This document provides an overview and roadmap for a workshop on testing with Spock and Gradle. It introduces Spock and how to write specifications and feature methods using Spock's domain-specific language. It walks through examples of creating specifications to test races, voyages, spaceships, weapons damage, exceptions, interactions, and other features. It also discusses extensions, timeouts, ignoring tests, shared objects, and other Spock mechanisms. Finally, it provides an introduction to using Geb for browser-based testing with Spock.
This presentation walks the reader through implementing a simple web application and its tests using Python, Flask, and the Pytest testing framework. Emphasis is placed on following the process of test-driven development (TDD) in creating the application.
Book review: Working Effectively with Legacy Code, by Michael C. Feathers
Agenda
- The mechanics of change
- Changing software
- Dependency breaking techniques
This session is for developers who need to work on code projects that where written without good unit-testing.
Unit testing and test-driven development are practices that makes it easy and efficient to create well-structured and well-working code. However, many software projects didn't create unit tests from the beginning.
In this presentation I will show a test automation strategy that works well for legacy code, and how to implement such a strategy on a project. The strategy focuses on characterization tests and refactoring, and the slides contain a detailed example of how to carry through a major refactoring in many tiny steps
This presentation walks the reader through implementing a simple web application and its tests using Python, Flask, and the Pytest testing framework. Emphasis is placed on following the process of test-driven development (TDD) in creating the application.
Book review: Working Effectively with Legacy Code, by Michael C. Feathers
Agenda
- The mechanics of change
- Changing software
- Dependency breaking techniques
This session is for developers who need to work on code projects that where written without good unit-testing.
Unit testing and test-driven development are practices that makes it easy and efficient to create well-structured and well-working code. However, many software projects didn't create unit tests from the beginning.
In this presentation I will show a test automation strategy that works well for legacy code, and how to implement such a strategy on a project. The strategy focuses on characterization tests and refactoring, and the slides contain a detailed example of how to carry through a major refactoring in many tiny steps
KiwiPyCon2011, Wellington, Sunday, Track 1, Automated testing in Python and beyond by Brenda Wallace, Open source hacker @ Weta Digital. Python libraries and extensions. A short intro to unitest and why they are so good for you.
Overview of python unittests and nose, and comparison to popular unittesting frame works in other languages, including perl, php, ruby, java, scala, erlang.
A brief introduction about the art of unit test, how to test a class, mock a collaborator and use a fake database. TDD is introduced. Code for exercises is available on github along with a detailed explanation. Examples and exercises are written in Java.
You’re finally doing TDD, but your past mistakes are catching up with you. No matter what you do, you can’t get rid of the gaping black holes caused by your legacy code.
In this presentation, we learn about the causes of legacy code and the reasons it is so difficult to work with. Then we discuss various techniques to test untestable code, revive and simplify incomprehensible code, redesign stable yet untested code, and repair that rift we created in the time-space continuum.
Cpp Testing Techniques Tips and Tricks - Cpp EuropeClare Macrae
Links from the talk are available at:
https://github.com/claremacrae/talks/blob/master/Cpp_Testing_Techniques_Tips_and_Tricks.md#top
An assortment of practical patterns and techniques to make it easier to write effective automated tests of C++ code, both old and new.
Clare will share some valuable techniques for easier handling of commonly troublesome testing scenarios. Whatever test framework you use, you will take away practical ideas to writer tests more easily and more effectively, to handle challenging automated test scenarios.
This talk is independent of test frameworks, and even covers a little for those creating Qt desktop applications.
Stopping the Rot - Putting Legacy C++ Under TestSeb Rose
Presentation given at the ACCU 2011 Conference in Oxford, UK.
Case study of applying unit test to the DOORS codebase. Includes a quick overview of unit test & the Google Test and Mock libraries. Also 3 specific refactoring examples shown.
Working Effectively with Legacy Code: Lessons in PracticeAmar Shah
Code rots. Even the best designs can fall into chaos, weighed down by changing requirements, hard-coded dependencies, and overzealous cut-and-paste. Eventually, the mess has to be cleaned up, but there's just one problem: There are no tests. No one knows exactly what the code is supposed to do. You will think you're fixing it, but instead you'll break it--and you won't even know.
A few months ago, I inherited just such a mess. In this talk, I'll explore Michael Feathers' classic Working Effectively with Legacy Code, a comprehensive and accessible guide to refactoring the even the ugliest, most neglected code bases. Using real examples, I'll explain how Feathers' techniques are working for me.
The presentation contains a definition and survey of the benefits of Unit Testing, and a little coding example to get the feeling of Unit Testing using JUnit, EasyMock and XMLUnit.
In this core java training session, you will learn Exception Handling. Topics covered in this session are:
• Exception Handling
• Exception Class hierarchy
• Types of Exception
• Keywords for Exception Handling
For more information about this course visit on this link: https://www.mindsmapped.com/courses/software-development/learn-java-fundamentals-hands-on-training-on-core-java-concepts/
Mockito vs JMockit, battle of the mocking frameworksEndranNL
(Original keynote slides can be found at https://github.com/Endran/PublicSlides)
For years the industry standard of mocking on the JVM has been Mockito. Mockito is a wonderful library that really speeds up your testing by allowing you to create mocks in a very simple way. That being said, it does have its drawbacks, for which different strategies need to be deployed to keep your code testable. The main drawbacks are statics and finals. Final classes cannot be mocked, nor final methods, and also static methods are a no-go. To work with these type of things we need to wrap it, and copy the signature in a non final, non static way.
I have a great adversity against statics, I've devoted an entire post about it, in short; It hides dependencies and brings so little convenience at the costs of its drawbacks. Finals on the other hand have purpose, it helps messaging the goal of a class or method. Java is one of the few languages where classes and methods are open/virtual by default and have to be closed/final by explicit action. In (for example) Kotlin, everything is final by default, if you do not want something to be final, you should use the open keyword.
No matter if you follow the principle of making things final, static or not, if you are using Mockito the decision has been made. This mocking framework demands that everything is non-final, demands that everything is designed to be extended, since it might need to be mocked away. We should be able to improve upon this, and by the name of this post, you should be able to guess which framework will save the day. JMockit will help us with our impediments, and will give some other nifty benefits as well!
During this workshop a practical example of a web application will be developed. Its nature will be ludic (based on Sesame Street characters) but complex enough to put into spot the different features of Grails likewise as Domain Classes, Validators, GORM, Controllers, Services, Testing, etc. Everything will be developed using Groovy/Grails Tool Suite.
This workshop will cover all the commands necessary from the beginning of the project to its end, as well as the fine settings required to run it properly. The whole point will underline what Grails specific traits are over the other rapid development models in use at the moment.
All necessary program code to develop the workshop application will be supplied in advance to the attendants.
KiwiPyCon2011, Wellington, Sunday, Track 1, Automated testing in Python and beyond by Brenda Wallace, Open source hacker @ Weta Digital. Python libraries and extensions. A short intro to unitest and why they are so good for you.
Overview of python unittests and nose, and comparison to popular unittesting frame works in other languages, including perl, php, ruby, java, scala, erlang.
A brief introduction about the art of unit test, how to test a class, mock a collaborator and use a fake database. TDD is introduced. Code for exercises is available on github along with a detailed explanation. Examples and exercises are written in Java.
You’re finally doing TDD, but your past mistakes are catching up with you. No matter what you do, you can’t get rid of the gaping black holes caused by your legacy code.
In this presentation, we learn about the causes of legacy code and the reasons it is so difficult to work with. Then we discuss various techniques to test untestable code, revive and simplify incomprehensible code, redesign stable yet untested code, and repair that rift we created in the time-space continuum.
Cpp Testing Techniques Tips and Tricks - Cpp EuropeClare Macrae
Links from the talk are available at:
https://github.com/claremacrae/talks/blob/master/Cpp_Testing_Techniques_Tips_and_Tricks.md#top
An assortment of practical patterns and techniques to make it easier to write effective automated tests of C++ code, both old and new.
Clare will share some valuable techniques for easier handling of commonly troublesome testing scenarios. Whatever test framework you use, you will take away practical ideas to writer tests more easily and more effectively, to handle challenging automated test scenarios.
This talk is independent of test frameworks, and even covers a little for those creating Qt desktop applications.
Stopping the Rot - Putting Legacy C++ Under TestSeb Rose
Presentation given at the ACCU 2011 Conference in Oxford, UK.
Case study of applying unit test to the DOORS codebase. Includes a quick overview of unit test & the Google Test and Mock libraries. Also 3 specific refactoring examples shown.
Working Effectively with Legacy Code: Lessons in PracticeAmar Shah
Code rots. Even the best designs can fall into chaos, weighed down by changing requirements, hard-coded dependencies, and overzealous cut-and-paste. Eventually, the mess has to be cleaned up, but there's just one problem: There are no tests. No one knows exactly what the code is supposed to do. You will think you're fixing it, but instead you'll break it--and you won't even know.
A few months ago, I inherited just such a mess. In this talk, I'll explore Michael Feathers' classic Working Effectively with Legacy Code, a comprehensive and accessible guide to refactoring the even the ugliest, most neglected code bases. Using real examples, I'll explain how Feathers' techniques are working for me.
The presentation contains a definition and survey of the benefits of Unit Testing, and a little coding example to get the feeling of Unit Testing using JUnit, EasyMock and XMLUnit.
In this core java training session, you will learn Exception Handling. Topics covered in this session are:
• Exception Handling
• Exception Class hierarchy
• Types of Exception
• Keywords for Exception Handling
For more information about this course visit on this link: https://www.mindsmapped.com/courses/software-development/learn-java-fundamentals-hands-on-training-on-core-java-concepts/
Mockito vs JMockit, battle of the mocking frameworksEndranNL
(Original keynote slides can be found at https://github.com/Endran/PublicSlides)
For years the industry standard of mocking on the JVM has been Mockito. Mockito is a wonderful library that really speeds up your testing by allowing you to create mocks in a very simple way. That being said, it does have its drawbacks, for which different strategies need to be deployed to keep your code testable. The main drawbacks are statics and finals. Final classes cannot be mocked, nor final methods, and also static methods are a no-go. To work with these type of things we need to wrap it, and copy the signature in a non final, non static way.
I have a great adversity against statics, I've devoted an entire post about it, in short; It hides dependencies and brings so little convenience at the costs of its drawbacks. Finals on the other hand have purpose, it helps messaging the goal of a class or method. Java is one of the few languages where classes and methods are open/virtual by default and have to be closed/final by explicit action. In (for example) Kotlin, everything is final by default, if you do not want something to be final, you should use the open keyword.
No matter if you follow the principle of making things final, static or not, if you are using Mockito the decision has been made. This mocking framework demands that everything is non-final, demands that everything is designed to be extended, since it might need to be mocked away. We should be able to improve upon this, and by the name of this post, you should be able to guess which framework will save the day. JMockit will help us with our impediments, and will give some other nifty benefits as well!
During this workshop a practical example of a web application will be developed. Its nature will be ludic (based on Sesame Street characters) but complex enough to put into spot the different features of Grails likewise as Domain Classes, Validators, GORM, Controllers, Services, Testing, etc. Everything will be developed using Groovy/Grails Tool Suite.
This workshop will cover all the commands necessary from the beginning of the project to its end, as well as the fine settings required to run it properly. The whole point will underline what Grails specific traits are over the other rapid development models in use at the moment.
All necessary program code to develop the workshop application will be supplied in advance to the attendants.
Log -Analytics con Apache-Flume Elasticsearch HDFS KibanaFelix Rodriguez
I’ve recently started learning more about the tools and technologies that fall under the loose umbrella term of Big Data, let´s try to include getting Apache log data into Hadoop, and bringing Twitter data into Hadoop via ElasticSearch.
Desde una aplicación web simple, previamente desarrollada, basada en la serie televisiva expediente X (X-Files), el objetivo será establecer la autenticación y autorización de usuarios de recursos de la aplicación web, como securizar la invocación de los métodos de los componentes de negocio. Se establecerá una configuración de seguridad mínima inicial, que se completará con mecanismos más sofisticados, a continuación. Todo ello, haciendo hincapié en las novedades de la versión 3.x de Spring Security como el uso de SPEL, anotaciones, espacio de nombres, configuración Java, etc. Los asistentes podrán ver muchas de las características que implementa Spring Security para establecer mecanismos de seguridad en las aplicaciones JEE. Las herramientas a utilizar serán Spring Tool Suite 3.6, Springframework 3.2, Maven 3 y Spring TC Server 2.9.
Tutorial Introductorio a Big Data, Hadoop y sus tecnologías asociadas (Hive, Pig, HBase, HDFS), etc. Presentado en el XVIII Congreso Iberoamericano de Ingenieria del Software (CIBSE). Peru. Lima. Abril del 2015.
Introducción a esta base de datos NoSQL que permite desarrollar aplicaciones altamente escalables gracias a su velocidad (100k operaciones por segundo en un ordenador corriente) y su capacidad de trabajar en varios nodos.
Conociendo los servicios adicionales en big dataSpanishPASSVC
Todos han empezado a usar y a conocer Hadoop y HDInsight, en parte los lenguajes usados para su consumo, pero poco se hablado de los servicios complementarios que pueden enriquecer la experiencia BigData, conozca estos servicios y su aplicación.
The Diabolical Developer's Guide to Surviving Java 9jClarity
The Diabolical Developer presents a pragmatic guide on running and compiling your application on Java 9. There are a lot of new resrtictions due to the Java 9 modular runtime, so make sure you read through carefully before your migration!
JUnit 4 Can it still teach us something? - Andrzej Jóźwiak - Kariera IT Łodź ...Andrzej Jóźwiak
It's been two years since JUnit 5 was released thus ending the incontestable rule of JUnit 4. But was this the definitive end of forth version? We are constantly encountering projects in which JUnit 4 is the only option either due to maintenance, company policies or developer habits.
Can JUnit 4 allow us to create specifications from our test code? Can we dip into property based testing and create theories about the our code? Are there any useful things that we usually don't remember about?
During the lecture, we will get acquainted with the less known features of JUnit 4 and discuss whether it is worth using them in the day to day work.
This is a 90 min talk with some exercises and discussion that I gave at the DHS Agile Expo. It places DevOps as a series of feedback loops and emphasizes agile engineering practices being at the core.
Slide del corso di AngularJs Intermediate tenuto da LinkMe. Si affronteranno argomenti come l’estensione dell’html tramite direttive, la gestione di chiamate a un server API, crud e non solo, gestione di errori del server, validazione di form e alcuni principi del testing automatico.
Java 9 ships in July, are you ready for Java 9 modules? Java 9 modules (aka Project Jigsaw) is the biggest fundamental change to the Java runtime. Code that use Oracle/Sun private APIs will break. This session will cover the basics of Java 9 modules and also the current state of tooling. The ramifications to existing and legacy applications will be covered along with the steps you’ll need to take to harness the power of modules and write more maintainable systems.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
10. Hands on!
Before start, you have to…
1. Start Groovy/Grails Tool Suite 3.6 (GGTS) and create a workspace (remember run
it with a JDK and install the gradle extension for eclipse). Groovy 2.4 compiler as
well.
2. Download http://pronoide.com/downloads/greach-workshop-2015.zip
and unzip it into workspace folder. Or take it from
https://github.com/fredondo/greach2015-spock-workshop
3. Hold on! Please wait me right here…
11. Stage I: Import the workshop project
i. Import gradle Project (enterprise.mission)
12. Specifications
- Test classes are named Specifications
- All specifications (Specs) must extend from
spock.lang.Specification
- Each specification must have at least ONE test
method, all of these are called feature methods
- The most simple assert within a feature method is the
expect block, all its sentences must be evaluated to
true so that the feature will be OK
14. Stage II: Creating Specs
Complete the following specification and acomplish the challenges
(org.startrek.challenges.n01.RacesSpec)
15. Stage II: Creating Specs
Did you get it right?
(org.startrek.solutions.n01.RacesSpec)
16. Stage II: Creating Specs
• Run the spec class as JUnit test
• Or execute the test gradle task (gradle quick task launcher)
17. Specfication methods
- Within any specification we can found
- Feature methods (or test methods) with diferent
blocks of code for stating the scenario under spec
- Fixture methods that will be called automatically
before or after any single feature methods or before
and after the specification:
- setup, cleanup, setupSpec and cleanupSpeck
- Helper methods that can be called at any time from
other methods and can be convenient for code clarity
and code reuse
18. Stage III: Inside the Specs
Complete the following specification and acomplish the challenge
(org.startrek.challenges.n02.VoyageSpec)
19. Stage III: Inside the Specs
This is not rocket science (org.startrek.solutions.n02.VoyageSpec)
20. Whoami
• Entrepreneur and Business Manager at
Pronoide since 2003
• Currently working for Hybris (SAP) as technical
trainer
• Java & Friends Trainer
• Doing things with Java from 1999 on
• Computer Engineer
• Happily married and proud father of two children
• Not that Trekky (Sure!)
21. Stage IV: Inside the feature
Complete the following feature methods and probe your courage
(org.startrek.challenges.n03.SpaceshipSpec)
22. Stage IV: Inside the feature
Easy peasy!! (org.startrek.solutions.n03.SpaceshipSpec)
23. Feature method blocks
- These are the kinds of blocks (continuation):
- when and then blocks always occur together. They describe
a stimulus and the expected response. when blocks can
contain arbitrary code, then blocks are restricted to
conditions, exception conditions, interactions, and variable
definitions (which mean more options available that for
expect blocks). There can be multiples pair ocurrencies
within a feature.
24. Stage IV: Inside the feature
Fill in the next feature method if you dare!
(org.startrek.challenges.n03.StarfleetSpec)
25. Stage IV: Inside the feature
It was piece of cake!! (org.startrek.solutions.n03.SpaceshipSpec)
26. Feature method blocks
- These are the kinds of blocks (cont.):
- A where block always comes last in a feature method, and
cannot be repeated. It is used to write data-driven feature
methods. As a matter of convenience it can be written in
two different ways:
- A row per variable with the << symbol
- A column per variable with | symbol
- A data-drive feature method can be annotated with
@unroll, in that case, the method will be invoked multiple
times with the provider data variables. these can be used in
the method description with placeholders (#). For each
iteration the placeholders are replaced with correct values.
27. Stage IV: Inside the feature
The thing gets tougher!
(org.startrek.challenges.n03.WeaponsDamageSpec)
28. Stage IV: Inside the feature
As easy as pie!! (org.startrek.solutions.n03.WeaponsDamageSpec)
29. Testing exceptions
- In order to deal with specification that
throw or not exceptions, Spock provides the
following exception conditions
- thrown(ExceptionClass) and notThrow(ExceptionClass)
- It’s also possible to get the exception instance, to
access its atributtes:
def ex=thrown()
30. Stage V: Exception Conditions
Complete these two features
(org.startrek.challenges.n04.DestructionSpec)
31. Stage V: Exception Conditions
Keep it up! (org.startrek.solutions.n04.DestructionSpec)
32. Interactions
- Interaction-based testing is a design and testing
technique that focusing more on the behavior of
objects rather than their state, it explores how the
object(s) under spec interact, by way of method
calls, with their collaborators
- We need to mock the collaborator implementations via
def colaborator=Mock(Class) Or Class colaborator=Mock()
– Mocks are usually created using Dynamic Proxies or cglib
– we can track interactions with collaborators within then block:
when:
spock.teletransport()
then:
1 * transporter.use()
35. Useful stuff
- In daily life Spock use, we usually will make use of:
- Share objects among feature via @Shared class
attributes, other way they won’t share them
– There are two kinds of conditions to validate a feature: Implicit
and Explicit. Implicit conditions appear in expect and then blocks.
To use conditions in other places, you can use assert keyword
– Sometimes feature methods are large or contain duplicated code.
It can make sense to introduce helper methods
– Specifications as Documentation, Spock provides a way to attach
textual descriptions to blocks
When: “everything start”
– You can leverage the use of Hamcrest
36. Stage VI: Other mechanisms
In the following spec identify with mechanisms are used
(org.startrek.challenges.n06.MoviesSpec)
37. Stage VI: Other mechanisms
No brainer (org.startrek.solutions.n06. MoviesSpec)
38. Extensions
- Spock offers lots of functionality for writing specs. But, there
always comes a time when something else is needed. Spock
provides an interception-based extension mechanism.
Extensions are activated by annotations called directives.
These are some directives:
- @Timeout Sets a timeout for execution of a feature or fixture
- @Ignore Ignores a feature method
- @IgnoreRest Ignores all feature methods not carrying this annotation.
@IgnoreIf To ignore a feature method under certain conditions
- @FailsWith Expects a feature method to complete abruptly
- @Requires To execute a feature method under certain conditions
- @Stepwise executes features in the order that they are declared
- @Title and @Narrative To attach a natural-language name to a spec
- @Issue indicates that a feature or spec relates to one or more issues in an
external tracking system
- Many more and you can also create your own ones.
39. Brief introduction
- Groovy based testing and
specification framework
- Can test anything that runs inside the JVM
(even Java)
- Beautiful and highly expressive specification
language
- Compatible with most IDEs, build tools, and
continuous integration servers (JUnit runner)
40. Extra ball: Geb!
- Geb is a framework for automatization of
functional web testing. It is based on the
following technologies:
– Groovy Language (and it’s incredible with Spock)
– Selenium WebDriver
– JQuery CSS Content Selector
– Page Object Model
- We have to change add dependencies to our build.gradle:
testCompile 'org.gebish:geb-spock:0.10.0'
testCompile "org.seleniumhq.selenium:selenium-chrome-driver:2.43.1”
We have to configure our driver (automated browser) in
src/test/resources/GebConfig.groovy
41. Extra ball: Geb!
Create a simple driver configuration & download the driver
(src/test/resources/GebConfig.groovy)
42. Extra ball: Geb!
Let’s perform a search for apock in memory-alpha.org
(org.startrek.challenges.n07.WebNavigationSpec.groovy)
44. Extra ball: Geb!
Let’s keep it simple an reusable! Functional Spec.
(org.startrek.solutions.n07.WebNavigationSpec2.groovy)
45. Extra ball: Geb!
Let’s keep it simple an reusable! Reusable Page Model.
(org.startrek.solutions.n07. MemoryAlphaPage.groovy and
org.startrek.solutions.n07. MemoryAlphaResultsPage.groovy )