the development of web APIs by unifying API design documentation and test automation. So if you've been using karate, DSL for a while. It has a lot of love and GitHub over 5000 stars. It's really grown over the years, so we're really excited by this announcement, by Peter going all in by starting the startup. I always get excited when I see entrepreneurs in the testing space. Definitely. Follow Peter Thomas if your not already ready to find out all about this awesome new startup that he's running. So excited to see where you take this, Peter, and thank you for once again for your contributions to the testing space as well. [00:02:29][42.2]

[00:02:30] Also, did you see that Kristin Jackvony actually released a new book called The Complete Software Testers Concepts, Skills and Strategies for High Quality Testing Book? So if you look actually at the index of this book, if you click on the link and go to Amazon. So this book really is an essential guide for you if you're into testing that covers all areas of testing and especially really helpful for people that are new to testing and also experience testers. So if you actually look at the table of contents, I don't know why it's not coming up for me on Amazon, but it's very extensive, really quality stuff here. And hopefully I'll be able to get Kristin back on the podcast to talk all about this book. So like I said, just in time for Christmas, for some awesome stocking stuffers for that special tester in your life. So definitely grab a copy now. [00:03:13][43.5]

[00:03:14] So as you know, I always talk about how automation should be used, not just for UI functional items, but any place in the software delivery lifecycle that you can use a tool to help you automate a process. You definitely should. And so really excited about this next announcement. How Red Hat actually brings Ansible Automation to Microsoft Azure Cloud and the goal of this really is to help make it teams to bridge multiple I.T. environments using a common framework to automatically configure everything from operating systems to security platforms across a hybrid cloud computing environment. And if you know Ansible is one of the de facto standards for automating it, environment. So check that out and the links down below. [00:03:53][38.6]

[00:03:53] I was also surprised to see that UP9 bought API mockup in software testing firm Mock Lab. If you don't know, mocklab is actually the folks that brought us the open source application programing interface moking tool that a lot of testers use a lot of developers use called Wire Mock and U.P Nine sells tools for monitoring and testing cloud-native systems. Once again, a big trend. And so this really helps enhance up 9's already great offerings for API testing platform. And so it's going to help you use to mock APIs to simulate interface for many external systems to support testing, troubleshooting and prototyping. Without, having to rely on the real thing so hot trend cloud-native tools to help you use testing cloud-native apps and how companies like Up nine is now investing in tools to expand their current product portfolio to help you with testing. So cool development there as well. [00:04:48][54.5]

[00:04:48] So if you want to learn about these trends and all other trends and how you can really accelerate your automation career in the new year, you definitely should check out Automation Guild 2022. It's an online event dedicated 100 percent to help you succeed, by creating end-to-end full stack automation. It's taking place February 7th to the 11th. It's the 6th annual event that I've done. We have a lot of great speakers and sessions going over things that are really going to help you in the new year. Like API testing, Cypress automation, Selenium automation, but not just UI automation also going to be covering the last two days of the event performance testing, security, testing, chaos, engineering, all kinds of really essential tools, techniques, best practices and mindsets. You're going to need to help you with your automation efforts. So if you haven't already? Definitely check it out and register and hope to see you there. [00:05:38][49.7]

[00:05:39] Next up, performances site reliability news. [00:05:41][1.6]

[00:05:41] So I actually started my career as a performance engineer, so I always get excited when I see news items around performance testing. So here's some really great tips from the trenches for performance testing from the folks from Dynatrace. It's a really good interview done by Andy Grabner, and they just go over some really cool techniques on Don't be afraid to automate yourself out of a job and some other philosophies that Mike used to help him become a performance engineer and rock star. So definitely check it out. I think it's going to be some valuable tips that you should definitely know about with any type of testing, especially performance testing. [00:06:15][33.6]

[00:06:15] So if you do anything in technology, you probably were affected by last week's outage of AWS. Even for myself, my small business, all the tools I rely on were down because of AWS is pretty much for the whole day. So, you know, AWS went down, but you know why it went down. I have a really great write-up on LinkedIn by Lloyd Watts on some of the reasons why it went down and why it occurred. I always like seeing how people analyze outages to see what could have been avoided or why it occurred. And someone asked me on Twitter why I thought this was a site reliability and performance issue because we rely on AWS or one cloud type of provider. We need some sort of failover right? Because if it goes down, where's the redundancy? You should have some sort of thing that you fail over to. So you have a critical service that's needed by other companies utilizing your cloud service or your server or your web service. I definitely think you need to have a rollover plan where if something goes down, it elegantly goes over to something else so that you don't have these long outages. But that's just my opinion. I know it's very difficult to do, but it has a really good breakdown on when some of the reasons why AWS went down with a really great summary. So this is definitely a must-read as well, and I have a link for this down in the links below. [00:07:32][76.8]

[00:07:33] Next up, security news. [00:07:34][1.0]

[00:07:35] So this probably affects a lot of teams. If you're using log4j, there's a zero day exploit that was announced in this article actually goes as far as saying that it poses a grave threat to the internet. And the article talks about how exploit code has been released for a serious code execution vulnerability. And log4j, which is an open source logging utility that's used in countless apps, including those used by large enterprise organizations, several websites reported last Thursday. And it actually one of the first applications that showed up in was Minecraft. The issue can allow remote access to your computer through the serers you log into. This means any public server you go onto creates a risk of being hacked, so it's a huge, huge issue. So for the time being, people should pay close attention to this vulnerability and its potential to trigger a really high impact attacks against a wide variety of apps and service. So something definitely keep your eye on for sure. [00:08:35][59.7]

[00:08:35] And last is a follow the money segment. GitHub cybersecurity startup Guardian raised forty-four million dollars. So this article talks about how Guardian has announced it has raised 44 million in new funding to accelerate growth strategies, extend its secret detection solution to become a comprehensive code security platform. In the article really points out how developing and launching secure applications must be a shared responsibility between Dev SEC and cloud ops. So as I mentioned, any time you see money being thrown to a an issue, it's probably a flag to say you should pay attention to. The security is definitely something. As a tester, you need to know it's not some other type of testing. It's I believe it's critical for any tester to know about and just following companies. Getting investments like this just shows the importance of it that the market is seeing as well. [00:09:29][53.4]

[00:09:29] All right, for everything of value we covered in this news episode, head on over to links and the first comment down below in why they have. Make sure to check out our sponsor Applitools free account offer and discover how to take your automation testing to the next level by leveraging visual AI. [00:09:44][14.7]

[00:09:44] So that's it for this episode of the TestGuild new show, I'm Joe and my mission is to help you succeed in creating and end full stack pipeline automation testing. As always, test everyone and keep the good cheers. [00:09:44][0.0]

[518.2]

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

TestGuild News Show Feature Image