AI Test Data and Vulnerabilities TGNS35

Published on:
TestGuild News Show Feature Image

About This Episode:

Can you use AI to help create synthetic test data for your automated tests? What major performance tools vendor now has full support for chaos engineering events? Did you hear about the latest security Vulnerabilities found in GitHub that could impact millions?
Find out the answers to these and other end-to-end full pipeline DevOps, automation, performance, and security testing in this episode of the test guild news show for the week of March 20th.

Exclusive Sponsor

This episode of the TestGuild News Show is sponsored by the folks at Applitools. Applitools is a next-generation test automation platform powered by Visual AI. Increase quality, accelerate delivery and reduce cost with the world’s most intelligent test automation platform. Seeing is believing, so create your free account now!

Applitools Free Account https://rcl.ink/xroZw

Links to News Mentioned in this Episode

Time News Title Link
0:27 Applitools FREE Account www.rcl.ink/xroZw
0:57 GameDriver: www.links.testguild.com/SKKaI
2:12 Remix Webinar: www.links.testguild.com/yTp7T
3:00 Synthetic  Test data: www.links.testguild.com/l0etM
3:50 LoadRunner Chaos: www.links.testguild.com/iXyLQ
4:53 Load Testing with GitHub Actions: www.links.testguild.com/lWbGp
5:32 2022 SRE Report: www.links.testguild.com/xVD3s
6:31 CyCognito : www.links.testguild.com/09rCD
7:34 Kubernetes vulnerability : www.links.testguild.com/ooc2i
8:20 GitHub Vulnerabilities: www.links.testguild.com/2CEv7

News

[00:00:56] First up, automation news. [00:00:57][1.1]

[00:00:58] So Game Dev Driver, the gaming industry's first out of the box automation testing solution, has just received two million in seed round funding. This news made me really happy for Shane Evans and all the folks that Game Driver. They've been a big supporter of Guild Conferences for a while, and Shane has done a lot for the community. So really excited to see that his innovation in the gaming automation testing space is being well now well received by venture capitalists. So that's awesome. And if you don't know, game drive.io Is a automated testing solution for video games, VR, AR and other immersive experiences and the folks that invested in Game Driver said that they're we're really excited to be part of a milestone advancement in addressing the numerous challenges facing testing processes in the game vertical. So I said all the time, I know I sound like a broken record, but I always look for key indicators in the industry. And as we see as time goes on, I think more and more folks are going to have to automate things not only just games, but VR or alternate reality. All those other types of applications we'll need tooling for it. Game show radio is one of the first and I've actually seen jump into the space. So really excited for this. If you haven't tried GameDriverIo, I highly recommend you check it out and I'll have a link for this in the first comment down below. [00:02:11][73.4]

[00:02:12] So I was also excited to see this next free resource I saw from Kent C Dodds and the folks at Applitools teaming up to come up with a webinar on building an excellent user experience with Remix. So Kent is really knowledgeable, and he's usually up really ahead of the curve on a lot of frameworks and a lot of technologies. So I don't know much about Remix, but apparently it's a web framework that uses the web platform to enable you to build excellent user experiences. I've been hearing more about UX and the need for UX, and it's going to be going over why modern web techniques lead to poor user experiences and how remix scales down for simple solutions and up for complex solutions with a single mental model. So if you do anything with UX testing or you want to know more about Remix, I highly recommend you check out this webinar and I have a link for it and the first comment down below. [00:03:00][48.2]

[00:03:01] So we talk about AI all the time on the show, but this next news item was, I think it's a really good implementation of using machine learning A.I, and that's to help create synthetic test data for your automated test. So this article goes into detail on how artificially generated data can be used in place of real historical data to train AI models when actual data sets are lacking in the quality volume of variance. My thought was really cool is one of the synthetic use cases that they recommend. Using this for, which are many was specifically for software testing, and it goes over how using real data to test new software can create privacy and security problems and synthetic data. That looks like real data but isn't allow the software to be tested across the full gamut of use cases without pulling real data at risk. [00:03:47][46.2]

[00:03:47] Next up, is performance in Site Reliability news. [00:03:50][2.1]

[00:03:50] So LoadRunner Professional 2022 has been released and has a cool new feature. I was really excited to see in that main feature that they highlight in this particular release is all around chaos engineering and how they're actually going to be partnering with Gremlin for full support of chaos engineering events and how this can actually be added during your test design, which is really cool, and talks about how this new capability will allow LoadRunner professional customers to take advantage of benefits like testing the resilience of your systems, finding faults before they hit production, introducing chaos, engineering events in a controlled non-production environment, being able to use the collective measurements in the LoadRunner analysis and support for multiple scenarios. So if using LoadRunner, you're probably really excited to hear this announcement as well. If you're not using LoadRunner Chaos engineering is definitely something I've been hearing a lot about last year, the year before. I think it's going to be even growing more and more as the years go on. So if you're not doing chaos engineering to Check out Gremlin and other solutions in this space as well, because I think more vendors besides LoadRunner are going to get involved in chaos engineering as well. So it's good to know. [00:04:53][63.1]

[00:04:53] Also, did you know you can actually do simple lad testing using GitHub actions? And this article actually shows how to use. GitHub actions to load test benchmark and validate HTTP and gRPC services, with service level objectives. It has a nice little example of how HTTP load testing with the iterarate GitHub action can be done. It also goes over benchmarking SLO validation. It's a really cool use of GitHub actions of using GitHub actions, and you haven't done any type of load testing before. This is probably a good way. Maybe just to get acquainted with is load testing. Try some simple examples before you actually scale up into more enterprise type solutions. [00:05:32][38.2]

[00:05:32] I also came across the 2020 state of SRE report. I think this is by Dynatrace that goes over some key findings in Site Reliability engineering they should know about. The research reveals that 88 percent of SRE say they are now more understanding of strategic points of their role than there was three years ago. SRE is currently dedicate the largest amount of the time to reducing meantime to recovery. In that 99 percent of SRE encountered challenges when defining creating silos to evaluate service levels for applications and infrastructure. So I recommend you check out this report. Learn more about why a SRE is so important nowadays, especially as you know, reliability, experience and security have become critical success factors in a world where every second of downtime really leads to things like loss revenue, declining share prices and lasting reputation damage. So check that out in the link. The first comment down below. [00:06:28][55.4]

[00:06:29] Next up, security news. [00:06:30][1.0]

[00:06:30] And so our first security article goes over how exploit intelligence can be used to accelerate risk remediation. Just another use of AI machine learning I've seen beyond just functional automation. So what I love about the new show, I'm always finding news items, and based on the news items I find about new tools, this one is on CyCognito, which I've never heard about before. In CyCognito announced that they now have exploit intelligence, which offers an end solution that helps you prioritize which risk to remediate immediately before they are exploited. By proactively discovering external assets, testing vulnerabilities, and providing expert threat and risk-based insight. Like I said I'd never heard of CyCognito when I clicked on it. It seems like a cool solution as a SaaS platform that helps you to automate attack techniques to test and protect your organization. So just another form of testing I think everyone needs to be doing nowadays and using tools like this is taking up more and more essential. So check it out in the link down below. [00:07:27][56.3]

[00:07:27] And so I know a lot of people have been using Kubernetes more and more recently are based on people I talked to on the podcast. And so this next news article can definitely impact a lot of folks listening. So definitely check this out. This article talks about a newly discovered vulnerability in the Kubernetes container runtime engine, so this really just goes on to talk about the underscoring growing need to better protect Kubernetes environments from malicious actors. And it goes on to say how this allows malicious attackers to wiggle around safeguards and enable arbitrary kernel parameters on the hosts, which result and what they can escape from the Kubernetes containers and actually eventually obtain root access on the hosts being able to move anywhere in the cluster that they want to perform a variety of different actions, including infiltrating data or deploying malware or ransomware. So just a real eye opening article that you definitely should read if you're doing anything with Kubernetes. [00:08:19][52.0]

[00:08:20] Besides Kunerneties another vulnerability that I came across was actually found in the open source project on GitHub, which could impact millions. This actually was found on Friday. Researchers have discovered critical vulnerabilities in several popular open projects, each which can cause a supply chain attack through the Continuous Integration process and actually found this vulnerability in misconfigured GitHub action workflows, which could impact millions of potential victims. And a lot of this was caused by workflows which were missing proper input sanitizing, which could allow malicious actors to inject code into the builds through issues and comments, as well as accessing privileged tokens. So if using GitHub actions, definitely check out your workflows. Make sure that you're not open to this exploit vulnerability as well,. [00:09:08][47.6]

[00:09:09] And for links to everything of value we covered in this episode. Make sure to scroll down and check out that first comment down below. Where I embed timestamps and have all the links to everything we talked about in this particular episode. [00:09:21][12.1]

[00:09:22] And while you're there make sure to click on that very first link on how to create a free account. Applitools to discover how to take your automation testing to the next level by leveraging visual AI. [00:09:32][10.0]

[00:09:32] So that's it for this episode of the TestGuild new show. Once again, I'm Joe and my mission to help you succeed in creating end full stack pipeline automation awesomeness as always to test everything and keep the good. Cheers! [00:09:32][0.0]

[506.6]

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
TestGuild News Show Feature Image