About This Episode:
Want to know why Selenium speakers are needed now? How do the folks at Slack do continuous load testing? And have you heard of the OWASP tool that helps you with security scanning up third-party dependencies? Find out the answer to these and all other end and full pipeline DevOps, automation testing, performance testing, and security testing in 10 minutes or less. In this episode of the TestGuild news show for the week of May 18th. So grab a cup of coffee or tea and let's do this.
This episode of the TestGuild News Show is sponsored by the folks at Applitools. Applitools is a next-generation test automation platform powered by Visual AI. Increase quality, accelerate delivery and reduce cost with the world’s most intelligent test automation platform. Seeing is believing, so create your free account now!
Applitools Free Account https://rcl.ink/xroZw
Links to News Mentioned in this Episode
|Time||News Title||News Link|
|0:27||Create a FREE Applitools Account||https://rcl.ink/xroZw|
|0:56||Playwright v1.21 is out!||https://links.testguild.com/2b3XO|
|1:26||Reshaping Software Testing Training.||https://links.testguild.com/PO207|
|2:05||Applause Report Surfaces Functional Testing Issues||https://links.testguild.com/Qd3KV|
|3:29||Durham software testing firm Hexawise is acquired by Texas firm||https://links.testguild.com/1n9gR|
|4:07||Selenium Conf is back! (Call for Proposals Last Week)||https://links.testguild.com/p2eu0|
|4:54||Deployment-time testing with Grafana k6 and Flagger||https://links.testguild.com/kjkV5|
|6:03||App performance monitoring platform Sentry nabs $90M||https://links.testguild.com/oBF9h|
|7:06||Continuous Load Testing||https://links.testguild.com/yqMe9|
|7:51||OWASP dependency check||https://links.testguild.com/GNqm8|
|8:26||Path traversal flaw found in OWASP enterprise library of security controls||https://links.testguild.com/3WN6n|
First up, automation news.
All right this is for all the playwright automation engineers out there. Playwright version 1.21 is out and includes things like universal retrying assertions. It has a new scale screenshot option, image diff slider and a bunch of other things, and you can actually watch an overview of the new version on YouTube as well. ……., so thank you, folks playwright for continually updating this awesome automation test tool.
And it looks like the folks at the Ministry of Testing are up to something. I've seen a few posts on this new way of training that they've been promoting. For example, Richard Bradshaw recently posted on LinkedIn that they're working on reshaping software, testing, training and to learn more. He actually has a whole post on this topic of what they actually mean by reshaping software, testing, training, and it looks like a really cool open source curriculum and it just goes into detail why this is needed, what the plan is, and also how to get involved. So really good opportunity now to get involved in that because it seems like a really cool initiative. Once again, from the folks at Ministry of Testing.
So I recently found a report actually analyzes more than 340,000 bugs that were collected. So let's dive in really quick to some of that data. So this is based on the State of Digital Quality report, which is by a company called APPLAUSE, and based on their analysis of what they've seen, functional bugs accounted for 68% and issues found. The research gathered data from over 13,000 mobile devices, 1000 unique desktops running 500 versions of operating systems. And they found that the majority of issues that can be traced to functional bugs compared to visual 17% and content 9%, crashes 4% and lag and latency 2%, issues that collectively only add up to 32%, the report found. The report also mentions that screenreaders compromised 66% of all accessibility bugs compared to keyboard navigation issues and insufficient color contrast, which account for only 12%. And based on data they collect from customers, nearly half of organizations around 47% identified currency and number formatting as the most valuable bugs to identify when it comes to localization and also has a quote from Luke Damian, who is the chief growth officer for applause, who said, When it comes to testing in general, there's still not enough focus on user and customer journeys. So definitely check out that report and all the results in the link down below.
So I know how many folks have heard of Hexawise. They have been around for a while? I've heard a lot of great things about them. They actually were just recently acquired. So some really quick news here. It doesn't go into how much it was actually sold for? But the company Indera is who acquired them. They also have a lot of other DevOps testing tools they've been acquiring, which include things like test rail, X-ray, X-ray Porter, Travis CI. So Hex Wise is kind of unique in that it's really helps you at creating test designs and helps you find the most efficient mix of test coverage and efficiency. So if you've never checked it out. Once again, I highly recommend you do and I'll have look for it in the first comment down below.
So I was recently speaking, it's one of my favorite opensource contributors, Manoj Kumar, and he mentioned that SeleniumConf is still looking for speakers. So if you don't know, the conference is back there now accepting proposals for talks and workshops and training for Selenium conference India 2022 if you do anything with Selenium, you probably have encountered a unique challenge and how you've overcome it using Selenium or some sort of testing technique that I'm sure the folks at SeleniumConf would love to hear about. So if you haven't submitted your talk a topic yet, I highly recommend you do. I think it's a great opportunity to get yourself out there and share with the community. You're automation awesomeness with the rest of us. So I highly recommend you submit your proposal. You only have one week left.
Next up, performance and Site Reliability News.
So the folks at Grafana k6 keep releasing awesome blog posts. This latest one is deployment time testing using Grafana k6 and Flagger. And to be honest, I didn't even know what flagger was. So that's why I love reading this. Have articles. Flagger looks to be a progressive delivery operator for Kubernetes, and this article goes into when building and deploying applications. One increasingly popular approach these days is to use microservices in Kubernetes, and it provides an easy way to collaborate across organizational boundaries and it's a great way to scale. However, it comes with operational challenges and one big issue is that it's difficult to test the microservices in a real-life scenario before letting production traffic reach them. So this post actually dives into the tools that they use at Grafana labs to test integration between their various services and deployment time for every changeset using k6 to test their services and Flagger to handle the interactions with Kubernetes and a whole bunch more. So using k6 or using Kubernetes, I highly recommend you check out this article for sure and let me know what you think.
So this next article is a Follow the Money segment. It's how App performance monitoring platform Sentury nabs $90 million. If you don't know, Sentry is an application performance monitoring platform used by some of the world's biggest companies. It's raised more than 90 million in series E round funding and helps large companies track all their software behavior metrics and troubleshoot errors. Resolved performance bottlenecks such as ill-performed API calls or slow database queries. And more so it's really used to optimize software performance. It's just another clear sign that we've been talking about it for a while here and when I predicted earlier this year, how there is a more of a focus on all things that can be tested, functional and nonfunctional and performance is one of these have really a bubble up and I've seen a lot of companies acquiring performance companies but I'm also seeing a lot of these monitoring tools being acquired as well. So they keep saying if you're not into performance, or you're not doing performance testing at all and you're a tester. It's definitely a skill I think you need and it's really going to benefit you going into the coming years.
So speaking of that, there's also been a emphasis on getting performance testing integrated in your software pipelines. So a lot of companies are starting to embrace continuous load testing, but it's a really tricky problem if you've never done it before. But I found an article that actually shows you how a company, Slack, actually integrates continuous testing and how they've done it to build load test infrastructure to make it so it's easier to do it. I'm not sure if you've heard, but Slack has been really working to make load testing a core concern for all engineers and, actively moving from a reactive approach to performance to a more integrated effort. And this article really comes in handy and how they actually do that. So I really think this article is a must-read and I highly recommend you check it out.
Next up, security testing news.
So this next article comes your way via LinkedIn from my friend Akshay when he talks about how in recent light of like log4G issues it's important to take care of third party dependencies, I couldn't agree more. And he actually drops a link to a tool that helps you exactly focus on security scanning of third-party dependencies called OWASP Dependency-Check Project. It's simple to use free and he's found it a great value to use. I definitely agree. Really a great resource so thank you Akshay, for notifying me and letting me know about this awesome tool.
And speaking of, OWASP there is actually a teachable moment here on how path traversal flaws were found in OWASP Enterprise, Library of Security Controls. So obviously OWASP jumped on this right away. They fixed the vulnerability and it's enterprise security API that if unresolved, might have been abused to run path traversal attacks. And even if they had limited impact, they did list out some lessons to learn which you can take away from as well. While the vulnerability in play is unlikely to be exploited or even less likely to cause major harm, the bug did offer lessons for software developers. One thing application developers using libraries should use software composition analysis SCA tools and know its limits. Some SCA tools only find vulnerabilities reported indirect dependencies, but not in transitive dependencies. And if you decide not to patch, then you need to do deep-dive analysis to see exactly how vulnerabilities in some libraries impact your application and what types of mitigation controls you could put into place.
All right. For links to everything that we covered in this news episode, head on over to the links and the first comment down below. And while you are there sure to check out our awesome sponsor Applitools Free Account Offer and discover how to take your automation testing to the next level. Leveraging Visual AI.
So that's it for this episode of the Test Guild news show. I'm Joe and my mission is to help you succeed in creating e2e full-stack pipeline Automation awesomeness. As always, test everything and keep the good. Cheers!